Question: How to return error if user is not found?

[prasadgavande]

I am trying to implement functionality where I can login with openldap.

Below are my steps for login

1. Get username and password from web form (ejs)
2. find user using search API of ldapjs: http://ldapjs.org/client.html#search
3. if user found then use bind API to authenticate: http://ldapjs.org/client.html#bind

This is working fine, but I also need to add exception if search fails at step 2, i.e. if user is not found

How can I add exception where I will know if search fails and user it not there in ldap?

Below is my controller function for login

 exports.postLogin = (req, postResponse, next) => {

    const username = 'cn=' + req.body.username + ',' + process.env.DN;
    const password = req.body.password;

    const opts = {
        filter: '(cn=' + req.body.username + ')',
        scope: 'sub'
    };

    ldapClient.search(process.env.DN, opts, (err, res) => {
       assert.ifError(err);

      

            res.on('searchEntry', (entry) => {
                //once user is found, then authenticate
                ldapClient.bind(
                    username,
                    password,
                    (err, response) => {
                        if (err) {

                            req.flash('error', 'Cannot authenticate: ', err.lde_message);
                            return postResponse.redirect('/user/login');
                        }
                        else {

                            req.session.user = req.body.username;
                           
                            postResponse.redirect('/dashboard');

                        }
                    });
            });
         
            res.on('error', (err) => {
                console.error('error: ' + err.message);
            });

        
            res.on('end', (result) => {
                console.log('status: ' + result.status);

            });
        
    });
}

[UziTech]

I would check if searchEntry has been called in end and if it hasn't there are no entries.

[jsumners]

You should attempt the bind after the search has completed, not upon receiving the first entry. After the search has ended, you should have an array of search results. If that array has zero items, then you cannot attempt the bind as the found user and can return an error.

An example of such logic can be seen in https://github.com/jsumners/adldap/blob/6dcd35ad560dae7a5f0b8e9486890d42a628042c/lib/client/authenticate.js

[jsumners]

👋

On February 22, 2023, we released version 3 of this library. As a result, we are closing this issue/pull request.

Please see issue #839 for more information, including how to proceed if you feel this closure is in error.