New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix crash when LDAP server is unreachable #697
Conversation
@@ -271,6 +267,15 @@ function ldapAuth(client, user, password, callback) { | |||
var userDN = user.replace(/([,\\\/#+<>;"= ])/g, "\\$1"); | |||
var bindDN = Helper.config.ldap.primaryKey + "=" + userDN + "," + Helper.config.ldap.baseDN; | |||
|
|||
var ldapclient = ldap.createClient({ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should only be attempted if config.ldap is true (or, in this case, if authFunction === ldapAuth
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But that's already in the ldapAuth
function, shouldn't that be enough?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from what I can tell, createClient() will be called regardless if LDAP is enabled; that's why it was in the if statement before
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
createClient
resides in ldapAuth
function which is not called if LDAP is not enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As @xPaw said, the createClient is only called when using ldapAuth which is in-turn only called when LDAP is enabled.
Should the client be torn down after performing |
@xPaw Good catch, it should be torn down. Strangely there is no way to do this in a documented way :/ I think maybe I should call https://github.com/mcavage/node-ldapjs/blob/master/lib/client/client.js#L974 directly. The "unbind" method does not destroy the socket - https://github.com/mcavage/node-ldapjs/blob/master/lib/client/client.js#L852 (for reference: http://ldapjs.org/client.html has no information on how to close the connection) It does seem that 'error' atleast destroys the socket https://github.com/mcavage/node-ldapjs/blob/master/lib/client/client.js#L929. |
I have submitted a PR to ldapjs (ldapjs/node-ldapjs#393) to fix their docs. On further reading of the code, looks like unbind() is the way to go and not destroy() |
400ea2a
to
09f2d06
Compare
Thanks @gramakri for fixing the issue. It works perfectly! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Can't test because I don't have my LDAP VM anymore, but the code makes sense.
Fix crash when LDAP server is unreachable
Hey @gramakri, we have sticker packs for our contributors now! |
Fixes #667