jackadams / meteor-accounts-ldap Goto Github PK
View Code? Open in Web Editor NEWAuthentication against an LDAP server in Meteor
License: MIT License
Authentication against an LDAP server in Meteor
License: MIT License
If you have issues with installing bcrypt
try.
meteor add npm-bcrypt
It worked for me.
@JackAdams Can we update the docs to suggest the above step to new users?
Hi,
I have an issue with LDAP._bind.
I'm using Meteor 1.2.1 and meteor-accounts-ldap 0.4.0.
My settings file is :
{
"ldap": {
"serverDn": "DC=my,DC=domain",
"serverUrl": "ldap://ldap.my.domain:389"
}
}
I got this error :
I20151102-14:29:23.168(1)? LDAP authentication for [email protected]
I20151102-14:29:23.169(1)? Trying to bind [email protected]...
I20151102-14:29:23.175(1)? Callback from binding LDAP:
I20151102-14:29:23.176(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"Invalid DN"}
I20151102-14:29:23.176(1)? LDAP bind failed with error
I20151102-14:29:23.176(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"Invalid DN"}
I20151102-14:29:23.176(1)? Exception while invoking method 'login' TypeError: Object function (a) { // 2 // 10
I20151102-14:29:23.176(1)? return this.filter(function(i) { // 3 // 11
I20151102-14:29:23.176(1)? return a.indexOf(i) < 0; // 4 // 12
I20151102-14:29:23.176(1)? }); // 5 // 13
I20151102-14:29:23.176(1)? } has no method 'split'
I20151102-14:29:23.176(1)? at Object.LDAP._bind (packages/babrahams_accounts-ldap/ldap_server.js:116:1)
I20151102-14:29:23.176(1)? at [object Object].Package (packages/babrahams_accounts-ldap/ldap_server.js:287:1)
I20151102-14:29:23.176(1)? at accounts_server.js:462:32
I20151102-14:29:23.176(1)? at tryLoginMethod (accounts_server.js:239:14)
I20151102-14:29:23.177(1)? at AccountsServer.Ap._runLoginHandlers (accounts_server.js:459:18)
I20151102-14:29:23.177(1)? at [object Object].methods.login (accounts_server.js:522:27)
I20151102-14:29:23.177(1)? at maybeAuditArgumentChecks (livedata_server.js:1698:12)
I20151102-14:29:23.177(1)? at livedata_server.js:708:19
I20151102-14:29:23.177(1)? at [object Object]._.extend.withValue (packages/meteor/dynamics_nodejs.js:56:1)
I20151102-14:29:23.177(1)? at livedata_server.js:706:40
The failing code is :
var serverDNs = (typeof (settings.serverDn) == 'string') ? [settings.serverDn] : settings.serverDn;
for (var k in serverDNs) {
var serverDn = serverDNs[k].split(/,?DC=/).slice(1).join('.');
...
}
In meteor shell, LDAP._settings().serverDn.split(/,?DC=/).slice(1).join('.') could be splitted.
LDAP._settings().serverDn.split(/,?DC=/).slice(1).join('.');
'my.domain'
But, if I made it in the loop, split method error is signaled.
Best regards
Philippe
Hi after update meteor
when i try to add package i got a error
add babrahams:accounts-ldap
=> Errors while adding packages:
While selecting package versions:
error: Conflict: Constraint [email protected] is not satisfied by less 2.5.0_2.
Constraints on package "less":
Hello
Getting this again for 0.1.4. 0.1.2 worked.
$ meteor add babrahams:[email protected]
=> Errors while adding packages:
While checking for babrahams:[email protected]:
error: No compatible binary build found for this package. Contact the package author and ask them to publish it for your platform.
Hello
I am using this package in one of my projects at work, but I had to do one small modification to make it work: The search filter does not match our structure. I don't know much about LDAP, so it could be our structure which is silly. Anyway, it refused to log me in until I changed line 50 in ldap_server.js from
filter: '(&(' + ((email) ? 'mail' : 'cn') + '=' + searchUsername + ')(objectClass=user))',
to
filter: '(&(' + ((email) ? 'mail' : 'sAMAccountName') + '=' + searchUsername + ')(objectClass=user))',
It then works when I try to log in with my username, but not my email. I haven't bothered checking why, because the application is supposed to use only the username
It would be nice to have the filter as a setting to account for strange LDAP setups.
Happened in the 0.2.1 build and 0.2.2 build (where I was trying to fix it but failed). Was not an issue up to and including 0.2.0.
Disappointing.
It still works, but who wants error message in the console on app startup?
Hi,
Great package, I tried to make it work with this simple public directory for hours without success.
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
Any idea how to configure the settings to make it work. I have constantly the error "invalid DN"
Here is my config:
LDAP.generateSettings = function (request) {
return {
"serverDn": "dc=example,dc=com",
"serverUrl": "ldap://ldap.forumsys.com",
"whiteListedFields": [ "displayName", "givenName", "department", "employeeNumber", "mail", "title", "address", "phone", "memberOf"],
"autopublishFields": [ "displayName", "department", "mail", "title", "address", "phone"]
};
}
and then I used "einstein" and "password" as credentials.
Here is my output:
I20170206-17:27:17.177(1)? Trying to bind [email protected]...
I20170206-17:27:17.361(1)? Callback from binding LDAP:
I20170206-17:27:17.362(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"invalid DN"}
I20170206-17:27:17.362(1)? LDAP bind failed with error
I20170206-17:27:17.363(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"invalid DN"}
I can't figure out how to connect to openLDAP. I'm currently using this docker image (https://github.com/osixia/docker-openldap) to create a openldap server. I can connect to and create user using jxplorer but I can't figure out how to connect to it with meteor.
Here is my meteor configuration:
"serverDn": "OU=dep,DC=example,DC=org",
"serverUrl": "ldap://192.168.99.100:389",
"whiteListedFields": [ "displayName", "givenName", "memberOf", "initials"],
"autopublishFields": [ "displayName" ],
"searchField": "email",
"searchValueType": "email"
and my LDAP Structure
And I try to login with users and it's password as credentials elements. Email is set to [email protected]
Is there any chance that this package will be able to do the equivalent of what the passport-windowsauth
package does in regards to allowing Windows Integrated Authentication when the meteor app has been demeteorized to a node app and is running in IIS?
I can live with having users to login manually, but in a Windows enterprise environment where a site is running via IIS the browser will automatically login the user on the domain (via AD / LDAP).
passport-windowsauth
has two different modes, so to speak:
passport.use(new WindowsStrategy({
ldap: {
url: 'ldap://wellscordoba.wellscordobabank.com/DC=wellscordobabank,DC=com',
base: 'DC=wellscordobabank,DC=com',
bindDN: 'someAccount',
bindCredentials: 'andItsPass'
}
}, function(profile, done){
User.findOrCreate({ waId: profile.id }, function (err, user) {
done(err, user);
});
}));
passport.use(new WindowsStrategy({integrated: true}, function(profile, done){
User.findOrCreate({ waId: profile.id }, function (err, user) {
done(err, user);
});
}));
So, I get a "User successfully retrieved from LDAP server", but then right after the below error :(
I am using:
LDAP.generateSettings = function (request) {
return {
"serverDn": "DC=mycompany,DC=com",
"serverUrl": "ldap://111.111.111.11",
"whiteListedFields": ["displayName", "mail", "memberOf"],
"autopublishFields": ["displayName", "mail", "memberOf"]
};
}
And this is the error:
I20150826-13:45:12.114(2)? User successfully retrieved from LDAP server
W20150826-13:45:12.164(2)? (STDERR)
W20150826-13:45:12.165(2)? (STDERR) C:\Users\cope\AppData\Local\.meteor\packages\meteor-tool\1.1.4\mt-os.win_32\dev_bundle\server-lib\node_modules\fibers\future.js:226
W20150826-13:45:12.165(2)? (STDERR) throw new Error('Future resolved more than once');
W20150826-13:45:12.165(2)? (STDERR) ^
W20150826-13:45:12.165(2)? (STDERR) Error: Future resolved more than once
W20150826-13:45:12.165(2)? (STDERR) at Object.Future.return (C:\Users\cope\AppData\Local\.meteor\package-tool\1.1.4\mt-os.windows.x86_32\dev_bundle\server-lib\node_modules\fibers\future.js:226:10)
W20150826-13:45:12.165(2)? (STDERR) at EventEmitter.<anonymous> (packages/babrahams:accounts-ldap/ldap_serve:1)
W20150826-13:45:12.165(2)? (STDERR) at EventEmitter.emit (events.js:95:17)
W20150826-13:45:12.166(2)? (STDERR) at _done (C:\Users\cope\AppData\Local\.meteor\packages\babrahams_accap\0.3.1\npm\node_modules\ldapjs\lib\client\client.js:785:22)
W20150826-13:45:12.166(2)? (STDERR) at messageCallback (C:\Users\cope\AppData\Local\.meteor\packages\babccounts-ldap\0.3.1\npm\node_modules\ldapjs\lib\client\client.js:858:14)
W20150826-13:45:12.166(2)? (STDERR) at Parser.onMessage (C:\Users\cope\AppData\Local\.meteor\packages\baaccounts-ldap\0.3.1\npm\node_modules\ldapjs\lib\client\client.js:199:12)
W20150826-13:45:12.166(2)? (STDERR) at Parser.emit (events.js:95:17)
W20150826-13:45:12.166(2)? (STDERR) at Parser.write (C:\Users\cope\AppData\Local\.meteor\packages\babrahunts-ldap\0.3.1\npm\node_modules\ldapjs\lib\messages\parser.js:105:8)
W20150826-13:45:12.166(2)? (STDERR) at end (C:\Users\cope\AppData\Local\.meteor\packages\babrahams_accou\0.3.1\npm\node_modules\ldapjs\lib\messages\parser.js:71:19)
W20150826-13:45:12.167(2)? (STDERR) at Parser.write (C:\Users\cope\AppData\Local\.meteor\packages\babrahunts-ldap\0.3.1\npm\node_modules\ldapjs\lib\messages\parser.js:107:10)
=> Exited with code: 8
Specifically, not having accounts-password
installed results in errors because the installation process tries to install bcrypt 0.7.8, which does not compile for node 4.
Installing accounts-password
manually for some reason installs the correct bcrypt version, and installing babrahams:accounts-ldap
later works
Not sure if this is possible to fix in this project, but at least this issue will notify others
Hi
I tried to install the latest version 0.7.6 but that is apparently not available?
=> Errors while parsing arguments:
While adding package babrahams:[email protected]:
error: no such version babrahams:[email protected]
The latest I can download is v0.7.4
Our LDAP server is down, so when I try to login with a new account or enter incorrect password (so that the tryDBfirst fails), after some time I get "LDAP bind failed with error:" {}
.
It throws on throw new Meteor.Error('ldap-error', 'ldapjs client reported an error', error);
but "error" is not giving out any useful information. The whole process than forces application restart
packages/babrahams_accountsldap.js:197
throw new Meteor.Error('ldap-error', 'ldapjs client reported an error', error);
^
Error: ldapjs client reported an error [ldap-error]
at Client.<anonymous> (packages/babrahams_accountsldap.js:197:11)
at emitOne (events.js:116:13)
at Client.emit (events.js:211:7)
at Backoff.<anonymous> (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/ldapjs/lib/client/client.js:1228:12)
at emitOne (events.js:116:13)
at Backoff.emit (events.js:211:7)
at Backoff.backoff (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/backoff/lib/backoff.js:41:14)
at /mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/ldapjs/lib/client/client.js:1214:15
at f (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/once/once.js:17:25)
at Socket.onResult (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/ldapjs/lib/client/client.js:1016:7)
at Object.onceWrapper (events.js:315:30)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at emitErrorNT (internal/streams/destroy.js:66:8)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9)
I could not set up Meteor debugging (missing sourcemaps for local packages?), so I don't know what to do next. Is there any option to just fail the login process with "incorrect password"?
My LDAP setup (it was for OpenLDAP and worked well while the server was on):
LDAP.searchField = 'uid'
LDAP.searchValueType = 'username'
LDAP.logging = true
LDAP.tryDBFirst = true
LDAP.filter = function(isEmailAddress, usernameOrEmail, FQDN) {
return '(&(samaccountname=' + usernameOrEmail + ')(objectClass=person))';
}
LDAP.generateSettings = function(request) {
const settingsLdap = Settings.findOne({ type: 'ldap' })
return {
serverDn: settingsLdap.baseDN,
serverUrl: `${settingsLdap.useSSL ? 'ldaps' : ldap'}://${settingsLdap.hostname}:${settingsLdap.port}`,
whiteListedFields: [ "displayName", "cn", "givenName", "mail", "memberOf"],
}
}
Meteor: 1.4
babrahams:accounts-ldap: 0.6.1
I am using this package in connection with an ldaps server which worked fine until around we upgraded to Meteor 1.4. The error originates in [email protected]/lib/client/client.js:111:
I20160926-17:14:06.336(2)? LDAP authentication for: user
I20160926-17:14:06.504(2)? Exception while invoking method 'login' TypeError: Cannot read property 'on' of undefined
I20160926-17:14:06.504(2)? at setupSocket (/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:111:14)/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:742:3)
I20160926-17:14:06.505(2)? at Client._connect (
I20160926-17:14:06.505(2)? at new Client (/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:247:22)/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/index.js:60:12)
I20160926-17:14:06.505(2)? at Object.createClient (
I20160926-17:14:06.506(2)? at Object.LDAP._createClient (packages/babrahams_accounts-ldap/ldap_server.js:152:1)
I20160926-17:14:06.506(2)? at [object Object]. (packages/babrahams_accounts-ldap/ldap_server.js:362:1)
I20160926-17:14:06.506(2)? at packages/accounts-base/accounts_server.js:471:32
I20160926-17:14:06.506(2)? at tryLoginMethod (packages/accounts-base/accounts_server.js:248:14)
I20160926-17:14:06.506(2)? at AccountsServer.Ap._runLoginHandlers (packages/accounts-base/accounts_server.js:468:18)
I20160926-17:14:06.507(2)? at [object Object].methods.login (packages/accounts-base/accounts_server.js:531:27)
This is the line in ldapjs mentioned above:
https://github.com/mcavage/node-ldapjs/blob/v0.7.1/lib/client/client.js#L108-L111
In line 108 of client.js you can see the switch between tls and plain net socket: if opts.secure use socket.socket, else use just socket. Meteor 1.4 included an upgrade of the nodejs bundled with Meteor from 0.10.x to 4.x. Apparently the tls module API changed between 0.10.x and 4.x. The tls socket no longer has a property called socket. This is already fixed since ldapjs 1.0.0, maybe even in 0.8.0.
To test my assumption I created a local copy of this package and bumped the ldapjs version to 1.0.0 and it fixed this issue.
Hi there
I created a settings.json according to the docs and placed it on the server. When trying to login I get an error saying
=> Meteor server restarted
I20180220-10:17:14.672(1)? Exception while invoking method 'login' Error: LDAP settings missing.
I20180220-10:17:14.673(1)? at MethodInvocation.<anonymous> (packages/babrahams_accounts-ldap.js:392:11)
I20180220-10:17:14.674(1)? at packages/accounts-base/accounts_server.js:483:32
I20180220-10:17:14.674(1)? at tryLoginMethod (packages/accounts-base/accounts_server.js:259:14)
Where do I have to place it to be found? Or do I have to assign the value somewhere to the LDAP object?
i have the following packages
accounts-base
accounts-password
babrahams:accounts-ldap
installed and i am generating settings in server/main.js meteor.startup() like below
Meteor.startup(() => {
LDAP.generateSettings = function (request) {
return {
"serverDn": "ou=Employees,ou='company Users',DC=company,DC=com",
"serverUrl": "ldap://company.com:389",
};
}
});
In my jsx file i am passing params as following
let loginUserWithLDAP = (username, password, callback) => {
var loginRequest = {
ldap: true,
username: username,
pass: password,
}
Accounts.callLoginMethod({
methodArguments: [loginRequest],
userCallback: callback
})
}
and i am getting this error
LDAP authentication for: test
Trying to bind [email protected]...
Callback from binding LDAP:
Search filter: (&(cn=test)(objectClass=user))
Searching ou=Employees,ou='company Users',DC=company,DC=com
"error: 000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580\u0000"
No record was returned via LDAP
what am i missing?
Hi
I would like to make it work with both email and username to sign users in.
with this selection
LDAP.searchField = 'userPrincipalName'; LDAP.searchValueType = 'userPrincipalName';
Only the username works.
Is there a way to make it accept emails as well?
Many thanks
Hi
I want to display the thumbnailPhoto that is delivered through AD. The problem is that ldapjs is returning it as string. there is a solution to this issue
ldapjs/node-ldapjs#137 (comment)
How could this be implemented in your module?
When i submit the form to log in it freezes at "Logging in ..." and the console has the following output.
W20150724-10:07:23.076(-5)? (STDERR)
W20150724-10:07:23.077(-5)? (STDERR) /Users/ayoung/.meteor/packages/meteor-tool/.1.1.3.1wysac9++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:226
W20150724-10:07:23.077(-5)? (STDERR) throw new Error('Future resolved more than once');
W20150724-10:07:23.077(-5)? (STDERR) ^
W20150724-10:07:23.083(-5)? (STDERR) Error: Future resolved more than once
W20150724-10:07:23.083(-5)? (STDERR) at Object.Future.return (/Users/ayoung/.meteor/packages/meteor-tool/.1.1.3.1wysac9++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:226:10)
W20150724-10:07:23.083(-5)? (STDERR) at EventEmitter. (packages/babrahams:accounts-ldap/ldap_server.js:81:1)
W20150724-10:07:23.083(-5)? (STDERR) at EventEmitter.emit (events.js:95:17)
W20150724-10:07:23.083(-5)? (STDERR) at _done (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:785:22)
W20150724-10:07:23.083(-5)? (STDERR) at messageCallback (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:858:14)
W20150724-10:07:23.083(-5)? (STDERR) at Parser.onMessage (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:199:12)
W20150724-10:07:23.084(-5)? (STDERR) at Parser.emit (events.js:95:17)
W20150724-10:07:23.084(-5)? (STDERR) at Parser.write (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/messages/parser.js:105:8)
W20150724-10:07:23.084(-5)? (STDERR) at end (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/messages/parser.js:71:19)
W20150724-10:07:23.084(-5)? (STDERR) at Parser.write (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/messages/parser.js:107:10)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.