From 63ade9b42f249d061d62ff303de16d6f8785c4c1 Mon Sep 17 00:00:00 2001
From: Aiden Foxx <aiden.foxx.mail@gmail.com>
Date: Fri, 10 Dec 2021 21:07:31 +0100
Subject: [PATCH] Added edge case handling for weird IBM ldap issues (#9527)

* Added edge case handling for weird IBM ldap issues

* Update api/src/exceptions/unexpected-response.ts
---
 api/src/auth/drivers/ldap.ts              | 9 +++++++++
 api/src/exceptions/index.ts               | 1 +
 api/src/exceptions/unexpected-response.ts | 7 +++++++
 3 files changed, 17 insertions(+)
 create mode 100644 api/src/exceptions/unexpected-response.ts

diff --git a/api/src/auth/drivers/ldap.ts b/api/src/auth/drivers/ldap.ts
index 6b8a457bc5cd5..3afb355a76041 100644
--- a/api/src/auth/drivers/ldap.ts
+++ b/api/src/auth/drivers/ldap.ts
@@ -5,6 +5,7 @@ import ldap, {
 	EqualityFilter,
 	SearchCallbackResponse,
 	SearchEntry,
+	LDAPResult,
 	InappropriateAuthenticationError,
 	InvalidCredentialsError,
 	InsufficientAccessRightsError,
@@ -19,6 +20,7 @@ import {
 	InvalidPayloadException,
 	ServiceUnavailableException,
 	InvalidConfigException,
+	UnexpectedResponseException,
 } from '../../exceptions';
 import { AuthenticationService, UsersService } from '../../services';
 import asyncHandler from '../../utils/async-handler';
@@ -98,6 +100,13 @@ export class LDAPAuthDriver extends AuthDriver {
 						}
 					});
 				});
+
+				res.on('end', (result: LDAPResult | null) => {
+					if (result?.status === 0) {
+						// Handle edge case with IBM systems where authenticated bind user could not fetch their DN
+						reject(new UnexpectedResponseException('Failed to find bind user record'));
+					}
+				});
 			});
 		});
 	}
diff --git a/api/src/exceptions/index.ts b/api/src/exceptions/index.ts
index 2903ec4728a1d..3e4840805477e 100644
--- a/api/src/exceptions/index.ts
+++ b/api/src/exceptions/index.ts
@@ -15,3 +15,4 @@ export * from './route-not-found';
 export * from './service-unavailable';
 export * from './unprocessable-entity';
 export * from './user-suspended';
+export * from './unexpected-response';
diff --git a/api/src/exceptions/unexpected-response.ts b/api/src/exceptions/unexpected-response.ts
new file mode 100644
index 0000000000000..ff7ba28b1640d
--- /dev/null
+++ b/api/src/exceptions/unexpected-response.ts
@@ -0,0 +1,7 @@
+import { BaseException } from '@directus/shared/exceptions';
+
+export class UnexpectedResponseException extends BaseException {
+	constructor(message: string) {
+		super(message, 503, 'UNEXPECTED_RESPONSE');
+	}
+}