Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix crash when LDAP server is unreachable #697

Merged
merged 1 commit into from Oct 23, 2016
Merged

Fix crash when LDAP server is unreachable #697

merged 1 commit into from Oct 23, 2016

Conversation

gramakri
Copy link
Contributor

Fixes #667

MaxLeiter
MaxLeiter reviewed Oct 16, 2016
View reviewed changes
src/server.js
@@ -271,6 +267,15 @@ function ldapAuth(client, user, password, callback) {
var userDN = user.replace(/([,\\\/#+<>;"= ])/g, "\\$1");
var bindDN = Helper.config.ldap.primaryKey + "=" + userDN + "," + Helper.config.ldap.baseDN;

var ldapclient = ldap.createClient({
Copy link
Member

@MaxLeiter MaxLeiter Oct 16, 2016
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should only be attempted if config.ldap is true (or, in this case, if authFunction === ldapAuth)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But that's already in the ldapAuth function, shouldn't that be enough?

Copy link
Member

@MaxLeiter MaxLeiter Oct 16, 2016
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from what I can tell, createClient() will be called regardless if LDAP is enabled; that's why it was in the if statement before

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

createClient resides in ldapAuth function which is not called if LDAP is not enabled.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As @xPaw said, the createClient is only called when using ldapAuth which is in-turn only called when LDAP is enabled.

@xPaw
Copy link
Member

xPaw commented Oct 16, 2016

Should the client be torn down after performing bind? Pretty sure calling createClient multiple times would leave multiple clients hanging.

@gramakri
Copy link
Contributor Author

gramakri commented Oct 16, 2016
edited

@xPaw Good catch, it should be torn down. Strangely there is no way to do this in a documented way :/ I think maybe I should call https://github.com/mcavage/node-ldapjs/blob/master/lib/client/client.js#L974 directly. The "unbind" method does not destroy the socket - https://github.com/mcavage/node-ldapjs/blob/master/lib/client/client.js#L852 (for reference: http://ldapjs.org/client.html has no information on how to close the connection)

It does seem that 'error' atleast destroys the socket https://github.com/mcavage/node-ldapjs/blob/master/lib/client/client.js#L929.

@gramakri
Copy link
Contributor Author

I have submitted a PR to ldapjs (ldapjs/node-ldapjs#393) to fix their docs. On further reading of the code, looks like unbind() is the way to go and not destroy()

@darshan-talati
Copy link

Thanks @gramakri for fixing the issue. It works perfectly!

maxpoulin64
maxpoulin64 approved these changes Oct 22, 2016
View reviewed changes
Copy link
Member

@maxpoulin64 maxpoulin64 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Can't test because I don't have my LDAP VM anymore, but the code makes sense.

@maxpoulin64 maxpoulin64 added Type: Bug Issues that report and PRs that solve any defects that cause unexpected behaviors. second review needed labels Oct 22, 2016
@astorije astorije merged commit 8ec6d96 into thelounge:master Oct 23, 2016
@astorije astorije added this to the 2.2.0 milestone Oct 23, 2016
@astorije astorije self-assigned this Oct 23, 2016
matburnham pushed a commit to matburnham/lounge that referenced this pull request Sep 6, 2017
@astorije
Merge pull request thelounge#697 from cloudron-io/ldap_crashfix
e488640 
Fix crash when LDAP server is unreachable
@astorije
Copy link
Member

Hey @gramakri, we have sticker packs for our contributors now!
If you're interested, you can fill the form at https://goo.gl/forms/f5usqAEp5DWoeXC92 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xPaw xPaw xPaw left review comments

@astorije astorije astorije approved these changes

@maxpoulin64 maxpoulin64 maxpoulin64 approved these changes

@MaxLeiter MaxLeiter MaxLeiter approved these changes

Assignees

@astorije astorije

Labels
Type: Bug Issues that report and PRs that solve any defects that cause unexpected behaviors.
Projects
None yet
Milestone
2.2.0
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@gramakri @xPaw @darshan-talati @astorije @maxpoulin64 @MaxLeiter