From 085e3a31af2a77edb157a327346f89e3aca1371c Mon Sep 17 00:00:00 2001
From: Aiden Foxx <aiden.foxx.mail@gmail.com>
Date: Fri, 5 Nov 2021 15:06:39 +0100
Subject: [PATCH 1/2] Added edge case handling for weird IBM ldap issues

---
 api/src/auth/drivers/ldap.ts              | 9 +++++++++
 api/src/exceptions/index.ts               | 1 +
 api/src/exceptions/unexpected-response.ts | 7 +++++++
 3 files changed, 17 insertions(+)
 create mode 100644 api/src/exceptions/unexpected-response.ts

diff --git a/api/src/auth/drivers/ldap.ts b/api/src/auth/drivers/ldap.ts
index 63f0bfe31f207..77633057f9ff8 100644
--- a/api/src/auth/drivers/ldap.ts
+++ b/api/src/auth/drivers/ldap.ts
@@ -4,6 +4,7 @@ import ldap, {
 	Error,
 	SearchCallbackResponse,
 	SearchEntry,
+	LDAPResult,
 	InappropriateAuthenticationError,
 	InvalidCredentialsError,
 	InsufficientAccessRightsError,
@@ -18,6 +19,7 @@ import {
 	InvalidPayloadException,
 	ServiceUnavailableException,
 	InvalidConfigException,
+	UnexpectedResponseException,
 } from '../../exceptions';
 import { AuthenticationService, UsersService } from '../../services';
 import asyncHandler from '../../utils/async-handler';
@@ -97,6 +99,13 @@ export class LDAPAuthDriver extends AuthDriver {
 						}
 					});
 				});
+
+				res.on('end', (result: LDAPResult | null) => {
+					if (result?.status === 0) {
+						// Handle edge case with IBM systems where authenticated bind user could not fetch their DN
+						reject(new UnexpectedResponseException('Failed to find bind user record'));
+					}
+				});
 			});
 		});
 	}
diff --git a/api/src/exceptions/index.ts b/api/src/exceptions/index.ts
index 5d5f255707aba..d66940192b2a6 100644
--- a/api/src/exceptions/index.ts
+++ b/api/src/exceptions/index.ts
@@ -14,3 +14,4 @@ export * from './route-not-found';
 export * from './service-unavailable';
 export * from './unprocessable-entity';
 export * from './user-suspended';
+export * from './unexpected-response';
diff --git a/api/src/exceptions/unexpected-response.ts b/api/src/exceptions/unexpected-response.ts
new file mode 100644
index 0000000000000..6ac13a810a944
--- /dev/null
+++ b/api/src/exceptions/unexpected-response.ts
@@ -0,0 +1,7 @@
+import { BaseException } from '@directus/shared/exceptions';
+
+export class UnexpectedResponseException extends BaseException {
+	constructor(message: string) {
+		super(message, 500, 'UNEXPECTED_RESPONSE');
+	}
+}

From 08035e0d3163e9afdd187ff7745904e3eaa6e3d8 Mon Sep 17 00:00:00 2001
From: Aiden Foxx <aiden.foxx.mail@gmail.com>
Date: Sat, 6 Nov 2021 21:50:13 +0100
Subject: [PATCH 2/2] Update api/src/exceptions/unexpected-response.ts

---
 api/src/exceptions/unexpected-response.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/exceptions/unexpected-response.ts b/api/src/exceptions/unexpected-response.ts
index 6ac13a810a944..ff7ba28b1640d 100644
--- a/api/src/exceptions/unexpected-response.ts
+++ b/api/src/exceptions/unexpected-response.ts
@@ -2,6 +2,6 @@ import { BaseException } from '@directus/shared/exceptions';
 
 export class UnexpectedResponseException extends BaseException {
 	constructor(message: string) {
-		super(message, 500, 'UNEXPECTED_RESPONSE');
+		super(message, 503, 'UNEXPECTED_RESPONSE');
 	}
 }