node.jsexpressldapjs

LDAP authentication using ldapjs in nodejs


Am a newbie to node.js, have somewhat figured out the LDAP authentication. Here am trying to retrieve employee ID from the search but none of the search entries are fetched though the passed credentials are bounded successfully , not sure where i'm mislead. If someone could help me out in it would be of a great help!

Below are the result sets of the code snippet:

Reader bind succeeded Search results length: 0 Search retval:{"messageID":2,"protocolOp":"LDAPResult","status":0,"matchedDN":"","errorMessage":"","referrals":[],"controls":[]} No unique user to bind

ldapRoute.route('/ldap').post((req, res, next) => {	

	var result = "";
	 
	var email =req.body.email;

	var client = ldap.createClient({
        url: 'ldap://******'
	});

	var opts = {
		filter: '(sAMAccountName='+ email + ')',
		attributes: ['sAMAccountName']
		};
		
        
var username = 'ii' + "\\" + email;
	
client.bind(username, req.body.password, function(err) {
    if (err){
		result += "Reader bind failed " + err;
    res.send(result);
    return;
	
	}
	else{
    
    result += "Reader bind succeeded\n";
	}
	
	client.search('OU=emp,dc=i,dc=ac,dc=com', opts, function(err, searchRes) {
		
	var searchList = []

	if (err) {
    result += "Search failed " + err;
    res.send(result);
    return;
	}
	
searchRes.on("searchEntry", (entry) => {
    result += "Found entry: " + entry + "\n";
    searchList.push(entry);
	
	});
	
searchRes.on("error", (err) => {
    result += "Search failed with " + err;
    res.send(result);
	
	});
	
searchRes.on("end", (retVal) => {
    result += "Search results length: " + searchList.length + "\n";
    for(var i=0; i<searchList.length; i++)
    result += "DN:" + searchList[i].employeeID + "\n";
    result += "Search retval:" + retVal + "\n";
	
  if (searchList.length == 1)   {
    client.bind(searchList[0].employeeID, req.body.password, function(err) {
      if (err)
         result += "Bind with real credential error: " + err;
      else
        result += "Bind with real credential is a success";
		
		   res.send(result);
		});  // client.bind (real credential)
		
		} else { 
                        result += "No unique user to bind";
                        res.send(result);
                    }

         });  

		});  

 }); 

});


Solution

  • The issue was in the filters and for some strange reasons the 'end' got fired before hitting the 'searchEntry', debugging it helped me to resolve the issue.

    //Filter
    var opts = {
     filter: '(sAMAccountName=' + email+')',
     scope: 'sub',
     attributes: ['employeeID']
     }; 
    
    //Search
    client.search('OU=empl,dc=ii,dc=ac,dc=in', opts, function(err, searchRes) 
    {
       if (err) 
     {   
       result += "Search failed " + err;    
       res.send(result); 
       return;
     }else{
    searchRes.on("searchEntry", (entry) => 
     {
       result += "Found entry: " + entry.object.employeeID;
       res.send(result);
     }
     / ........../
    } });