Add/Delete group member not working on Windows Active Directory if groupname includes non ascii about node-ldapjs HOT 3 CLOSED

You stated in your report that the modify request works with a standard LDAP server implementation, but fails to work with a non-standard LDAP server implementation. Please consult with the maintainers of the non-standard LDAP server implementation about why their server does not follow the specifications.

from node-ldapjs.

But it is strange, if I use ldapjs 2.3.3 with this code it works great with Microsoft Active Directory (Server 2019 objectversion 88) to add and delete members even if the groupname includes non ascii characters.

const mod: ldap.Attribute = { 'member', ['cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'] }
const change = new ldap.Change({
  operation: 'add',
  modification: mod
});

// const mod: ldap.Attribute = {'member', ['cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'] }
// const change = new ldap.Change({
//   operation: 'delete',
//   modification: mod
// });

client.modify('cn=möte,ou=people,dc=planetexpress,dc=com', change, (err) => {
  console.log("Finnished", err)
});

If I try to run the same code with ldapjs 3.0.5 it fails with error "modification must be an Attribute".

If I change the code to

const mod: ldap.Attribute = { type : 'member', values : ['cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'] }

const mod: ldap.Attribute = { type : 'member', values : ['cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'] }
const change = new ldap.Change({
  operation: 'add',
  modification: mod
});

// const mod: ldap.Attribute = { type : 'member', values : ['cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'] }
// const change = new ldap.Change({
//   operation: 'delete',
//   modification: mod
// });

client.modify('cn=möte,ou=people,dc=planetexpress,dc=com', change, (err) => {
  console.log("Finnished", err)
});

I am back to the error that the object is not found if the groupname includes an non ascii character (but it works fine if the groupname contains only ascii characters).

from node-ldapjs.

if I use ldapjs 2.3.3 with this code it works great with Microsoft Active Directory (Server 2019 objectversion 88) to add and delete members even if the groupname includes non ascii characters

It's likely that 2.3.3 is sending UTF-8 characters unencoded. I would start by inspecting the messages sent "across the wire" with Wireshark to verify that this is true. If it is true, I point you to #860 (comment):

DN strings are defined by rfc-editor.org/rfc/rfc4514. Specifically rfc-editor.org/rfc/rfc4514#section-2.3 links to rfc-editor.org/rfc/rfc4512 to explain how AttributeType and AttributeValue strings can be represented. The relevant section is rfc-editor.org/rfc/rfc4512#section-2.5. Specifically, this section defines the components as being oids, which are defined in rfc-editor.org/rfc/rfc4512#section-1.4 as:

oid = descr / numericoid
descr = keystring
keystring = leadkeychar *keychar
leadkeychar = ALPHA
keychar = ALPHA / DIGIT / HYPHEN
ALPHA = %x41-5A / %x61-7A ; "A"-"Z" / "a"-"z"
DIGIT = %x30 / LDIGIT ; "0"-"9"
HYPHEN = %x2D ; hyphen ("-")

In short: the LDAP spec only allows for ASCII characters in DN strings. You may need to use a numericoid.

Further, https://www.rfc-editor.org/rfc/rfc4514#section-3 denotes the set of character code sequences that must be escaped via the SUTF1 definition.

const mod: ldap.Attribute = { 'member', ['cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'] }

This is not valid JavaScript. You are missing the property names in the object. Your change "works" because you have added those property names, thus fixing the syntax error.

from node-ldapjs.