You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the non-integrated example from the README, when the user tries to authenticate with an empty user/pass, the following error occurs and the stack trace is sent to the user:
Error: sAMAccountName= is invalid
at _buildFilterTree (C:\windowsauth\node_modules\passport-windowsauth\node_
modules\ldapjs\lib\filters\index.js:150:13)
at _buildFilterTree (C:\windowsauth\node_modules\passport-windowsauth\node_
modules\ldapjs\lib\filters\index.js:113:28)
at _buildFilterTree (C:\windowsauth\node_modules\passport-windowsauth\node_
modules\ldapjs\lib\filters\index.js:108:28)
at _parseString (C:\windowsauth\node_modules\passport-windowsauth\node_modu
les\ldapjs\lib\filters\index.js:376:17)
at Object.module.exports.parseString (C:\windowsauth\node_modules\passport-
windowsauth\node_modules\ldapjs\lib\filters\index.js:506:12)
at Client.search (C:\windowsauth\node_modules\passport-windowsauth\node_mod
ules\ldapjs\lib\client\client.js:632:30)
at onAcquire (C:\windowsauth\node_modules\passport-windowsauth\node_modules
\ldapjs\lib\client\pool.js:200:19)
at C:\windowsauth\node_modules\passport-windowsauth\node_modules\ldapjs\nod
e_modules\pooling\node_modules\once\once.js:17:15
at Pool.acquire (C:\windowsauth\node_modules\passport-windowsauth\node_modu
les\ldapjs\node_modules\pooling\lib\pool.js:224:25)
at ClientPool.search (C:\windowsauth\node_modules\passport-windowsauth\node
_modules\ldapjs\lib\client\pool.js:192:20)
If the user the does the same again, it crashes the server:
C:\windowsauth\node_modules\passport-windowsauth\node_modules\ldapjs\lib\filter
s\index.js:150
throw new Error(expr + ' is invalid');
^
Error: sAMAccountName= is invalid
at _buildFilterTree (C:\windowsauth\node_modules\passport-windowsauth\node_
modules\ldapjs\lib\filters\index.js:150:13)
at _buildFilterTree (C:\windowsauth\node_modules\passport-windowsauth\node_
modules\ldapjs\lib\filters\index.js:113:28)
at _buildFilterTree (C:\windowsauth\node_modules\passport-windowsauth\node_
modules\ldapjs\lib\filters\index.js:108:28)
at _parseString (C:\windowsauth\node_modules\passport-windowsauth\node_modu
les\ldapjs\lib\filters\index.js:376:17)
at Object.module.exports.parseString (C:\windowsauth\node_modules\passport-
windowsauth\node_modules\ldapjs\lib\filters\index.js:506:12)
at Client.search (C:\windowsauth\node_modules\passport-windowsauth\node_mod
ules\ldapjs\lib\client\client.js:632:30)
at onAcquire (C:\windowsauth\node_modules\passport-windowsauth\node_modules
\ldapjs\lib\client\pool.js:200:19)
at C:\windowsauth\node_modules\passport-windowsauth\node_modules\ldapjs\nod
e_modules\pooling\node_modules\once\once.js:17:15
at onCreatedClient (C:\windowsauth\node_modules\passport-windowsauth\node_m
odules\ldapjs\node_modules\pooling\lib\pool.js:246:17)
at createCallback (C:\windowsauth\node_modules\passport-windowsauth\node_mo
dules\ldapjs\node_modules\pooling\lib\pool.js:420:17)
1 May 09:57:04 - [nodemon] app crashed - waiting for file changes before starting...
I would have guessed that the WindowsStragety callback would follow the usual convention of the first parameter being an error object, which would pass this error back.
What is the intended way to gracefully handle this situation?
Even if the client side were modified to not post with an empty user, it could be done maliciously, so that's not a real solution.
The text was updated successfully, but these errors were encountered:
MaxMem
changed the title
How to catch error thrown from ldapjs?
How to handle invalid user error?
May 1, 2014
Using the non-integrated example from the README, when the user tries to authenticate with an empty user/pass, the following error occurs and the stack trace is sent to the user:
If the user the does the same again, it crashes the server:
I would have guessed that the WindowsStragety callback would follow the usual convention of the first parameter being an error object, which would pass this error back.
What is the intended way to gracefully handle this situation?
Even if the client side were modified to not post with an empty user, it could be done maliciously, so that's not a real solution.
The text was updated successfully, but these errors were encountered: