This repository was archived by the owner on May 8, 2019. It is now read-only.
This repository was archived by the owner on May 8, 2019. It is now read-only.
Unable to use LDAP authentication with multiple uid fields #16
Description
We use multiple uid fields in our LDAP database and Let's Chat is choking on that because it concatenates all the fields into one value:
{ [ValidationError: User validation failed]
stack: 'Error\n at MongooseError.ValidationError (/var/www/lets-chat/node_modules/mongoose/lib/error/validation.js:22:16)\n at model.Document.invalidate (/var/www/lets-chat/node_modules/mongoose/lib/document.js:1162:32)\n at /var/www/lets-chat/node_modules/mongoose/lib/document.js:1037:16\n at validate (/var/www/lets-chat/node_modules/mongoose/lib/schematype.js:651:7)\n at /var/www/lets-chat/node_modules/mongoose/lib/schematype.js:679:9\n at Array.forEach (native)\n at SchemaString.SchemaType.doValidate (/var/www/lets-chat/node_modules/mongoose/lib/schematype.js:656:19)\n at /var/www/lets-chat/node_modules/mongoose/lib/document.js:1035:9\n at process._tickCallback (node.js:419:13)',
message: 'User validation failed',
name: 'ValidationError',
errors:
{ uid:
{ [ValidatorError: invalid ldap/kerberos username]
properties: [Object],
stack: 'Error\n at MongooseError.ValidatorError (/var/www/lets-chat/node_modules/mongoose/lib/error/validator.js:25:16)\n at validate (/var/www/lets-chat/node_modules/mongoose/lib/schematype.js:650:13)\n at /var/www/lets-chat/node_modules/mongoose/lib/schematype.js:679:9\n at Array.forEach (native)\n at SchemaString.SchemaType.doValidate (/var/www/lets-chat/node_modules/mongoose/lib/schematype.js:656:19)\n at /var/www/lets-chat/node_modules/mongoose/lib/document.js:1035:9\n at process._tickCallback (node.js:419:13)',
message: 'invalid ldap/kerberos username',
name: 'ValidatorError',
kind: 'user defined',
path: 'uid',
value: 'ondrej,ondrej.sury,oerdnj' },
username:
{ [ValidatorError: Path `username` is invalid (ondrej,ondrej.sury,oerdnj).]
properties: [Object],
stack: 'Error\n at MongooseError.ValidatorError (/var/www/lets-chat/node_modules/mongoose/lib/error/validator.js:25:16)\n at validate (/var/www/lets-chat/node_modules/mongoose/lib/schematype.js:650:13)\n at /var/www/lets-chat/node_modules/mongoose/lib/schematype.js:679:9\n at Array.forEach (native)\n at SchemaString.SchemaType.doValidate (/var/www/lets-chat/node_modules/mongoose/lib/schematype.js:656:19)\n at /var/www/lets-chat/node_modules/mongoose/lib/document.js:1035:9\n at process._tickCallback (node.js:419:13)',
message: 'Path `username` is invalid (ondrej,ondrej.sury,oerdnj).',
name: 'ValidatorError',
kind: 'regexp',
path: 'username',
value: 'ondrej,ondrej.sury,oerdnj' } } }
The LDAP entry (just uids) looks like this:
# ondrej, People, nic.cz
dn: uid=ondrej,ou=People,dc=nic,dc=cz
uid: ondrej
uid: ondrej.sury
uid: oerdnj
It should try to either:
- use the first uid returned
- use the uid used to login
I think that 2) is better approach, but as a temporary workaround I have adopted ldapEmail approach.
--- lib/auth.js.orig 2015-07-08 11:06:29.085656609 +0200
+++ lib/auth.js 2015-07-08 11:07:30.365378552 +0200
@@ -91,11 +91,15 @@ Ldap.createLdapUser = function(core, opt
var field_mappings = options.field_mappings;
var ldapEmail = ldapEntry[field_mappings.email];
var email = ldapEmail.toString().split(',')[0];
+ var ldapUid = ldapEntry[field_mappings.uid];
+ var uid = ldapUid.toString().split(',')[0];
+ var ldapUsername = ldapEntry[field_mappings.username] ||
+ ldapEntry[field_mappings.uid];
+ var username = ldapUsername.toString().split(',')[0];
var data = {
- uid: ldapEntry[field_mappings.uid],
- username: ldapEntry[field_mappings.username] ||
- ldapEntry[field_mappings.uid],
+ uid: uid,
+ username: username,
email: email,
firstName: ldapEntry[field_mappings.firstName],
lastName: ldapEntry[field_mappings.lastName],
I can confirm that I can login now to Let's Chat.