Skip to content

Commit fa94b34

Browse files
YuJin44YuJin44
committed
fix starttls bug
#65
1 parent 9738736 commit fa94b34

File tree

1 file changed

+33
-15
lines changed

1 file changed

+33
-15
lines changed

lib/ldapauth.js

+33-15
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,7 @@ function LdapAuth(opts) {
8787
this.opts.bindProperty || (this.opts.bindProperty = 'dn');
8888
this.opts.groupSearchScope || (this.opts.groupSearchScope = 'sub');
8989
this.opts.groupDnProperty || (this.opts.groupDnProperty = 'dn');
90+
this.opts.tlsStarted = false;
9091

9192
EventEmitter.call(this);
9293

@@ -126,21 +127,7 @@ function LdapAuth(opts) {
126127
this._userClient.on('error', this._handleError.bind(this));
127128

128129
var self = this;
129-
if (this.opts.starttls) {
130-
// When starttls is enabled, this callback supplants the 'connect' callback
131-
this._adminClient.starttls(this.opts.tlsOptions, this._adminClient.controls, function (err) {
132-
if (err) {
133-
self._handleError(err);
134-
} else {
135-
self._onConnectAdmin();
136-
}
137-
});
138-
this._userClient.starttls(this.opts.tlsOptions, this._userClient.controls, function (err) {
139-
if (err) {
140-
self._handleError(err);
141-
}
142-
});
143-
} else if (opts.reconnect) {
130+
if (opts.reconnect && !this.opts.starttls) {
144131
this.once('_installReconnectListener', function () {
145132
self.log && self.log.trace('install reconnect listener');
146133
self._adminClient.on('connect', function () {
@@ -401,6 +388,37 @@ LdapAuth.prototype._findGroups = function (user, callback) {
401388
*/
402389
LdapAuth.prototype.authenticate = function (username, password, callback) {
403390
var self = this;
391+
if (this.opts.starttls && !this.opts.tlsStarted) {
392+
// When starttls is enabled, this callback supplants the 'connect' callback
393+
this._adminClient.starttls(this.opts.tlsOptions, this._adminClient.controls, function (err) {
394+
if (err) {
395+
self._handleError(err);
396+
} else {
397+
self._onConnectAdmin(function(){self._handleAuthenticate(username, password, callback);});
398+
}
399+
});
400+
this._userClient.starttls(this.opts.tlsOptions, this._userClient.controls, function (err) {
401+
if (err) {
402+
self._handleError(err);
403+
}
404+
});
405+
} else {
406+
self._handleAuthenticate(username, password, callback);
407+
}
408+
};
409+
410+
/**
411+
* Authenticate given credentials against LDAP server
412+
*
413+
* @private
414+
* @param {string} username - The username to authenticate
415+
* @param {string} password - The password to verify
416+
* @param {resultCallback} callback - Result handling callback
417+
* @returns {undefined}
418+
*/
419+
LdapAuth.prototype._handleAuthenticate = function (username, password, callback) {
420+
this.opts.tlsStarted = true;
421+
var self = this;
404422

405423
if (typeof password === 'undefined' || password === null || password === '') {
406424
return callback(new Error('no password given'));

0 commit comments

Comments
 (0)