No error on bad credentials

[victornikitin]

How to catch that bindDN or bindCredentials are incorrect?

I pass authenticate to express via router:

router.use(
    passport.authenticate('ldapauth'),
    function(err, req, res, next) {
      // this code is not called when server credentials are wrong
      // only 403 forbidden is returned to user
      console.log(err);
      next();
    }
  );

Even if I create strategy with handleErrorsAsFailures option, failureErrorCallback does not trigger too.

How to catch this situation?
Or what I'm doing wrong?

[vesse]

You are apparently trying to use custom callbacks, see that on how the middleware needs to be called then.

[victornikitin]

You are right. I've changed code to this:

passport.use("ldapauth", LDAPStrategy({...}, authenticateLdap) );
function authenticateLdap(profile, done) {
    if (!profile) {
      done(null, false, { message: options.incorrectPasswordError });
      return;
    }
    ...
}
...
router.use(function(req, res, next) {
    passport.authenticate('ldapauth', async function(err, user, message) {
      if (!user) {
       // user password is wrong or binddn credentials is wrong?
      }
      req.logIn(user, function(err) {
       next();
      });
    })(req, res, next);
  });

But how to check if it user password is incorrect or bindDN credentials are incorrect?

[vesse]

The strategy does not provide such info as this is more of a configuration error. It is sort of expected that admin credentials are provided correctly. You can pass a Bunyan logger instance to the underlying ldapauth-fork library and see the trace for bind errors, or try eg. with command line tool ldapsearch to see if your admin credentials are correct.

[clarkey]

@victornikitin Hi. I came across this issue just now. Did you come up with anything?

[victornikitin]

No, we did not found any good solutions how to determine is this a user credentials error or a connection error.

…

On Sat, Mar 7, 2020 at 2:01 AM Matt ***@***.***> wrote: @victornikitin <https://github.com/victornikitin> Hi. I came across this issue just now. Did you come up with anything? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#87?email_source=notifications&email_token=ABWIPGE7FOJUHBCUBJSHA63RGF6F3A5CNFSM4HHEAX3KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEODEB5Y#issuecomment-596001015>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABWIPGFGOLUT32H4M5A4OY3RGF6F3ANCNFSM4HHEAX3A> .

[MarkusRissmann]

I'm having the same issue. No matter what I am getting "Unauthorized". I wrote a quick c# .net app using all the same settings and it works (queries). I know my code works because I've used it against another ldap server. Kind of hard to ask IT to fix something when you don't know what is wrong.

Using wireshark to diagnose I see this using nodejs:

But using .Net App I see much more activity: