Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Call hanging after short timeframe #23

Open
KevinMann13 opened this issue Jun 3, 2015 · 15 comments
Open

Call hanging after short timeframe #23

KevinMann13 opened this issue Jun 3, 2015 · 15 comments

Comments

@KevinMann13
Copy link

When I first launch the node server, the ldap authentication works just fine. After it has been up for a little while, the ldap.authenticate() call starts to hang and then eventually returns a 502. I also can't figure out how to get more information on this, like a log or something.

@jonvuri
Copy link

jonvuri commented Aug 18, 2015

I am also seeing this issue.

@vesse
Copy link
Owner

vesse commented Aug 19, 2015

I'd guess this is because the clients are bound once and reused on subsequent calls, and then the connection becomes stale for some reason. There are not even an error handler attached to the clients, nor any re-connection logic. I did face the same problem once with an AD server but at the time could not investigate it more thoroughly, and due to this passport-ldapauth create a new LdapAuth object on every authentication.

If you either of you is interested in debugging the root cause further it would be highly appreciated. Eg. attach error handlers for emitted events and see if they start logging any errors, or if there are any attributes in the client that could be used to detect hanging connections.

How long does it take for the problems to begin, and how often is the authenticate method called before that happens? I'll also try to see if I can reproduce this with an AD server.

@jonvuri
Copy link

jonvuri commented Aug 19, 2015

@vesse I would be happy to try logging out errors, but I don't immediately see how, in that linked file. It looks like there are already some loggers in action by default? Or do you mean to attach .on("error" handlers to those EventEmitter-prototyped objects?

For now I think I will do the same thing you do in passport-ldapauth and instantiate a new LdapAuth every time. I'll keep a version that reuses an instance for debugging this issue though.

@vesse
Copy link
Owner

vesse commented Aug 19, 2015

@jrajav Cool. Yeah, just what I meant - attach listeners to clients in LdapAuth for the events emitted from that linked file (I didn't quickly find documentation for the events, but there seems to be quite a few emitted).

@jonvuri
Copy link

jonvuri commented Aug 27, 2015

Haven't forgotten! Just trying to find the time.

By the way, great job on this. I just started using the tlsOptions today and it works a charm.

@Sharmapankaj3187
Copy link

@vesse @jrajav @KevinMann13
I am also seeing the same issue. For the first time, authentication goes well but then after a while when i try to access the application again it hangs/does nothing. Even if i change the browser or go in incognito mode, i do get the popup window which asks for credentials, but once i provide the credentials, nothing happens.

Were you guys able to solve the issue? are there any workarounds that you guys can suggest.

(also on a different note, is there a way i can make my application logout the use automatically after say 30 mins of inactivity, if yes then please suggest how).

@Sharmapankaj3187
Copy link

Further to the above issue, i dropped the idea of using this package and implemented LDAP authentication via passport-ldapauth. It worked like a charm :)

@andreysm
Copy link

andreysm commented Nov 5, 2015

Hello,

I have the same problem.
I've tracked it down to this point:

ldapauth-fork/node_modules/ldapjs/lib/client/client.js:1356:
// Initiate reconnect if needed
if (this.reconnect) {
this.connect();
}
return false;

At this point function returns without calling callback.

@andreysm
Copy link

andreysm commented Nov 6, 2015

A colleague of mine adviced me to put
var auth = new LdapAuth(options);
just before the auth.authenticate() call to create a new client for each auth. This way it seems to work well.

cgalibern added a commit to cgalibern/node-ldapauth-fork that referenced this issue Dec 14, 2015
@Kahn
Copy link

Kahn commented Mar 3, 2016

I am running into a similar issue where I am expecting ldapauth-fork to re-establish connections reconnect: true but the LDAP errors suggest the connections that are re-established have not completed an authenticated bind.

You can test this behaviour with by running tcpkill, attempting to login and having tcpkill terminate all traffic via TCP RST, finally ctrl+c tcpkill and try your apps auth again.

sudo tcpkill -i any port 636

Use ss -antp | grep 636 to watch for re-established connections to return after killing them with tcpkill.

@vesse
Copy link
Owner

vesse commented Mar 8, 2016

@Kahn thanks for detailed how-to-reproduce instructions, I'll look into this. I take it from your description that ldapjs does reconnect as expected. Having not yet tried this I believe this could be fixed by assigning event listener on _adminClient for closed connection that clears the _adminBound variable.

@whittssg
Copy link

Any news on this? I think i am experiencing the same issue.. it sames to work fine for a while but then all of a sudden it will start giving me Error: connect ETIMEDOUT. Thanks

@jonvuri
Copy link

jonvuri commented Jun 7, 2016

@whittssg I don't think it's been fixed yet, no, but you can work around it by instantiating ldapauth every time you use it as some of us have mentioned in this thread.

@mikemellor11
Copy link

I'm seeing this issue also, authenticate just seems to hang, i did notice that if i left it hanging for 5+ minutes i eventually saw this error on the server.

{ [ConnectionError: 2995__ldap:/********closed] 0|coup | lde_message: '2995__ldap://******** closed', 0|coup | lde_dn: null }

After this i tried to login again and it was working fine.

@asage-me
Copy link

asage-me commented Aug 7, 2017

I am seeing connection resets as well. If I'm using ldap I will get a reset every 3 minutes, but if I'm using ldaps it's every 15 minutes. I'm using Server 2012 R2 as the domain controller. Either way, I put in my code to just time out the connection every 30 seconds, close the connection, then recreate the next time it's needed. Here is my project https://github.com/atsage/node-red-contrib-nr-ldapauth

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

9 participants