Comma in user dn cause authentication failure. #89
Description
-
If there's a comma in the user DN, the ldap authentication call fails
-
user DN is of the form ' cn=ray\,rex,dc=example,dc=com'
-
group attribute is the form
member : cn=ray\,rex,dc=example,dc=com
-
The program used to test is :
var LdapAuth = require("ldapauth-fork")
const fs = require('fs');
var ldap = new LdapAuth({
url: 'ldap://localhost:10389',
searchBase: 'dc=example,dc=com',
searchFilter: '(uid={{username}})',
groupSearchBase: 'dc=example,dc=com',
groupSearchFilter:'(&(objectclass=*)(member={{dn}}))',
groupSearchScope: 'sub',
groupSearchAttributes: 'cn',
reconnect: false
});
ldap.authenticate('ray', 'password', function(err, user) {
if (err) {
console.log("Authentication error: " + err);
throw err;
return process.exit(2);
}
else
{
console.log("Successful Authentication");
roles = user._groups.map(element => {
return "["+element['dn']+"]"
})
console.log('Successfully authenticated ldap groups dn: ' + roles)
return process.exit(0);
}
});
- Error reported
PS C:\AJAY_WORK\APAR\ACELDAP\ldappgm> node .\ldaptest2.js
Authentication error: LoopDetectError: LOOP_DETECT: failed for MessageType : SEARCH_REQUEST
Message ID : 2
SearchRequest
baseDn : 'dc=example, dc=com'
filter : '(&(objectClass=*)(member=cn=ray,rex,dc=example,dc=com))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 10
Deref Aliases : never Deref Aliases
attributes : 'cn'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@35551da: java.lang.IllegalArgumentException: ERR_13247_INVALID_VALUE_CANT_NORMALIZE Invalid upValue, it cant be normalized
C:\AJAY_WORK\APAR\ACELDAP\ldappgm\ldaptest2.js:18
throw err;
^
LDAPError [LoopDetectError]: LOOP_DETECT: failed for MessageType : SEARCH_REQUEST
Message ID : 2
SearchRequest
baseDn : 'dc=example, dc=com'
filter : '(&(objectClass=)(member=cn=ray,rex,dc=example,dc=com))'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : 10
Deref Aliases : never Deref Aliases
attributes : 'cn'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@35551da: java.lang.IllegalArgumentException: ERR_13247_INVALID_VALUE_CANT_NORMALIZE Invalid upValue, it cant be normalized
at messageCallback (C:\AJAY_WORK\APAR\ACELDAP\ldappgm\node_modules\ldapauth-fork\node_modules\ldapjs\lib\client\client.js:1419:45)
at Parser.onMessage (C:\AJAY_WORK\APAR\ACELDAP\ldappgm\node_modules\ldapauth-fork\node_modules\ldapjs\lib\client\client.js:1089:14)
at Parser.emit (events.js:310:20)
at Parser.write (C:\AJAY_WORK\APAR\ACELDAP\ldappgm\node_modules\ldapauth-fork\node_modules\ldapjs\lib\messages\parser.js:111:8)
at Socket.onData (C:\AJAY_WORK\APAR\ACELDAP\ldappgm\node_modules\ldapauth-fork\node_modules\ldapjs\lib\client\client.js:1076:22)
at Socket.emit (events.js:310:20)
at addChunk (_stream_readable.js:286:12)
at readableAddChunk (_stream_readable.js:268:9)
at Socket.Readable.push (_stream_readable.js:209:10)
at TCP.onStreamRead (internal/stream_base_commons.js:186:23) {
lde_message: 'LOOP_DETECT: failed for MessageType : SEARCH_REQUEST\n' +
'Message ID : 2\n' +
' SearchRequest\n' +
" baseDn : 'dc=example, dc=com'\n" +
" filter : '(&(objectClass=)(member=cn=ray,rex,dc=example,dc=com))'\n" +
' scope : whole subtree\n' +
' typesOnly : false\n' +
' Size Limit : no limit\n' +
' Time Limit : 10\n' +
' Deref Aliases : never Deref Aliases\n' +
" attributes : 'cn'\n" +
'org.apache.directory.api.ldap.model.message.SearchRequestImpl@35551da: java.lang.IllegalArgumentException: ERR_13247_INVALID_VALUE_CANT_NORMALIZE Invalid
upValue, it cant be normalized',
lde_dn: null
}