Defined an error message specifically for NoSuchObjectError. #77
Conversation
|
@vesse Any chance of pulling this? It is not critical but the error message differentiation would help with debugging failed authentication due to mis-configuration. |
|
@bnielsen1965 is bad search base the only way a |
|
I want to say yes, but I am not 100% certain. In ldapauth-fork the _finduser() method is used in authentication and it uses the search base as the DN and the username in the filters. I believe the server will return a NoSuchObjectError only if the DN object does not exist in the database. While the filter will return an empty set if the username does not exist. I am testing against a Microsoft AD server and this seems to be the case. A bad search base returns NoSuchObject while a non-existent user returns a different error. In the ldap.js in-memory server example the search method has the same response, NoSuchObject only if the DN does not exist in the database... server.search... And the OpenLDAP documentation seems to say the same thing... I think that because the search base is the DN in ldapauth-fork and the username is in filters it is probably safe to assume that NoSuchObject will only occur on a bad search base. |
|
@bnielsen1965 OK, I can live with that. Please update the TypeScript def too to include the new authenticate flash message option and I'll merge & release. |
|
@vesse Sorry about that, I completely missed the TypeScript file. It is now updated to include the new noSuchObject error message option. |
Added a distinct error message for the NoSuchObjectError to make it easier to diagnose authentication errors that are not invalid credentials.