node-ldapjs: The search fails if the DN string of base contains non-ascii characters.
I am trying to use ldapjs to retrieve a username (cn) and employee number (employeeID) from an Active Directory server running in my organization.
My organization’s Active Directory uses non-ascii characters (Japanese) for the cn of organizational unit (OU).
When I try to search the ldapjs client API using that OU as the base, I get an error saying “No Such Object”.
So, I used parseDN of the DN API, turned the DN string of the OU (string containing non-ascii characters) into a DN object, and specified the toString() function of the DN object, but it still gave the same error, “No Such Object”.
How can I perform a search based on a DN that contains non-ascii characters?
When I specified a DN that does not contain non-ASCII characters as the base, the search was successful. And the non-ASCII character part of the OU DN string included in the result was encoded and matched the result of toString() of the DN object.
The code that caused the search to fail is shown below.
const ldap = require('ldapjs');
const parseDN = ldap.parseDN;
const username = process.env.USERNAME
const password = process.env.PASSWORD
const client = ldap.createClient({ url: 'ldap://example.com' });
client.bind(username, password, (err) => {
if (err) {
console.error(err);
return;
}
}
const opts = {
filter: '(&(objectCategory=person)(objectClass=user))',
scope: 'sub',
paged: true,
sizeLimit: 100,
attributes: ['cn', 'employeeID']
};
const baseDN = parseDN('ou=<non-ascii string>,dc=example,dc=com');
client.search(baseDN.toString(), opts, (err, res) => {
if (err) {
console.error(err);
}
res.on('searchEntry', (entry) => {
console.log(entry.pojo);
});
res.on('error', (err) => {
console.error(err);
});
res.on('end', () => {
client.unbind();
});
});
With this code, if the argument of parseDN is ‘dc=example,dc=com’ (if it does not contain a non-ascii string), the search will succeed.
Note that changing the first argument of search to “baseDN” instead of “baseDN.toString()” resulted in the error “base must be a DN string or DN instance”.
About this issue
- Original URL
- State: closed
- Created a year ago
- Reactions: 1
- Comments: 26 (14 by maintainers)
Commits related to this issue
- Add test for issue 860 This PR adds a new integration test for issue #860. — committed to ldapjs/node-ldapjs by jsumners a year ago
- Add test for issue 860 This PR adds a new integration test for issue #860. — committed to ldapjs/node-ldapjs by jsumners a year ago
- Add test for issue 860 This PR adds a new integration test for issue #860. — committed to ldapjs/node-ldapjs by jsumners a year ago
- Add failing test for issue #860 — committed to ldapjs/node-ldapjs by jsumners 10 months ago
- Resolve issue #860 — committed to ldapjs/node-ldapjs by jsumners 10 months ago
- Resolve issue #860 — committed to ldapjs/node-ldapjs by jsumners 10 months ago
Thank you for providing a reproduction showing the full search options used. A failing test has been added in #938.
This issue should be resolved in https://github.com/ldapjs/node-ldapjs/releases/tag/v3.0.5. Please open a new issue if this is not the case.
If this fix has helped you out, please consider contributing to my GitHub sponsorship.
The issue is https://github.com/ldapjs/filter/issues/6.
I appreciate the failing case as well since I was unable to generate one with the test server but could with production servers. Thanks @jimmyengman
As #936 was a duplicate of this issue I write my question here instead.
If I start an OpenLDAP docker container as suggested in https://github.com/ldapjs/docker-test-openldap and then connect to it with ldap.createClient (http://ldapjs.org/client.html) I can search with filter sn=Conrad and get a searchEntry for Hermes Conrad printed but when I search for sn=Rodríguez no entry is found.
It seems to work to have non ascii characters for some attributes (a group objects member attribute and objects entryDN attribute) but for all the rest I have tested it does not work. It is a problem because the swedish letter å,ä,ö are in many users and groups names and after upgrading to ldapjs v.3 we can no longer get a search result for them.
I really apologize for that mistake. I have closed the issue. I got the tests running in your repo.
I have a test written that (I believe) simulates my issue here, and the test is passing in the repo. I am searching for the group ‘ship_crew’ and then subsequently searching for each member via the DN that is returned in the member array. That group has a member (Bender Bending Rodríguez) that should simulate the issue we are seeing perfectly. I am not sure why our search is failing now, but I am going back there to see if I can find the issue in our code.
I believe I may be seeing the same issue here when trying to migrate our code to 3.x.
I have a DN that I retrieve from a group (in the member attribute). I need to then search for that DN to get the details.
For example, the DN returned in the member attribute is: “CN=Céline Jones,OU=Users,OU=France,DC=emea,DC=FOO,DC=com”
In v2.x, I could use that in a search as the “base” (scope: “base”) and I could find the user. In 3.0, that fails with “No Such Object”.
I tried creating a DN object (via parseDN(“CN=Céline Jones,OU=Users,OU=France,DC=emea,DC=FOO,DC=com”) and then using the “toString()” version of that in a search. That also fails.
In that case, the results of the DN.toString() are: “CN=C\c3\a9line Jones,OU=Users,OU=France,DC=emea,DC=FOO,DC=com” which looks correct.
As it stands, I cannot find a successful way to search for a DN with non-ASCII characters. I will research the document linked above more carefully, but these searches were working in v2.x.
I do not have access to the server at this time. So, I executed the following code. The string specified after “ou=” will be the same as the actual string.