jackadams / meteor-accounts-ldap Goto Github PK

View Code? Open in Web Editor NEW

21.0 21.0 12.0 124 KB

Authentication against an LDAP server in Meteor

License: MIT License

CSS 0.13% HTML 5.67% JavaScript 68.31% Less 25.89%

meteor-accounts-ldap's People

Contributors

Stargazers

Watchers

Forkers

valedaemon doomdance angedelamort rjcarter aaroncalderon felixble migerh aksoneng sandrich erikholleboom toddaston bratelefant

meteor-accounts-ldap's Issues

installing bcrypt

If you have issues with installing bcrypt try.

meteor add npm-bcrypt

It worked for me.

@JackAdams Can we update the docs to suggest the above step to new users?

issue with serverDNs[k].split(/,?DC=/).slice(1).join('.');

Hi,

I have an issue with LDAP._bind.

I'm using Meteor 1.2.1 and meteor-accounts-ldap 0.4.0.

My settings file is :

{
  "ldap": {
    "serverDn": "DC=my,DC=domain",
    "serverUrl": "ldap://ldap.my.domain:389"
  }
}

I got this error :

I20151102-14:29:23.168(1)? LDAP authentication for [email protected]
I20151102-14:29:23.169(1)? Trying to bind [email protected]...
I20151102-14:29:23.175(1)? Callback from binding LDAP:
I20151102-14:29:23.176(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"Invalid DN"}
I20151102-14:29:23.176(1)? LDAP bind failed with error
I20151102-14:29:23.176(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"Invalid DN"}
I20151102-14:29:23.176(1)? Exception while invoking method 'login' TypeError: Object function (a) {                                                     // 2   // 10
I20151102-14:29:23.176(1)?   return this.filter(function(i) {                                                       // 3   // 11
I20151102-14:29:23.176(1)?     return a.indexOf(i) < 0;                                                             // 4   // 12
I20151102-14:29:23.176(1)?   });                                                                                    // 5   // 13
I20151102-14:29:23.176(1)? } has no method 'split'
I20151102-14:29:23.176(1)?     at Object.LDAP._bind (packages/babrahams_accounts-ldap/ldap_server.js:116:1)
I20151102-14:29:23.176(1)?     at [object Object].Package (packages/babrahams_accounts-ldap/ldap_server.js:287:1)
I20151102-14:29:23.176(1)?     at accounts_server.js:462:32
I20151102-14:29:23.176(1)?     at tryLoginMethod (accounts_server.js:239:14)
I20151102-14:29:23.177(1)?     at AccountsServer.Ap._runLoginHandlers (accounts_server.js:459:18)
I20151102-14:29:23.177(1)?     at [object Object].methods.login (accounts_server.js:522:27)
I20151102-14:29:23.177(1)?     at maybeAuditArgumentChecks (livedata_server.js:1698:12)
I20151102-14:29:23.177(1)?     at livedata_server.js:708:19
I20151102-14:29:23.177(1)?     at [object Object]._.extend.withValue (packages/meteor/dynamics_nodejs.js:56:1)
I20151102-14:29:23.177(1)?     at livedata_server.js:706:40

The failing code is :

  var serverDNs = (typeof (settings.serverDn) == 'string') ? [settings.serverDn] : settings.serverDn;
  for (var k in serverDNs) {
    var serverDn = serverDNs[k].split(/,?DC=/).slice(1).join('.');
    ...
  }

In meteor shell, LDAP._settings().serverDn.split(/,?DC=/).slice(1).join('.') could be splitted.

LDAP._settings().serverDn.split(/,?DC=/).slice(1).join('.');
'my.domain'

But, if I made it in the loop, split method error is signaled.

Best regards

Philippe

unable to install package

Hi after update meteor
when i try to add package i got a error

add babrahams:accounts-ldap
=> Errors while adding packages:

While selecting package versions:
error: Conflict: Constraint [email protected] is not satisfied by less 2.5.0_2.
Constraints on package "less":

less@=2.5.0_2 <- top level
[email protected]_1 <- accounts-ui 1.1.6
[email protected]_1 <- accounts-ui-unstyled 1.1.8 <- accounts-ui 1.1.6
[email protected] <- babrahams:accounts-ldap 0.3.3

No compatible binary build....

Hello

Getting this again for 0.1.4. 0.1.2 worked.

$ meteor add babrahams:[email protected]
 => Errors while adding packages:             

While checking for babrahams:[email protected]:
error: No compatible binary build found for this package. Contact the package author and ask them to publish it for your platform.

I am using this package in one of my projects at work, but I had to do one small modification to make it work: The search filter does not match our structure. I don't know much about LDAP, so it could be our structure which is silly. Anyway, it refused to log me in until I changed line 50 in ldap_server.js from

filter: '(&(' + ((email) ? 'mail' : 'cn') + '=' + searchUsername + ')(objectClass=user))',
to
filter: '(&(' + ((email) ? 'mail' : 'sAMAccountName') + '=' + searchUsername + ')(objectClass=user))',

It then works when I try to log in with my username, but not my email. I haven't bothered checking why, because the application is supposed to use only the username

It would be nice to have the filter as a setting to account for strange LDAP setups.

Error: Cannot find module './build/Release/DTraceProviderBindings'] code: 'MODULE_NOT_FOUND'

Happened in the 0.2.1 build and 0.2.2 build (where I was trying to fix it but failed). Was not an issue up to and including 0.2.0.

Disappointing.

It still works, but who wants error message in the console on app startup?

Failed to make it work with simple Active Directory

Hi,
Great package, I tried to make it work with this simple public directory for hours without success.
http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

Any idea how to configure the settings to make it work. I have constantly the error "invalid DN"

Here is my config:

LDAP.generateSettings = function (request) {
  return {
    "serverDn": "dc=example,dc=com",
    "serverUrl": "ldap://ldap.forumsys.com",
    "whiteListedFields": [ "displayName", "givenName", "department", "employeeNumber", "mail", "title", "address", "phone", "memberOf"],
    "autopublishFields": [ "displayName", "department", "mail", "title", "address", "phone"]
  };
}

and then I used "einstein" and "password" as credentials.

Here is my output:

I20170206-17:27:17.177(1)? Trying to bind [email protected]...
I20170206-17:27:17.361(1)? Callback from binding LDAP:
I20170206-17:27:17.362(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"invalid DN"}
I20170206-17:27:17.362(1)? LDAP bind failed with error
I20170206-17:27:17.363(1)? {"dn":"","code":34,"name":"InvalidDnSyntaxError","message":"invalid DN"}

Use with openLDAP

I can't figure out how to connect to openLDAP. I'm currently using this docker image (https://github.com/osixia/docker-openldap) to create a openldap server. I can connect to and create user using jxplorer but I can't figure out how to connect to it with meteor.

Here is my meteor configuration:

"serverDn": "OU=dep,DC=example,DC=org",
"serverUrl": "ldap://192.168.99.100:389",
"whiteListedFields": [ "displayName", "givenName", "memberOf", "initials"],
"autopublishFields": [ "displayName" ],
"searchField": "email",
"searchValueType": "email"

and my LDAP Structure

org
- example
  - dep
    - group
      - user

And I try to login with users and it's password as credentials elements. Email is set to [email protected]

Question: Support Windows Integrated Authentication?

Is there any chance that this package will be able to do the equivalent of what the passport-windowsauth package does in regards to allowing Windows Integrated Authentication when the meteor app has been demeteorized to a node app and is running in IIS?

I can live with having users to login manually, but in a Windows enterprise environment where a site is running via IIS the browser will automatically login the user on the domain (via AD / LDAP).

passport-windowsauth has two different modes, so to speak:

LDAP form based login:

passport.use(new WindowsStrategy({
  ldap: {
    url:             'ldap://wellscordoba.wellscordobabank.com/DC=wellscordobabank,DC=com',
    base:            'DC=wellscordobabank,DC=com',
    bindDN:          'someAccount',
    bindCredentials: 'andItsPass'
  }
}, function(profile, done){
  User.findOrCreate({ waId: profile.id }, function (err, user) {
    done(err, user);
  });
}));

Windows Integrated Authentication:

passport.use(new WindowsStrategy({integrated: true}, function(profile, done){
  User.findOrCreate({ waId: profile.id }, function (err, user) {
    done(err, user);
  });
}));

Error: Future resolved more than once

So, I get a "User successfully retrieved from LDAP server", but then right after the below error :(

I am using:

LDAP.generateSettings = function (request) {
    return {
        "serverDn": "DC=mycompany,DC=com",
        "serverUrl": "ldap://111.111.111.11",
        "whiteListedFields": ["displayName", "mail", "memberOf"],
        "autopublishFields": ["displayName", "mail", "memberOf"]
    };
}

And this is the error:

I20150826-13:45:12.114(2)? User successfully retrieved from LDAP server
W20150826-13:45:12.164(2)? (STDERR)
W20150826-13:45:12.165(2)? (STDERR) C:\Users\cope\AppData\Local\.meteor\packages\meteor-tool\1.1.4\mt-os.win_32\dev_bundle\server-lib\node_modules\fibers\future.js:226
W20150826-13:45:12.165(2)? (STDERR)                     throw new Error('Future resolved more than once');
W20150826-13:45:12.165(2)? (STDERR)                           ^
W20150826-13:45:12.165(2)? (STDERR) Error: Future resolved more than once
W20150826-13:45:12.165(2)? (STDERR)     at Object.Future.return (C:\Users\cope\AppData\Local\.meteor\package-tool\1.1.4\mt-os.windows.x86_32\dev_bundle\server-lib\node_modules\fibers\future.js:226:10)
W20150826-13:45:12.165(2)? (STDERR)     at EventEmitter.<anonymous> (packages/babrahams:accounts-ldap/ldap_serve:1)
W20150826-13:45:12.165(2)? (STDERR)     at EventEmitter.emit (events.js:95:17)
W20150826-13:45:12.166(2)? (STDERR)     at _done (C:\Users\cope\AppData\Local\.meteor\packages\babrahams_accap\0.3.1\npm\node_modules\ldapjs\lib\client\client.js:785:22)
W20150826-13:45:12.166(2)? (STDERR)     at messageCallback (C:\Users\cope\AppData\Local\.meteor\packages\babccounts-ldap\0.3.1\npm\node_modules\ldapjs\lib\client\client.js:858:14)
W20150826-13:45:12.166(2)? (STDERR)     at Parser.onMessage (C:\Users\cope\AppData\Local\.meteor\packages\baaccounts-ldap\0.3.1\npm\node_modules\ldapjs\lib\client\client.js:199:12)
W20150826-13:45:12.166(2)? (STDERR)     at Parser.emit (events.js:95:17)
W20150826-13:45:12.166(2)? (STDERR)     at Parser.write (C:\Users\cope\AppData\Local\.meteor\packages\babrahunts-ldap\0.3.1\npm\node_modules\ldapjs\lib\messages\parser.js:105:8)
W20150826-13:45:12.166(2)? (STDERR)     at end (C:\Users\cope\AppData\Local\.meteor\packages\babrahams_accou\0.3.1\npm\node_modules\ldapjs\lib\messages\parser.js:71:19)
W20150826-13:45:12.167(2)? (STDERR)     at Parser.write (C:\Users\cope\AppData\Local\.meteor\packages\babrahunts-ldap\0.3.1\npm\node_modules\ldapjs\lib\messages\parser.js:107:10)
=> Exited with code: 8

Loads of errors if the Meteor package 'accounts-password' is not already installed

Specifically, not having accounts-password installed results in errors because the installation process tries to install bcrypt 0.7.8, which does not compile for node 4.

Installing accounts-password manually for some reason installs the correct bcrypt version, and installing babrahams:accounts-ldap later works

Not sure if this is possible to fix in this project, but at least this issue will notify others

Latest version 0.7.6 not available

I tried to install the latest version 0.7.6 but that is apparently not available?

 => Errors while parsing arguments:

While adding package babrahams:[email protected]:
error: no such version babrahams:[email protected]

The latest I can download is v0.7.4

what happens if server is down

Our LDAP server is down, so when I try to login with a new account or enter incorrect password (so that the tryDBfirst fails), after some time I get "LDAP bind failed with error:" {} .
It throws on throw new Meteor.Error('ldap-error', 'ldapjs client reported an error', error);
but "error" is not giving out any useful information. The whole process than forces application restart

packages/babrahams_accountsldap.js:197
    throw new Meteor.Error('ldap-error', 'ldapjs client reported an error', error);
    ^
Error: ldapjs client reported an error [ldap-error]
    at Client.<anonymous> (packages/babrahams_accountsldap.js:197:11)
    at emitOne (events.js:116:13)
    at Client.emit (events.js:211:7)
    at Backoff.<anonymous> (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/ldapjs/lib/client/client.js:1228:12)
    at emitOne (events.js:116:13)
    at Backoff.emit (events.js:211:7)
    at Backoff.backoff (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/backoff/lib/backoff.js:41:14)
    at /mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/ldapjs/lib/client/client.js:1214:15
    at f (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/once/once.js:17:25)
    at Socket.onResult (/mnt/c/meteor/slm-frontend/.meteor/local/isopacks/babrahams_accountsldap/npm/node_modules/ldapjs/lib/client/client.js:1016:7)
    at Object.onceWrapper (events.js:315:30)
    at emitOne (events.js:116:13)
    at Socket.emit (events.js:211:7)
    at emitErrorNT (internal/streams/destroy.js:66:8)
    at _combinedTickCallback (internal/process/next_tick.js:139:11)
    at process._tickCallback (internal/process/next_tick.js:181:9)

I could not set up Meteor debugging (missing sourcemaps for local packages?), so I don't know what to do next. Is there any option to just fail the login process with "incorrect password"?

My LDAP setup (it was for OpenLDAP and worked well while the server was on):

LDAP.searchField = 'uid'
LDAP.searchValueType = 'username'
LDAP.logging = true
LDAP.tryDBFirst = true
LDAP.filter = function(isEmailAddress, usernameOrEmail, FQDN) {
  return '(&(samaccountname=' + usernameOrEmail + ')(objectClass=person))';
}
LDAP.generateSettings = function(request) {
  const settingsLdap = Settings.findOne({ type: 'ldap' })
  return {
    serverDn: settingsLdap.baseDN,
    serverUrl: `${settingsLdap.useSSL ? 'ldaps' : ldap'}://${settingsLdap.hostname}:${settingsLdap.port}`,
    whiteListedFields: [ "displayName", "cn", "givenName", "mail", "memberOf"],
  }
}

Connection to ldaps broken in Meteor 1.4+

Meteor: 1.4
babrahams:accounts-ldap: 0.6.1

I am using this package in connection with an ldaps server which worked fine until around we upgraded to Meteor 1.4. The error originates in [email protected]/lib/client/client.js:111:

I20160926-17:14:06.336(2)? LDAP authentication for: user
I20160926-17:14:06.504(2)? Exception while invoking method 'login' TypeError: Cannot read property 'on' of undefined
I20160926-17:14:06.504(2)? at setupSocket (/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:111:14)
I20160926-17:14:06.505(2)? at Client._connect (/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:742:3)
I20160926-17:14:06.505(2)? at new Client (/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:247:22)
I20160926-17:14:06.505(2)? at Object.createClient (/.meteor/packages/babrahams_accounts-ldap/.0.6.1.1celj0g++os+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/index.js:60:12)
I20160926-17:14:06.506(2)? at Object.LDAP._createClient (packages/babrahams_accounts-ldap/ldap_server.js:152:1)
I20160926-17:14:06.506(2)? at [object Object]. (packages/babrahams_accounts-ldap/ldap_server.js:362:1)
I20160926-17:14:06.506(2)? at packages/accounts-base/accounts_server.js:471:32
I20160926-17:14:06.506(2)? at tryLoginMethod (packages/accounts-base/accounts_server.js:248:14)
I20160926-17:14:06.506(2)? at AccountsServer.Ap._runLoginHandlers (packages/accounts-base/accounts_server.js:468:18)
I20160926-17:14:06.507(2)? at [object Object].methods.login (packages/accounts-base/accounts_server.js:531:27)

This is the line in ldapjs mentioned above:

https://github.com/mcavage/node-ldapjs/blob/v0.7.1/lib/client/client.js#L108-L111

In line 108 of client.js you can see the switch between tls and plain net socket: if opts.secure use socket.socket, else use just socket. Meteor 1.4 included an upgrade of the nodejs bundled with Meteor from 0.10.x to 4.x. Apparently the tls module API changed between 0.10.x and 4.x. The tls socket no longer has a property called socket. This is already fixed since ldapjs 1.0.0, maybe even in 0.8.0.

To test my assumption I created a local copy of this package and bumped the ldapjs version to 1.0.0 and it fixed this issue.

settings.json not found

Hi there
I created a settings.json according to the docs and placed it on the server. When trying to login I get an error saying

=> Meteor server restarted
I20180220-10:17:14.672(1)? Exception while invoking method 'login' Error: LDAP settings missing.
I20180220-10:17:14.673(1)?     at MethodInvocation.<anonymous> (packages/babrahams_accounts-ldap.js:392:11)
I20180220-10:17:14.674(1)?     at packages/accounts-base/accounts_server.js:483:32
I20180220-10:17:14.674(1)?     at tryLoginMethod (packages/accounts-base/accounts_server.js:259:14)

Where do I have to place it to be found? Or do I have to assign the value somewhere to the LDAP object?

Ldap errors out with "In order to perform this operation a successful bind must be completed on the connection., data 0, v2580\u0000"

i have the following packages

accounts-base            
accounts-password        
babrahams:accounts-ldap

installed and i am generating settings in server/main.js meteor.startup() like below

Meteor.startup(() => {

  LDAP.generateSettings = function (request) {
    return {
      "serverDn": "ou=Employees,ou='company Users',DC=company,DC=com",
      "serverUrl": "ldap://company.com:389",
    };
  }
});

In my jsx file i am passing params as following

let loginUserWithLDAP = (username, password, callback) => {
        var loginRequest = {
          ldap: true,
          username: username,
          pass: password,
        }
        Accounts.callLoginMethod({
          methodArguments: [loginRequest],
          userCallback: callback
        })
      }

and i am getting this error

LDAP authentication for: test
Trying to bind [email protected]...
Callback from binding LDAP:
Search filter: (&(cn=test)(objectClass=user))
Searching ou=Employees,ou='company Users',DC=company,DC=com
"error: 000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580\u0000"
No record was returned via LDAP

what am i missing?

Login with using username or email

I would like to make it work with both email and username to sign users in.

with this selection
LDAP.searchField = 'userPrincipalName'; LDAP.searchValueType = 'userPrincipalName';

Only the username works.

Is there a way to make it accept emails as well?

Many thanks

thumbnailPhoto stored as string

I want to display the thumbnailPhoto that is delivered through AD. The problem is that ldapjs is returning it as string. there is a solution to this issue

ldapjs/node-ldapjs#137 (comment)

How could this be implemented in your module?

"Future resolved more than once" error

When i submit the form to log in it freezes at "Logging in ..." and the console has the following output.

W20150724-10:07:23.076(-5)? (STDERR)
W20150724-10:07:23.077(-5)? (STDERR) /Users/ayoung/.meteor/packages/meteor-tool/.1.1.3.1wysac9++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:226
W20150724-10:07:23.077(-5)? (STDERR) throw new Error('Future resolved more than once');
W20150724-10:07:23.077(-5)? (STDERR) ^
W20150724-10:07:23.083(-5)? (STDERR) Error: Future resolved more than once
W20150724-10:07:23.083(-5)? (STDERR) at Object.Future.return (/Users/ayoung/.meteor/packages/meteor-tool/.1.1.3.1wysac9++os.osx.x86_64+web.browser+web.cordova/mt-os.osx.x86_64/dev_bundle/server-lib/node_modules/fibers/future.js:226:10)
W20150724-10:07:23.083(-5)? (STDERR) at EventEmitter. (packages/babrahams:accounts-ldap/ldap_server.js:81:1)
W20150724-10:07:23.083(-5)? (STDERR) at EventEmitter.emit (events.js:95:17)
W20150724-10:07:23.083(-5)? (STDERR) at _done (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:785:22)
W20150724-10:07:23.083(-5)? (STDERR) at messageCallback (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:858:14)
W20150724-10:07:23.083(-5)? (STDERR) at Parser.onMessage (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/client/client.js:199:12)
W20150724-10:07:23.084(-5)? (STDERR) at Parser.emit (events.js:95:17)
W20150724-10:07:23.084(-5)? (STDERR) at Parser.write (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/messages/parser.js:105:8)
W20150724-10:07:23.084(-5)? (STDERR) at end (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/messages/parser.js:71:19)
W20150724-10:07:23.084(-5)? (STDERR) at Parser.write (/Users/ayoung/.meteor/packages/babrahams_accounts-ldap/.0.1.0.1paav43++os.osx.x86_64+web.browser+web.cordova/npm/node_modules/ldapjs/lib/messages/parser.js:107:10)