Call hanging after short timeframe

[KevinMann13]

When I first launch the node server, the ldap authentication works just fine. After it has been up for a little while, the ldap.authenticate() call starts to hang and then eventually returns a 502. I also can't figure out how to get more information on this, like a log or something.

[jonvuri]

I am also seeing this issue.

[vesse]

I'd guess this is because the clients are bound once and reused on subsequent calls, and then the connection becomes stale for some reason. There are not even an error handler attached to the clients, nor any re-connection logic. I did face the same problem once with an AD server but at the time could not investigate it more thoroughly, and due to this passport-ldapauth create a new LdapAuth object on every authentication.

If you either of you is interested in debugging the root cause further it would be highly appreciated. Eg. attach error handlers for emitted events and see if they start logging any errors, or if there are any attributes in the client that could be used to detect hanging connections.

How long does it take for the problems to begin, and how often is the authenticate method called before that happens? I'll also try to see if I can reproduce this with an AD server.

[jonvuri]

@vesse I would be happy to try logging out errors, but I don't immediately see how, in that linked file. It looks like there are already some loggers in action by default? Or do you mean to attach .on("error" handlers to those EventEmitter-prototyped objects?

For now I think I will do the same thing you do in passport-ldapauth and instantiate a new LdapAuth every time. I'll keep a version that reuses an instance for debugging this issue though.

[vesse]

@jrajav Cool. Yeah, just what I meant - attach listeners to clients in LdapAuth for the events emitted from that linked file (I didn't quickly find documentation for the events, but there seems to be quite a few emitted).

[jonvuri]

Haven't forgotten! Just trying to find the time.

By the way, great job on this. I just started using the tlsOptions today and it works a charm.

[Sharmapankaj3187]

@vesse @jrajav @KevinMann13
I am also seeing the same issue. For the first time, authentication goes well but then after a while when i try to access the application again it hangs/does nothing. Even if i change the browser or go in incognito mode, i do get the popup window which asks for credentials, but once i provide the credentials, nothing happens.

Were you guys able to solve the issue? are there any workarounds that you guys can suggest.

(also on a different note, is there a way i can make my application logout the use automatically after say 30 mins of inactivity, if yes then please suggest how).

[Sharmapankaj3187]

Further to the above issue, i dropped the idea of using this package and implemented LDAP authentication via passport-ldapauth. It worked like a charm :)

[andreysm]

Hello,

I have the same problem.
I've tracked it down to this point:

ldapauth-fork/node_modules/ldapjs/lib/client/client.js:1356:
// Initiate reconnect if needed
if (this.reconnect) {
this.connect();
}
return false;

At this point function returns without calling callback.

[andreysm]

A colleague of mine adviced me to put
var auth = new LdapAuth(options);
just before the auth.authenticate() call to create a new client for each auth. This way it seems to work well.

[Kahn]

I am running into a similar issue where I am expecting ldapauth-fork to re-establish connections reconnect: true but the LDAP errors suggest the connections that are re-established have not completed an authenticated bind.

You can test this behaviour with by running tcpkill, attempting to login and having tcpkill terminate all traffic via TCP RST, finally ctrl+c tcpkill and try your apps auth again.

sudo tcpkill -i any port 636

Use ss -antp | grep 636 to watch for re-established connections to return after killing them with tcpkill.

[vesse]

@Kahn thanks for detailed how-to-reproduce instructions, I'll look into this. I take it from your description that ldapjs does reconnect as expected. Having not yet tried this I believe this could be fixed by assigning event listener on _adminClient for closed connection that clears the _adminBound variable.

[whittssg]

Any news on this? I think i am experiencing the same issue.. it sames to work fine for a while but then all of a sudden it will start giving me Error: connect ETIMEDOUT. Thanks

[jonvuri]

@whittssg I don't think it's been fixed yet, no, but you can work around it by instantiating ldapauth every time you use it as some of us have mentioned in this thread.

[mikemellor11]

I'm seeing this issue also, authenticate just seems to hang, i did notice that if i left it hanging for 5+ minutes i eventually saw this error on the server.

{ [ConnectionError: 2995__ldap:/********closed] 0|coup | lde_message: '2995__ldap://******** closed', 0|coup | lde_dn: null }

After this i tried to login again and it was working fine.

[asage-me]

I am seeing connection resets as well. If I'm using ldap I will get a reset every 3 minutes, but if I'm using ldaps it's every 15 minutes. I'm using Server 2012 R2 as the domain controller. Either way, I put in my code to just time out the connection every 30 seconds, close the connection, then recreate the next time it's needed. Here is my project https://github.com/atsage/node-red-contrib-nr-ldapauth