If i correctly understand the API code bellow should return logonHours for found entry in AD when i use other tools for searching AD i can get it, but when using ldapjs i just got undefined. Same thing with other binary fields like thumbnailPhoto or jpegPhoto. Other fields like 'name' or so works good.

client.search('o=example', opts, function(err, res) {
res.on('searchEntry', function(entry) {
console.log(entry.object.logonHours);
});
});

If you create a DN based on an empty string then the equals method returns true when comparing against any single attribute DN.

var ldap = require('ldapjs');
var dn = new ldap.parseDN('');

// the following all output true
console.log(dn.equals('cn=root'));
console.log(dn.equals('cn=foo'));
console.log(dn.equals('ou=bar'));

Hi,

i have a option used with my search like:

var opts = {
filter: '(&(objectClass=person)(samaccountname=testy.dev))',
scope: 'sub'
};

with ldapsearch i'm able to run this query without problem. One version before i was able as well.

backend: Active Directory
version libjs 0,1.3

backtrace:

https://gist.github.com/1228649

test code:

https://gist.github.com/1228656

Hi,

I (and I suspect quite a few) would be very interested to use the server part as a way to access a contact database/CRM and query it from legacy mail clients.

Have you been able to access your server from outlook and do you have an example of what param to return to fill the name+email?

X+

Hi Mark,

when using a client instance of the Client API, it is possible to get a "Socket is not writable" error. This seems to occur if I don't use my client object for a long time, in my tests circa 30 minutes.

I've written a little test snippet to reproduce the error. It creates a set of test clients which were used just after some time delay.

var ldap = require('ldapjs'), assert = require('assert'), util = require('util');

var clients = [], testcases = 20;
var timediff = 1000*60*10; // 30 minutes

util.log("Test started.");
/* Generate test clients */
for (var i = 0; i < testcases; i++) { clients[i] = ldap.createClient({  url: 'ldap://yourldap.com:389' }); }

/* Run tests */
clients.forEach(function(client, ix) {
    setTimeout(function() {
        util.log("Query!");
        client.search('o=yours', { scope: 'sub', filter: '(uid=fnogatz)' }, function(err, res) {
            assert.ifError(err);
            res.on('searchEntry', function(entry) {
                // ignore
            });
            res.on('end', function(result) {
                util.log("Success");
            });
            res.on('error', function(err) {
                util.log("Error: "+err);
            });         
        });     
    }, ix*timediff);
});

For me this results in the following error after 30 minutes:

23 Sep 12:27:42 - Test started.
23 Sep 12:27:42 - Query!
23 Sep 12:27:42 - Success
23 Sep 12:37:42 - Query!
23 Sep 12:37:42 - Success
23 Sep 12:47:42 - Query!
23 Sep 12:47:42 - Success
23 Sep 12:57:42 - Query!

net.js:391
    throw new Error('Socket is not writable');
          ^
Error: Socket is not writable
    at Socket._writeOut (net.js:391:11)
    at Socket.write (net.js:377:17)
    at Client._send (/tmp/node_modules/ldapjs/lib/client.js:665:15)
    at Client.search (/tmp/node_modules/ldapjs/lib/client.js:585:8)
    at Object._onTimeout (/tmp/ldapserver/test.js:14:10)
    at Timer.callback (timers.js:83:39)

The test has been run with version 0.1.4, the error is thrown by this line:

return conn.write(message.toBer(), (expect === 'unbind' ? function() {

Maybe it's possible to avoid this behavior by checking if one is still connected or so.

Greetings from Germany,
Falco

Alright heres my problem. I have an attribute with multiple string values. Each string says basically "this user is associated with group X as an owner" (or member, 2 different roles). So to make a member an owner, I need to remove 1 value from the attribute, and add in another.
To make the problem interesting, we have edirectory drivers attached to the tree that event off of changes to the attribute. So if I were to remove all the values and re-add all the values minus the one I wanted to remove, our driver would try to remove the user from every group then re-add them to every group.
So what I need is a way to remove 1 value from an attribute. From the Client API's description of modify, i cannot remove just 1 value, I have to clear out the attribute completely.
From page 31 of the ldap RFC (4511):
" delete: delete values listed from the modification attribute.
If no values are listed, or if all current values of the
attribute are listed, the entire attribute is removed.
"
it looks like it should take an array of values to delete.

In working on a client using active directory as the ldap server, whenever I use a not equal filter I get no replies. As an example if the filter is "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" to give me all non-disabled accounts, I get no responses.

The parser properly parses the filter and does create a not filter instance, but something (and it may be in the ber serialization) goes horribly wrong and no results are returned, yet the same query works fine with ldapsearch

I apologize for the vauge report but I spent the last few hours stepping through the code and everthing to the point of toBer looks good. A quick and dirty diff of packet capture show differences between this and (As example) the same search with ldapsearch

I noticed that the client converts all attribute names in search responses to lower case. I think it would be nice to be able to know how the server sent the attribute names, for example to improve the accuracy of a proxy server.

If an incoming search request has * as the only attribute, the server filter out all attributes from outgoing responses.

I think it should treat that case as if no attributes had been requested.

Although LDAP_REQ_ABANDON is defined in lib/protocol.js it seems to be not handled yet.

I'm seeing this error message when receiving a 0x50 LDAP op:

2011-11-01 08:05:45Z ERROR - Server: Exception happened parsing for 172.16.232.132:42316: Error: protocolOp 0x50 not supported
    at Parser._newMessage (/Users/benjixx/src/node_modules/ldapjs/lib/messages/parser.js:228:13)
    at Parser.write (/Users/benjixx/src/node_modules/ldapjs/lib/messages/parser.js:85:17)
    at Socket.<anonymous> (/Users/benjixx/src/node_modules/ldapjs/lib/server.js:395:16)
    at Socket.emit (events.js:64:17)
    at Socket._onReadable (net.js:678:14)
    at IOWatcher.onReadable [as callback] (net.js:177:10)

I am getting an exception when doing a simple lookup. This is using the Java LdapTemplate provided by spring. The code look like this:

ldapTemplate.lookup("uid=julien,dc=foo,dc=com")

The fix can be to add
if (!value) value = "";
in the index.js on line 47

I am not sure if it's a problem with the Java implementation or ldapjs itself.

Regards,

Julien

When I tried to upgrade recently I ran into an issue with my filter. I tried to chase it down a bit and found that the contructor of the NotFilter expects an options object which the callee in filters/index.js in serializeTree(tree, filter) line 267 does not provide.

The filter option I am using is
filter: '(&(objectClass=person)(!(objectClass=shadowAccount)))'

The stacktrace is
2012-01-24 14:37:30Z TRACE - Client: ldap.eye:11 error event=TypeError: options (object) required
at new NotFilter (/Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/filters/not_filter.js:16:11)
at serializeTree (/Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/filters/index.js:267:17)
at /Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/filters/index.js:274:9
at Array.forEach (native)
at serializeTree (/Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/filters/index.js:273:21)
at _parseString (/Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/filters/index.js:341:3)
at Object.parseString (/Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/filters/index.js:471:12)
at Client.search (/Users/cwo/Node-Play/check-in/node_modules/ldapjs/lib/client.js:627:30)
at Client. (/Users/cwo/Node-Play/check-in/server.js:146:16)
at Client.emit (events.js:64:17)

I hope this helps to improve it even further as ldapjs is awesome ;)

Regards,
Carsten

I'm going to start off by saying that I'm not LDAP expert so this may be user error, if so please advise.

I've been using other libraries (https://github.com/jeremycx/node-LDAP) for LDAP authentication but due to various issues with them would like to move away from them. Anyways, the binding in that would allow me to provide the users network login information (which is in the LDAP as sAMAccountName) in a method of binding. I'd pretty much call it like

client.SimpleBind("Username", "Password", function (success) { ... })

Anyways, the bind method here requires me to provide a DN in the first variable, which I'm not sure what to provide. I've tried it without the "DN=" and that doesn't work. The following does not work either.

client.bind('sAMAccountName=Username', 'Password', function(err) {
   assert.ifError(err);
});

For what it's worth, using tools like JXplorer I can connect using Username/Password without specifying a DN and it works. When I search for the Username it will bring it up by matching the sAMSAccountName.

See:

https://github.com/mcavage/node-ldapjs/blob/v0.4/lib/client.js#L835

I am still trying to trace why querying ActiveDirectory 2008 is returning filter errors, but I noticed that the handlers for end, close, error and timeout call

c.connect();

Socket.connect() seems to be undefined when called with no parameters. Might need one helper function that always calls connect() and figures out whether it is a port,host or socketPath from createClient and always call connect the same way.

Not sure if you have seen this error or not. It ends in the EAFNOSUPPORT anytime Socket.connect() is called with something it does not like.

Node: v0.4.11
ldapjs: 0.1.1

2011-08-31 04:03:25Z DEBUG - Client: 192.168.4.65: sending request: {"messageID":1,"protocolOp":"BindRequest","version":3,"name":{"rdns":[{"CN":"Search User"},{"CN":"Users"},{"DC":"carefx"},{"DC":"local"}],"length":4},"authenticationType":"Simple","credentials":"password","controls":[]}
2011-08-31 04:03:25Z DEBUG - Client: 192.168.4.65:undefined: response received: {"messageID":1,"protocolOp":"LDAPResult","status":0,"matchedDN":"","errorMessage":"","referrals":[],"controls":[]}
2011-08-31 04:03:25Z DEBUG - Client: 192.168.4.65:undefined: sending request: {"messageID":2,"protocolOp":"SearchRequest","baseObject":{"rdns":[{"ou":"SBSUsers"},{"ou":"Users"},{"ou":"MyBusiness"},{"DC":"carefx"},{"DC":"local"}],"length":5},"scope":"base","derefAliases":0,"sizeLimit":0,"timeLimit":10,"typesOnly":false,"filter":"(objectclass=*)","attributes":[],"controls":[]}
2011-08-31 04:03:25Z ERROR - Client: 192.168.4.65:undefined: received unsolicited message: {"messageID":0,"protocolOp":"LDAPResult","status":2,"matchedDN":"","errorMessage":"00000057: LdapErr: DSID-0C0C0B58, comment: The server was unable to decode a search request attribute description list, the filter may have been invalid, data 0, v1771\u0000","referrals":[],"responseName":"1.3.6.1.4.1.1466.20036","controls":[]}
2011-08-31 04:03:25Z WARN - Client: 192.168.4.65:undefined unexpected connection error Error: EAFNOSUPPORT, Address family not supported by protocol family

node.js:134
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: EAFNOSUPPORT, Address family not supported by protocol family
at doConnect (net.js:555:5)
at Socket.connect (net.js:715:5)
at Socket. (/usr/local/lib/node_modules/ldapjs/lib/client.js:180:11)
at Socket.emit (events.js:64:17)
at Array. (net.js:837:12)
at EventEmitter._tickCallback (node.js:126:26)

It's weird, I can use multiple cn and display them via ldapsearch, but I can't filter them.

Here is a first step to solve this : https://github.com/athoune/node-ldapjs/commit/ef043af1d432c63605727fef52f3d8790cf55176

If you like this patch, I can extend it to the other filters.

Hi Mark,

nothing special: in the documentation of the Server API you still have server.delete() instead of server.del() for the del operation's example.

Here's what I get using node v0.6:

dap@devel ldapjs $ npm install ldapjs

> [email protected] preinstall /home/dap/ldapjs/node_modules/ldapjs/node_modules/buffertools
> ./build-wrapper


> [email protected] install /home/dap/ldapjs/node_modules/ldapjs/node_modules/dtrace-provider
> node-waf configure build

Traceback (most recent call last):
 File "/home/dap/node/tools/node-waf", line 14, in ?
   import Scripting
ImportError: No module named Scripting```

It works fine with node v0.4.12.

I have this code:

 var server = ldap.createClient({
   url: config.ufds.url
 });

 try {
 server.bind(config.ldap.rootDn, config.ldap.password, function(err) {
   if (err) {
     console.log("XXX error binding to LDAP", err)
     return callback(err);
   }
   console.log("XXX here")
   var app;
   try {
     app = new App(config, server, log);
   } catch(err) {
     return callback(err);
   }
   return callback(null, app);
 });
 } catch(e) {
   console.log("XXX boom:", e)
 }

... and I don't have a LDAP server running at the configured url. The undesired result is that my callback to bind returns before there is a connection. Either my app hangs there or exits quickly.

Digging through ldapjs' client.js a bit (ldapjs version 0.4.8, the latest), it looks like:

• creating the client results in attempt to connect right away: https://github.com/mcavage/node-ldapjs/blob/master/lib/client.js#L147 This sits waiting for the timeout.
• The I do a bind attempt... which attempts a Client.connect ... which returns right away because this.connection is set ... which then attempts a BindRequest (https://github.com/mcavage/node-ldapjs/blob/master/lib/client.js#L238)

... after which I'm not really sure what is happening.

Naively I'd say the automatic attempt to connect in the Client constructor should be removed.

https://github.com/mcavage/node-ldapjs/blob/master/lib/client.js#L237

The callback should watch for the error.

If you send an extension request to the server, but use a DN from one of the other routes (rather than a OID), the server crashes with an AssertionError which seems to be triggered by a ReferenceError.

The following code demonstrates this

var ldap = require('ldapjs');

var server = ldap.createServer();

server.bind('cn=root', function(req, res, next) {
  if (req.dn.toString() !== 'cn=root' || req.credentials !== 'secret')
    return next(new ldap.InvalidCredentialsError());

  res.end();
  return next();
});

server.listen(389, function() {
  console.log('LDAP server up at: %s', server.url);

  var client = ldap.createClient({
    url: 'ldap://127.0.0.1:389'
  });

  client.exop('cn=root', function(err, value, res) {});
});

Here's the stack trace

2011-09-23 13:39:12Z ERROR - Server: Exception happened parsing for 127.0.0.1:51483: ReferenceError: defaultExopHandler is not defined
    at Server._getHandlerChain (/node/node_modules/ldapjs/lib/server.js:736:35)
    at Parser.<anonymous> (/node/node_modules/ldapjs/lib/server.js:329:24)
    at Parser.emit (events.js:64:17)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:99:10)
    at Socket.<anonymous> (/node/node_modules/ldapjs/lib/server.js:390:16)
    at Socket.emit (events.js:64:17)
    at Socket._onReadable (net.js:678:14)
    at IOWatcher.onReadable [as callback] (net.js:177:10)

assert.js:93
  throw new assert.AssertionError({
        ^
AssertionError: true == null
    at getResponse (/node/node_modules/ldapjs/lib/server.js:73:10)
    at Parser.<anonymous> (/node/node_modules/ldapjs/lib/server.js:380:17)
    at Parser.emit (events.js:67:17)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:102:10)
    at Socket.<anonymous> (/node/node_modules/ldapjs/lib/server.js:390:16)
    at Socket.emit (events.js:64:17)
    at Socket._onReadable (net.js:678:14)
    at IOWatcher.onReadable [as callback] (net.js:177:10)

Obviously during normal operations you shouldn't be getting extension requests like this, but it would be easy for a malicious attacker to craft a request to crash your server.

I just upgraded to node v0.6.1 and I can't build ldapjs. I'm using Ubuntu packages from https://launchpad.net/~chris-lea/+archive/node.js/

bbigras@ubuntu:/home/bbigras/test/node_modules/ldapjs$ make
npm_config_tar=tar npm install --dev

> [email protected] preinstall /home/bbigras/test/node_modules/ldapjs/node_modules/buffertools
> ./build-wrapper


> [email protected] install /home/bbigras/test/node_modules/ldapjs/node_modules/dtrace-provider
> node-waf configure build

Setting srcdir to                        : /home/bbigras/test/node_modules/ldapjs/node_modules/buffertools
Setting blddir to                        : /home/bbigras/test/node_modules/ldapjs/node_modules/buffertools/build
Checking for program g++ or c++          : /usr/bin/g++
Checking for program cpp                 : /usr/bin/cpp
Checking for program ar                  : /usr/bin/ar
Checking for program ranlib              : /usr/bin/ranlib
Checking for g++                         : ok
Checking for node path                   : not found
Checking for node prefix                 : ok /usr
'configure' finished successfully (0.288s)
Waf: Entering directory `/home/bbigras/test/node_modules/ldapjs/node_modules/buffertools/build'
[1/2] cxx: buffertools.cc -> build/Release/buffertools_1.o
Checking for program g++ or c++          : /usr/bin/g++
../buffertools.cc:1:16: error: v8.h: No such file or directory
../buffertools.cc:2:18: error: node.h: No such file or directory
../buffertools.cc:3:25: error: node_buffer.h: No such file or directory
Checking for program cpp                 : /usr/bin/cpp
Checking for program ar                  : /usr/bin/ar
Checking for program ranlib              : /usr/bin/ranlib
Checking for g++                         : ok
Checking for node path                   : not found
Checking for node prefix                 : ok /usr
'configure' finished successfully (0.308s)
Waf: Entering directory `/home/bbigras/test/node_modules/ldapjs/node_modules/dtrace-provider/build'
[1/3] cxx: dtrace_provider.cc -> build/Release/dtrace_provider_1.o
[2/3] cxx: dtrace_dof.cc -> build/Release/dtrace_dof_1.o
In file included from ../dtrace_dof.cc:1:
../dtrace_provider.h:1:18: error: node.h: No such file or directory
../dtrace_provider.h:2:30: error: node_object_wrap.h: No such file or directory
../dtrace_provider.h:3:16: error: v8.h: No such file or directory
In file included from ../dtrace_provider.cc:1:
../dtrace_provider.h:1:18: error: node.h: No such file or directory
../dtrace_provider.h:2:30: error: node_object_wrap.h: No such file or directory
../dtrace_provider.h:3:16: error: v8.h: No such file or directory
Waf: Leaving directory `/home/bbigras/test/node_modules/ldapjs/node_modules/dtrace-provider/build'
Build failed:
 -> task failed (err #1):
        {task: cxx dtrace_dof.cc -> dtrace_dof_1.o}
 -> task failed (err #1):
        {task: cxx dtrace_provider.cc -> dtrace_provider_1.o}
npm ERR! error installing [email protected] Error: [email protected] install: `node-waf configure build`
npm ERR! error installing [email protected] `sh "-c" "node-waf configure build"` failed with 1
npm ERR! error installing [email protected]     at ChildProcess.<anonymous> (/usr/lib/node_modules/npm/lib/utils/exec.js:49:20)
npm ERR! error installing [email protected]     at ChildProcess.emit (events.js:70:17)
npm ERR! error installing [email protected]     at maybeExit (child_process.js:359:16)
npm ERR! error installing [email protected]     at Process.onexit (child_process.js:395:5)
npm ERR! [email protected] install: `node-waf configure build`
npm ERR! `sh "-c" "node-waf configure build"` failed with 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is most likely a problem with the dtrace-provider package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node-waf configure build
npm ERR! You can get their info via:
npm ERR!     npm owner ls dtrace-provider
npm ERR! There is likely additional logging output above.
npm ERR!
npm ERR! System Linux 2.6.32-35-generic-pae
npm ERR! command "node" "/usr/bin/npm" "install" "--dev"
npm ERR! cwd /home/bbigras/test/node_modules/ldapjs
npm ERR! node -v v0.6.1
npm ERR! npm -v 1.0.105
npm ERR! code ELIFECYCLE
../buffertools.cc:12: error: ‘v8’ is not a namespace-name
../buffertools.cc:12: error: expected namespace-name before ‘;’ token
../buffertools.cc:13: error: ‘node’ is not a namespace-name
../buffertools.cc:13: error: expected namespace-name before ‘;’ token
../buffertools.cc:19: error: ISO C++ forbids declaration of ‘Handle’ with no type
../buffertools.cc:19: error: expected ‘;’ before ‘<’ token
../buffertools.cc:21: error: ISO C++ forbids declaration of ‘Handle’ with no type
../buffertools.cc:21: error: expected ‘;’ before ‘<’ token
../buffertools.cc:342: error: expected ‘;’ at end of input
../buffertools.cc:342: error: expected ‘}’ at end of input
../buffertools.cc:342: error: expected unqualified-id at end of input
../buffertools.cc:342: error: expected ‘}’ at end of input
Waf: Leaving directory `/home/bbigras/test/node_modules/ldapjs/node_modules/buffertools/build'
Build failed:  -> task failed (err #1):
        {task: cxx buffertools.cc -> buffertools_1.o}
npm ERR! error installing [email protected] Error: [email protected] preinstall: `./build-wrapper`
npm ERR! error installing [email protected] `sh "-c" "./build-wrapper"` failed with 1
npm ERR! error installing [email protected]     at ChildProcess.<anonymous> (/usr/lib/node_modules/npm/lib/utils/exec.js:49:20)
npm ERR! error installing [email protected]     at ChildProcess.emit (events.js:70:17)
npm ERR! error installing [email protected]     at maybeExit (child_process.js:359:16)
npm ERR! error installing [email protected]     at Process.onexit (child_process.js:395:5)
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     /home/bbigras/test/node_modules/ldapjs/npm-debug.log
npm not ok
make: *** [node_modules/.ldapjs.npm.installed] Error 1

The ldapjs server will crash if it receives a request where the protocolOp id is not supported. Below is a stack trace of one such error.

Error: protocolOp 0x50 not supported
    at Parser._newMessage (/node/node_modules/ldapjs/lib/messages/parser.js:223:13)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:84:17)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:111:17)
    at Socket.<anonymous> (/node/node_modules/ldapjs/lib/server.js:390:16)
    at Socket.emit (events.js:64:17)
    at Socket._onReadable (net.js:678:14)
    at IOWatcher.onReadable [as callback] (net.js:177:10)
2011-09-26 18:10:58Z ERROR - Server: Exception happened parsing for 10.1.1.1:49094: TypeError: Cannot set property 'status' of null
    at Parser.<anonymous> (/node/node_modules/ldapjs/lib/server.js:382:18)
    at Parser.emit (events.js:67:17)
    at Parser._newMessage (/node/node_modules/ldapjs/lib/messages/parser.js:224:10)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:84:17)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:111:17)
    at Socket.<anonymous> (/node/node_modules/ldapjs/lib/server.js:390:16)
    at Socket.emit (events.js:64:17)
    at Socket._onReadable (net.js:678:14)
    at IOWatcher.onReadable [as callback] (net.js:177:10)

assert.js:93
  throw new assert.AssertionError({
        ^
AssertionError: true == null
    at getResponse (/node/node_modules/ldapjs/lib/server.js:73:10)
    at Parser.<anonymous> (/node/node_modules/ldapjs/lib/server.js:380:17)
    at Parser.emit (events.js:67:17)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:102:10)
    at Parser.write (/node/node_modules/ldapjs/lib/messages/parser.js:111:17)
    at Socket.<anonymous> (/node/node_modules/ldapjs/lib/server.js:390:16)
    at Socket.emit (events.js:64:17)
    at Socket._onReadable (net.js:678:14)
    at IOWatcher.onReadable [as callback] (net.js:177:10)

In case it's useful; these requests are being generated by my samba server when it's trying to look-up user account info.

Starting with "data: data1" and "medium: sms1" fields, I attempted to do one "replace" modify to change both to "data2" and "sms2" respectively. Only one of the fields was changed:

$ sdc-ldap search -b 'amoncontactname=trent, uuid=7b23ae63-37c9-420e-bb88-8d4bf5e30455, ou=customers, o=smartdc' 
dn: amoncontactname=trent, uuid=7b23ae63-37c9-420e-bb88-8d4bf5e30455, ou=customers, o=smartdc
amoncontactname: trent
data: data1
medium: sms1
objectclass: amoncontact

$ node modcontact.js

$ sdc-ldap search -b 'amoncontactname=trent, uuid=7b23ae63-37c9-420e-bb88-8d4bf5e30455, ou=customers, o=smartdc' 
dn: amoncontactname=trent, uuid=7b23ae63-37c9-420e-bb88-8d4bf5e30455, ou=customers, o=smartdc
amoncontactname: trent
data: data1
medium: sms2
objectclass: amoncontact

where the content of "modcontact.js" is:

var ldap = require('ldapjs');
var Change = ldap.Change;

var client = ldap.createClient({
  url: 'ldaps://10.88.88.50:636'
}); 

client.bind('cn=root', 'secret', function(err) {
  name = 'trent'
  var entry = {
    //amoncontactname: name,
    data: "data2",
    medium: "sms2"
    //objectclass: "amoncontact"
  };
  var change = new Change({
    operation: 'replace',
    modification: entry
  });
  var dn = "amoncontactname="+name+", uuid=7b23ae63-37c9-420e-bb88-8d4bf5e30455, ou=customers, o=smartdc"
  client.modify(dn, change, function(err) {
    if (err) console.warn("client.modify err: %s", err)
    client.unbind(function(err) {});
  });
});

Could be luser error, but I'm able to install other packages as well as 0.4.7 just fine. Tried to install 0.4.8 and got:

npm ERR! Error: EACCES, permission denied '/home/ozten/.npm/nopt/1.0.10/___package.npm'

Full Details:
https://gist.github.com/1885980

npm version 1.1.0-3
node v0.6.10

We are running Node 0.4.7, and when I try to install ldapjs via npm it says version 0.4.10 is required. On the website it is stated that ldapjs works for node.js version 0.4.x and 0.5.x. So I have two questions:
Which statement is correct?
Is this a real restriction or is it just untested with versions <0.4.10, and we could take a stab at using it with 0.4.7?

Cheers

Marc

When sending a search response, there is logic to filter out attributes that weren't requested by the client. However, it currently filters out attributes that differ only in case.

I think it should check something like self.attributes.indexOf(a.toLowerCase()) === -1.

 throw arguments[1]; // Unhandled 'error' event
         ^
 ReferenceError: c is not defined
     at /var/www/node_modules/ldapjs/lib/client.js:181:11
     at /var/www/node_modules/ldapjs/lib/client.js:231:12
     at /var/www/node_modules/ldapjs/lib/client.js:727:20
     at Parser.<anonymous> (/var/www/node_modules/ldapjs/lib/client.js:910:12)
     at Parser.emit (events.js:67:17)
     at Parser.write (/var/www/node_modules/ldapjs/lib/messages/parser.js:101:10)
     at Socket.<anonymous> (/var/www/node_modules/ldapjs/lib/client.js:897:14)
     at Socket.emit (events.js:67:17)
     at TCP.onread (net.js:327:14)

I looked real quick at https://github.com/mcavage/node-ldapjs/blob/master/lib/client.js#L158-188 and I don't see c defined in that scope.

I want to authenticate to a LDAP Server and If it is not possbiel to reach the server within a given timeout, i want to fallback to another, local auth mechanism.
For this it is neccessary to have a timeout config option and maybe a timeout event fired when timeout reached.

I'm using Ubuntu 11.10, and when I use ldapjs, there is always an error:

[Error: Cannot find module './DTraceProviderBindings']

How can I fix it? What can DTraceProvider do just in ldapjs?

Thanks a lot.

Hi,

as mentioned yesterday on twitter i want to write a flexible LDAP proxy with ldapjs, similar to the node-http-proxy. ldapjs has nearly everything I need with its Server and Client API.

What I'm currently missing is a wildcard operator. If I would know all search, bind, ... use cases it is possible to route them just to another LDAP server with the Client API. But as the proxy should be flexible, I think something like following should be the best:

server.all(preFunctions, function(req, res, next){ ... });

This would also be nice e.g. to log or cache all requests before accessing the chain. The request must include additional information like method and the tree.
Maybe something similar to the server.use(cb) function of connect would also be a way to make middleware possible.

Do you think something similar would be possible?

Greetings from Germany,
Falco

Just wondering if there is any plans to ever support GSSAPI for authentication

From @cwoelk:

Test code is:

var ldap = require('ldapjs');
var client = ldap.createClient({
  url: 'ldap://127.0.0.1:1389'
});
client.on('connect', function(connection) {
  console.log(connection);
})

I think this https://github.com/mcavage/node-ldapjs/blob/master/lib/client.js#L194-204 is a bug. The connect() callback will be called twice with the reconnect scenario. The second one should be in an 'else { ...}'

Hi,

I'm only interested of providing the autocomplete feature on thunderbird & outlook using a crm as a backend. I will not support all the advanced feature of ldap and the complex query language. I just want to get whatever the user typed in the address field, this is

outlook: (&(|(mail=xavier_)(cn=xavier_)(sn=xavier_)(givenname=xavier_)(displayname=xavier_)))
thunderbird: (|(cn=xavier_)(mail=xavier_)(sn=xavier_))

I've seen req.filter.json and req.filter.toString(). Both expose the query (obviously), I'm looking for something that would hide it and only return the string as typed, eg. return only "xavier*" ?

Was tempted to run a regex "=(.)" but I don't know enough about ldap syntax to know if it's safe, or if there is already a method in ldap.js that'd do that better.

Any suggestion?
X+

Currently if I create a route for ou=base, the router won't send it requests for OU=base, ou=Base, etc. I'd like some way to create a route that ignores case when comparing the request and route DNs.

I think most LDAP servers generally do case insensitive comparisons. It might make sense to make that the default in ldapjs. There could be a server-level 'case sensitive routes' option like in express to override that if needed.

Hi,

Not sure that's the right place and most probably the issue is that I have no experience in node. Trying to run your simple example

xavier@camus:/usr/src/ldapcivi$ node example.js

node.js:205
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: Cannot find module './build/default/buffertools.node'
at Function._resolveFilename (module.js:318:11)

So installing buffertools:

xavier@camus:/usr/src/ldapcivi$ npm install buffertools

[email protected] preinstall /usr/src/ldapcivi/node_modules/buffertools
node-waf configure build

Setting srcdir to : /usr/src/ldapcivi/node_modules/buffertools
Setting blddir to : /usr/src/ldapcivi/node_modules/buffertools/build
Checking for program g++ or c++ : /usr/bin/g++
Checking for program cpp : /usr/bin/cpp
Checking for program ar : /usr/bin/ar
Checking for program ranlib : /usr/bin/ranlib
Checking for g++ : ok
Checking for node path : ok /usr/local/lib/node
Checking for node prefix : ok /usr/local
'configure' finished successfully (0.042s)
Waf: Entering directory /usr/src/ldapcivi/node_modules/buffertools/build' [1/2] cxx: buffertools.cc -> build/Release/buffertools_1.o [2/2] cxx_link: build/Release/buffertools_1.o -> build/Release/buffertools.node Waf: Leaving directory/usr/src/ldapcivi/node_modules/buffertools/build'
'build' finished successfully (1.016s)
[email protected] ./node_modules/buffertools

But alas, same result. did try installing -g, same result.

xavier@camus:/usr/src/ldapcivi$ node example.js

node.js:205
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: Cannot find module './build/default/buffertools.node'
at Function._resolveFilename (module.js:318:11)
at Function._load (module.js:263:25)
at Module.require (module.js:341:17)
at require (module.js:352:17)
at Object. (/usr/src/ldapcivi/node_modules/ldapjs/node_modules/buffertools/buffertools.js:1:77)
at Module._compile (module.js:416:26)
at Object..js (module.js:434:10)
at Module.load (module.js:335:31)
at Function._load (module.js:294:12)
at Module.require (module.js:341:17)

What obvious step am I missing?

reading http://ldapjs.org/filters.html, I see at line 150:

syntactically invalid string). All filter objects in th</p>

Not sure what is supposed to go there, but something, I'm sure!

It would be great to have a dn parsing inside ldapjs core. Something that would translate:

o=Personal, ou=AddressBooks, dc=example, dc=com

To:

[ [ "o", "Personal" ], [ "ou", "AddressBooks" ], [ "dc", "example" ], [ "dc", "com" ] ]

Or something better, I can't remember now. This is not crucial but I think it will be used a lot by developers, I'm not sure this already exists. I'm not sure either if this is simple or if there are any escape codes for commas inside dn parts.

My example code:

var ldap = require('ldapjs');

var client = ldap.createClient({
  url: 'ldaps://10.88.88.50:636'
});

var opts;
opts = { 
  filter: '(login=*)',
  scope: 'sub'
};

client.bind('XXX', 'XXX', function(err) {
  client.search('o=smartdc', opts, function(err, res) {
    res.on('searchEntry', function(entry) {
      console.log('entry: ' + JSON.stringify(entry.object));
    });
    res.on('searchReference', function(referral) {
      console.log('referral: ' + referral.uris.join());
    });
    res.on('error', function(err) {
      console.error('error: ' + err.message);
    });
    res.on('end', function(result) {
      console.log('status: ' + result.status);
      client.unbind(function(err) {
        console.error('error in unbind:', err.message);
      });
    });
  });
});

Result of running that:

entry: {"dn":"uuid=930896af-bf8c-48d4-885c-6573a94b1853, ...
entry: {"dn":"uuid=e966936c-0667-11e1-89bb-6b7f6d694e75, ...
entry: {"dn":"uuid=7b23ae63-37c9-420e-bb88-8d4bf5e30455, ...
status: 0
error in unbind: 10.88.88.50 closed

Hey all, I'm trying to use a filter that has xml in a substring, but I keep getting the following error:

Error: Invalid filter: <c
at _filterStringToStack (/home/craigb/workspace/nodejs/webService/node_modules/ldapjs/lib/filters/index.js:79:15)
at _parseString (/home/craigb/workspace/nodejs/webService/node_modules/ldapjs/lib/filters/index.js:102:15)
at Object.parseString (/home/craigb/workspace/nodejs/webService/node_modules/ldapjs/lib/filters/index.js:337:12)
at Client.search (/home/craigb/workspace/nodejs/webService/node_modules/ldapjs/lib/client.js:608:30)
at /home/craigb/workspace/nodejs/webService/routes/index.js:40:10
at callbacks (/home/craigb/Desktop/node_modules/express/lib/router/index.js:272:11)
at param (/home/craigb/Desktop/node_modules/express/lib/router/index.js:246:11)
at pass (/home/craigb/Desktop/node_modules/express/lib/router/index.js:253:5)
at Router._dispatch (/home/craigb/Desktop/node_modules/express/lib/router/index.js:280:4)
at Object.handle (/home/craigb/Desktop/node_modules/express/lib/router/index.js:45:10)

And here's my code:

var opts = {
filter: "&(CentralUIEnrollments="+groupName+"*)(objectClass=User)",
scope: "sub"
};

client.search("o=central",opts, function(err,res){
...
});

I've also tried putting single quotes around the xml substring I'm looking for, as well as escaping the all < and > with , but all throw the same error. Is there an escape character used in the filter parser?

Also, I've had to write some javascript in the past to convert a canonical ldap filter string into a DSML document, and it seems to handle xml ok because it builds an operator / operand tree in memory. By doing this it can tell the difference between an xml tag and a greater or less than operator (as long as the filter is well formed at least). If you would like to look at that code let me know.

Doing an ldapjs client search using the "attributes" search option erroneously set to a string (instead of an array) errors out with "ConnectionError"... i.e. the connection to the ufds server is lost. Would be nicer if that either threw immediately on the client.search with invalid input... or returned a more reasonable error and not bounce the connection.

 ...
 base = 'ou=users, o=smartdc'
 uuid = '11111111-1111-1111-1111-111111111111'
 searchOpts = {
   filter: '(&(uuid=' + uuid + ')(objectclass=sdcperson))',
   scope: "one",
   attributes: "dn"
 };
 client.search(base, searchOpts, function(err, result) {
   if (err) {
     console.log("search start error")
     return callback(err);
   }
...

Hi,
great library, but seems that adding an element like :

var entry = {
objectClass: 'posixAccount',
objectClass: 'top',
objectClass: 'inetOrgPerson',
objectClass: 'mailUser',
objectClass: 'shadowAccount',
objectClass: 'sambaSamAccount',
...
};

ldapClient.add('uid=myuser,ou=Users,ou=example.comt,dc=support', entry, function(error) { ...

produces an "ObjectclassViolationError: no structural object class provided". Adding the same element with ldapadd works, and adding a "simple user" (without samba, mail and shadow support) works perfectly using the library. I'm using Openldap server v. 2.4.23. Does the library support extra schemas?

thanks in advance.

I try to build a ldap server wich handle the jpegPhoto attribute. I try to store it as a binary string, it doesn't work from thunderbird or OSX address book. I don't know if ldapjs can handle this feature.

About the quoting of the filter string.
I was able to get it to work via ldapsearch on CLI
now in ldapjs lcient I'm having trouble. This:

filter: "(uniquemember=uuid=930896af-bf8c-48d4-885c-6573a94b1853, ou=users, o=smartdc)",

results in this in the ldap server log:

...  filter=(users, o=smartdc) ...

Thanks for the great library. Having an issue with InsufficientAccessRightsError. I have not tested against
a different LDAP server, but will if you think it would be helpful.

The same query from Apache Directory Studio work. I know this is not a lot to work with, but what the hey.

I am binding to an OpenDS server as "Directory Manager" which I believe is the equivalent to the cn=root

var client = ldap.createClient({
url: 'ldap://127.0.0.1:1389',
reconnect:20
})
client.bind('cn=Directory Manager', 'password', function(err) {
assert.ifError(err);
});


Search works fine but when attempting add/modify/delete I get an

InsufficientAccessRightsError: The entry cn=stuff,dc=somewhere,dc=com cannot be added due to insufficient access rights
at //node_modules/ldapjs/lib/client.js:768:24
at Parser. (///node_modules/ldapjs/lib/client.js:966:12)
at Parser.emit (events.js:67:17)
at Parser.write (/r/node_modules/ldapjs/lib/messages/parser.js:106:10)
at Socket. (/node_modules/ldapjs/lib/client.js:953:14)
at Socket.emit (events.js:67:17)
at TCP.onread (net.js:341:14)


The update looks like

client.add('cn=cname,dc=somewhere,dc=com', {
objectclass: 'inetOrgPerson',
cn: 'cname',
givenName: 'GivenName',
sn: 'Surname',
mail: '[email protected]',
telephoneNumber: '111-111-1111' }, function(err) {
if (err) {
console.log('error adding', err, req.body);
}
//do stuff.
});


The OpenDS log says the following..

ADD REQ conn=320 op=2 msgID=3 dn="cn=cname,dc=somewhere,dc=com"
[25/Jan/2012:13:24:46 +0000] ADD RES conn=320 op=2 msgID=3 result=50 message="The entry cn=cname,dc=somewhere,dc=com cannot be added due to insufficient access rights" etime=3
[


When connecting the node server with a simple telnet, when trying to exit with a ctrl-C, the server crash, InvalidAsn1Error('encoding too long');. This telnet connection is not a valid asn1 discussion, but it's too easy to crash the ldap server. Maybe some try/catch and logging this errors?

Currently the client and server seem to treat all attribute values as utf-8 strings. There are some cases where the values are really binary and converting back and forth to utf-8 causes problems. For example, I noticed that GUIDs and such get corrupted when trying to proxy for AD.

I'm not sure the best way to handle that. Maybe the client could set .buffer on the value to the original buffer. If the server sees a .buffer, it could use that instead of the string value.

I was developing a project that use ldapjs as a ldap client. But now I found that I can not receive a message when the entry was not found by using client.search. For example, when I search '(uid=nuk)' which exists in the ldap server, the callback function of res.on('searchEntry',callback); would be called, and the results of

res.on('end',function(result){
    console.log('status: '+result.status);
});

is "status: 0".

But when I search '(uid=nuk1)', which does not exist, result.status is also 0. Even the whole object of 'result' is the same as the one when the entry is found.

Now I have not an approach to get a message when the entry is not found.
The version I was using is 0.2.0