Add decommission note

* updated the modification object in ldap.change

* Adding Change Interface

* Modification reference table

.github/workflows/integration.yml

@@ -20,10 +20,12 @@ jobs:
 
     services:
       openldap:
-        image: ghcr.io/ldapjs/docker-test-openldap/openldap:latest
+        image: ghcr.io/ldapjs/docker-test-openldap/openldap:2023-10-30
         ports:
           - 389:389
           - 636:636
+        options: >
+          --health-cmd "ldapsearch -Y EXTERNAL -Q -H ldapi:// -b ou=people,dc=planetexpress,dc=com -LLL '(cn=Turanga Leela)' cn"
 
     steps:
       - uses: actions/checkout@v3

.github/workflows/main.yml

@@ -34,7 +34,7 @@ jobs:
         node:
           - 16
           - 18
-          - 19
+          - 20
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v3

README.md

@@ -1,52 +1,34 @@
-# LDAPjs
+# Project Decomissioned
 
-[![Build Status](https://github.com/ldapjs/node-ldapjs/workflows/Lint%20And%20Test/badge.svg)](https://github.com/ldapjs/node-ldapjs/actions)
+This project has been decomissioned. I, James Sumners, took it on when it was
-[![Coverage Status](https://coveralls.io/repos/github/ldapjs/node-ldapjs/badge.svg)](https://coveralls.io/github/ldapjs/node-ldapjs/)
+languishing without any maintenance as it filled a need in the ecosystem and
+I had built things at a prior organization that depended upon this project.
+I spent a lot of time triaging issues and reworking things toward a path
+that could be more easily maintained by a community of volunteers. But I have
+not had the time to dedicate to this project in quite a while. There are
+outstanding issues that would take me at least a week of dedicated development
+time to solve, and I cannot afford to take time off of work to do that.
+Particularly considering that the aforementioned organization was two
+jobs ago, and it is extremely unlikely that I will transition to a role again
+that will need this project.
 
-LDAPjs makes the LDAP protocol a first class citizen in Node.js.
+So, why am I just now deciding to decomission this project? Because today,
+2024-05-14, I received the following email:
 
-## Usage
+![Abusive email](dt.png)
 
-For full docs, head on over to <http://ldapjs.org>.
+I will not tolerate abuse, and I especially will not tolerate tacit death
+threats, over a hobby. You can thank the author of that email for the
+decomissioning on this project.
 
-```javascript
+My recommendation to you in regard to LDAP operations: write a gateway in a
-var ldap = require('ldapjs');
+language that is more suited to these types of operations. I'd suggest
+[Go](https://go.dev).
 
-var server = ldap.createServer();
+👋
 
-server.search('dc=example', function(req, res, next) {
+P.S.: if I ever do need this project again, I might revive it. But I'd fight
-  var obj = {
+hard for my suggestion above. Also, I will consider turning it over to an
-    dn: req.dn.toString(),
+interested party, but I will require at least one recommendation from a
-    attributes: {
+Node.js core contributor that I can vet with the people that I know on that
-      objectclass: ['organization', 'top'],
+team.
-      o: 'example'
-    }
-  };
-
-  if (req.filter.matches(obj.attributes))
-  res.send(obj);
-
-  res.end();
-});
-
-server.listen(1389, function() {
-  console.log('ldapjs listening at ' + server.url);
-});
-```
-
-To run that, assuming you've got the [OpenLDAP](http://www.openldap.org/)
-client on your system:
-
-    ldapsearch -H ldap://localhost:1389 -x -b dc=example objectclass=*
-
-## Installation
-
-    npm install ldapjs
-
-## License
-
-MIT.
-
-## Bugs
-
-See <https://github.com/ldapjs/node-ldapjs/issues>.

docker-compose.yml

@@ -1,8 +1,10 @@
-version: '3'
-
 services:
   openldap:
-    image: ghcr.io/ldapjs/docker-test-openldap/openldap:latest
+    image: ghcr.io/ldapjs/docker-test-openldap/openldap:2023-10-30
     ports:
       - 389:389
       - 636:636
+    healthcheck:
+      start_period: 3s
+      test: >
+        /usr/bin/ldapsearch -Y EXTERNAL -Q -H ldapi:// -b ou=people,dc=planetexpress,dc=com -LLL '(cn=Turanga Leela)' cn 1>/dev/null

docs/client.md

@@ -213,7 +213,8 @@ Example:
 const change = new ldap.Change({
   operation: 'add',
   modification: {
-    pets: ['cat', 'dog']
+    type: 'pets',
+    values: ['cat', 'dog']
   }
 });
 
@@ -234,7 +235,13 @@ must be one of:
 | add       | Adds the attribute value(s) referenced in `modification`.  The attribute may or may not already exist. |
 | delete    | Deletes the attribute (and all values) referenced in `modification`. |
 
-`modification` is just a plain old JS object with the values you want.
+`modification` is just a plain old JS object with the required type and values you want.
+
+| Operation | Description |
+|-----------|-------------|
+| type      | String that defines the attribute type for the modification. |
+| values    | Defines the values for modification. |
+
 
 # modifyDN
 `modifyDN(dn, newDN, controls, callback)`
@@ -308,7 +315,7 @@ client.search('o=example', opts, (err, res) => {
     console.log('searchRequest: ', searchRequest.messageId);
   });
   res.on('searchEntry', (entry) => {
-    console.log('entry: ' + JSON.stringify(entry.object));
+    console.log('entry: ' + JSON.stringify(entry.pojo));
   });
   res.on('searchReference', (referral) => {
     console.log('referral: ' + referral.uris.join());

lib/client/client.js

@@ -80,7 +80,7 @@ function validateControls (controls) {
 
 function ensureDN (input) {
   if (DN.isDn(input)) {
-    return DN
+    return input
   } else if (typeof (input) === 'string') {
     return DN.fromString(input)
   } else {
@@ -881,7 +881,13 @@ Client.prototype.connect = function connect () {
     // object.
     tracker.parser.on('message', function onMessage (message) {
       message.connection = self._socket
-      const { message: trackedMessage, callback } = tracker.fetch(message.messageId)
+      const trackedObject = tracker.fetch(message.messageId)
+      if (!trackedObject) {
+        log.error({ message: message.pojo }, 'unmatched server message received')
+        return false
+      }
+
+      const { message: trackedMessage, callback } = trackedObject
 
       if (!callback) {
         log.error({ message: message.pojo }, 'unsolicited message')

lib/server.js

@@ -47,15 +47,15 @@ function mergeFunctionArgs (argv, start, end) {
   const handlers = []
 
   for (let i = start; i < end; i++) {
-    if (argv[i] instanceof Array) {
+    if (Array.isArray(argv[i])) {
       const arr = argv[i]
       for (let j = 0; j < arr.length; j++) {
-        if (!(arr[j] instanceof Function)) {
+        if (typeof arr[j] !== 'function') {
           throw new TypeError('Invalid argument type: ' + typeof (arr[j]))
         }
         handlers.push(arr[j])
       }
-    } else if (argv[i] instanceof Function) {
+    } else if (typeof argv[i] === 'function') {
       handlers.push(argv[i])
     } else {
       throw new TypeError('Invalid argument type: ' + typeof (argv[i]))
@@ -854,11 +854,11 @@ Server.prototype._getHandlerChain = function _getHandlerChain (req) {
   }
 
   // Otherwise, match via DN rules
-  assert.ok(req.dn)
   const keys = this._sortedRouteKeys()
   let fallbackHandler = [noSuffixHandler]
   // invalid DNs in non-strict mode are routed to the default handler
   const testDN = (typeof (req.dn) === 'string') ? DN.fromString(req.dn) : req.dn
+  assert.ok(testDN)
 
   for (let i = 0; i < keys.length; i++) {
     const suffix = keys[i]

package.json

@@ -3,7 +3,7 @@
   "name": "ldapjs",
   "homepage": "http://ldapjs.org",
   "description": "LDAP client and server APIs",
-  "version": "3.0.0",
+  "version": "3.0.7",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -11,13 +11,13 @@
   },
   "main": "lib/index.js",
   "dependencies": {
-    "@ldapjs/asn1": "2.0.0",
+    "@ldapjs/asn1": "^2.0.0",
-    "@ldapjs/attribute": "1.0.0",
+    "@ldapjs/attribute": "^1.0.0",
-    "@ldapjs/change": "1.0.0",
+    "@ldapjs/change": "^1.0.0",
-    "@ldapjs/controls": "2.0.0",
+    "@ldapjs/controls": "^2.1.0",
-    "@ldapjs/dn": "1.0.0",
+    "@ldapjs/dn": "^1.1.0",
-    "@ldapjs/filter": "2.0.0",
+    "@ldapjs/filter": "^2.1.1",
-    "@ldapjs/messages": "1.0.0",
+    "@ldapjs/messages": "^1.3.0",
     "@ldapjs/protocol": "^1.2.1",
     "abstract-logging": "^2.0.1",
     "assert-plus": "^1.0.0",
@@ -28,17 +28,17 @@
   },
   "devDependencies": {
     "@fastify/pre-commit": "^2.0.2",
-    "eslint": "8.34.0",
+    "eslint": "^8.44.0",
     "eslint-config-standard": "^17.0.0",
     "eslint-plugin-import": "^2.27.5",
-    "eslint-plugin-n": "^15.6.1",
+    "eslint-plugin-n": "^16.0.0",
     "eslint-plugin-node": "^11.1.0",
     "eslint-plugin-promise": "6.1.1",
     "front-matter": "^4.0.2",
     "get-port": "^5.1.1",
     "highlight.js": "^11.7.0",
     "marked": "^4.2.12",
-    "tap": "16.3.4"
+    "tap": "^16.3.7"
   },
   "scripts": {
     "test": "tap --no-cov -R terse",
@@ -47,7 +47,7 @@
     "test:cov:html": "tap --coverage-report=html -R terse",
     "test:watch": "tap -n -w --no-coverage-report -R terse",
     "test:integration": "tap --no-cov -R terse 'test-integration/**/*.test.js'",
-    "test:integration:local": "docker-compose up -d && npm run test:integration && docker-compose down",
+    "test:integration:local": "docker-compose up -d --wait && npm run test:integration ; docker-compose down",
     "lint": "eslint . --fix",
     "lint:ci": "eslint .",
     "docs": "node scripts/build-docs.js"

test-integration/client/issue-860.test.js

@@ -0,0 +1,95 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+const parseDN = ldapjs.parseDN
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+tap.before(() => {
+  return new Promise((resolve, reject) => {
+    client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+      if (err) {
+        return reject(err)
+      }
+      resolve()
+    })
+  })
+})
+
+tap.teardown(() => {
+  client.unbind()
+})
+
+tap.test('can search OUs with Japanese characters', t => {
+  t.plan(2)
+
+  const opts = {
+    filter: '(&(objectClass=person))',
+    scope: 'sub',
+    paged: true,
+    sizeLimit: 100,
+    attributes: ['cn', 'employeeID']
+  }
+
+  const baseDN = parseDN('ou=テスト,dc=planetexpress,dc=com')
+
+  client.search(baseDN.toString(), opts, (err, res) => {
+    t.error(err, 'search error')
+    res.on('searchEntry', (entry) => {
+      t.match(entry.pojo, {
+        type: 'SearchResultEntry',
+        objectName: 'cn=jdoe,ou=\\e3\\83\\86\\e3\\82\\b9\\e3\\83\\88,dc=planetexpress,dc=com',
+        attributes: [{
+          type: 'cn',
+          values: ['John', 'jdoe']
+        }]
+      })
+    })
+    res.on('error', (err) => {
+      t.error(err, 'search entry error')
+    })
+    res.on('end', () => {
+      t.end()
+    })
+  })
+})
+
+tap.test('can search with non-ascii chars in filter', t => {
+  t.plan(3)
+
+  const opts = {
+    filter: '(&(sn=Rodríguez))',
+    scope: 'sub',
+    attributes: ['dn', 'sn', 'cn'],
+    type: 'user'
+  }
+
+  let searchEntryCount = 0
+  client.search('dc=planetexpress,dc=com', opts, (err, res) => {
+    t.error(err, 'search error')
+    res.on('searchEntry', (entry) => {
+      searchEntryCount += 1
+      t.match(entry.pojo, {
+        type: 'SearchResultEntry',
+        objectName: 'cn=Bender Bending Rodr\\c3\\adguez,ou=people,dc=planetexpress,dc=com',
+        attributes: [{
+          type: 'cn',
+          values: ['Bender Bending Rodríguez']
+        }]
+      })
+    })
+    res.on('error', (err) => {
+      t.error(err, 'search entry error')
+    })
+    res.on('end', () => {
+      t.equal(searchEntryCount, 1, 'should have found 1 entry')
+      t.end()
+    })
+  })
+})

test-integration/client/issue-883.test.js

@@ -0,0 +1,56 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+tap.test('adds entries with Korean characters', t => {
+  t.plan(4)
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+    t.error(err, 'bind error')
+  })
+
+  const nm = '홍길동'
+  const dn = `cn=${nm},ou=people,dc=planetexpress,dc=com`
+  const entry = {
+    objectclass: 'person',
+    sn: 'korean test'
+  }
+
+  client.add(dn, entry, err => {
+    t.error(err, 'add entry error')
+
+    const searchOpts = {
+      filter: '(sn=korean test)',
+      scope: 'subtree',
+      attributes: ['cn', 'sn'],
+      sizeLimit: 10,
+      timeLimit: 0
+    }
+    client.search('ou=people,dc=planetexpress,dc=com', searchOpts, (err, res) => {
+      t.error(err, 'search error')
+
+      res.on('searchEntry', (entry) => {
+        t.equal(
+          entry.attributes.filter(a => a.type === 'cn').pop().values.pop(),
+          nm
+        )
+      })
+
+      res.on('error', (err) => {
+        t.error(err, 'search entry error')
+      })
+
+      res.on('end', () => {
+        client.unbind(t.end)
+      })
+    })
+  })
+})

test-integration/client/issue-885.test.js

@@ -0,0 +1,55 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+const parseDN = ldapjs.parseDN
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+const searchOpts = {
+  filter: '(&(objectClass=person))',
+  scope: 'sub',
+  paged: true,
+  sizeLimit: 0,
+  attributes: ['cn', 'employeeID']
+}
+
+const baseDN = parseDN('ou=large_ou,dc=planetexpress,dc=com')
+
+tap.test('paged search option returns pages', t => {
+  t.plan(4)
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+    t.error(err, 'bind error')
+  })
+
+  client.search(baseDN.toString(), searchOpts, (err, res) => {
+    t.error(err, 'search error')
+
+    let pages = 0
+    const results = []
+    res.on('searchEntry', (entry) => {
+      results.push(entry)
+    })
+
+    res.on('page', () => {
+      pages += 1
+    })
+
+    res.on('error', (err) => {
+      t.error(err, 'search entry error')
+    })
+
+    res.on('end', () => {
+      t.equal(results.length, 2000)
+      t.equal(pages, 20)
+
+      client.unbind(t.end)
+    })
+  })
+})

test-integration/client/issue-923.test.js

@@ -0,0 +1,91 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+const { DN } = require('@ldapjs/dn')
+const Change = require('@ldapjs/change')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+tap.teardown(() => {
+  client.unbind()
+})
+
+tap.test('modifies entry specified by dn string', t => {
+  t.plan(4)
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+    t.error(err, 'bind error')
+  })
+
+  const dn = 'cn=large10,ou=large_ou,dc=planetexpress,dc=com'
+  const change = new Change({
+    operation: 'replace',
+    modification: {
+      type: 'givenName',
+      values: ['test']
+    }
+  })
+
+  client.modify(dn, change, (err) => {
+    t.error(err, 'modify error')
+    validateChange({ t, expected: 'test', client })
+  })
+})
+
+tap.test('modifies entry specified by dn object', t => {
+  t.plan(4)
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+    t.error(err, 'bind error')
+  })
+
+  const dn = DN.fromString('cn=large10,ou=large_ou,dc=planetexpress,dc=com')
+  const change = new Change({
+    operation: 'replace',
+    modification: {
+      type: 'givenName',
+      values: ['test2']
+    }
+  })
+
+  client.modify(dn, change, (err) => {
+    t.error(err, 'modify error')
+    validateChange({ t, expected: 'test2', client })
+  })
+})
+
+function validateChange ({ t, expected, client }) {
+  const searchBase = 'ou=large_ou,dc=planetexpress,dc=com'
+  const searchOpts = {
+    filter: '(cn=large10)',
+    scope: 'subtree',
+    attributes: ['givenName'],
+    sizeLimit: 10,
+    timeLimit: 0
+  }
+
+  client.search(searchBase, searchOpts, (err, res) => {
+    t.error(err, 'search error')
+
+    res.on('searchEntry', entry => {
+      t.equal(
+        entry.attributes.filter(a => a.type === 'givenName').pop().values.pop(),
+        expected
+      )
+    })
+
+    res.on('error', err => {
+      t.error(err, 'search entry error')
+    })
+
+    res.on('end', () => {
+      t.end()
+    })
+  })
+}

test-integration/client/issue-940.test.js

@@ -0,0 +1,81 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+const Change = require('@ldapjs/change')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+tap.before(() => {
+  return new Promise((resolve, reject) => {
+    client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+      if (err) {
+        return reject(err)
+      }
+      resolve()
+    })
+  })
+})
+
+tap.teardown(() => {
+  client.unbind()
+})
+
+tap.test('can modify entries with non-ascii chars in RDN', t => {
+  t.plan(6)
+
+  const dn = 'cn=Mendonça,ou=people,dc=planetexpress,dc=com'
+  const entry = {
+    objectclass: 'person',
+    sn: 'change me'
+  }
+
+  client.add(dn, entry, error => {
+    t.error(error, 'add should not error')
+    doSearch('change me', doModify)
+  })
+
+  function doModify () {
+    const change = new Change({
+      operation: 'replace',
+      modification: {
+        type: 'sn',
+        values: ['changed']
+      }
+    })
+
+    client.modify(dn, change, (error) => {
+      t.error(error, 'modify should not error')
+      doSearch('changed', t.end.bind(t))
+    })
+  }
+
+  function doSearch (expected, callback) {
+    const searchOpts = {
+      filter: '(&(objectclass=person)(cn=Mendonça))',
+      scope: 'subtree',
+      attributes: ['sn']
+    }
+    client.search('ou=people,dc=planetexpress,dc=com', searchOpts, (error, res) => {
+      t.error(error, 'search should not error')
+
+      res.on('searchEntry', entry => {
+        const found = entry.attributes.filter(a => a.type === 'sn').pop().values.pop()
+        t.equal(found, expected, `expected '${expected}' and got '${found}'`)
+      })
+
+      res.on('error', error => {
+        t.error(error, 'search result processing should not error')
+      })
+
+      res.on('end', () => {
+        callback()
+      })
+    })
+  }
+})

test-integration/client/issue-946.test.js

@@ -0,0 +1,87 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+tap.test('can use password policy response', t => {
+  const client = ldapjs.createClient({ url: baseURL })
+  const targetDN = 'cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com'
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err, res) => {
+    t.error(err)
+    t.ok(res)
+    t.equal(res.status, 0)
+
+    const newPassword = 'bender2'
+    changePassword(client, newPassword, () => {
+      client.unbind()
+      bindNewClient(newPassword, { error: 2 }, (client) => {
+        const newPassword = 'bender'
+        changePassword(client, newPassword, () => {
+          client.unbind()
+          bindNewClient(newPassword, { timeBeforeExpiration: 1000 }, (client) => {
+            client.unbind(t.end)
+          })
+        })
+      })
+    })
+  })
+
+  function bindNewClient (pwd, expected, callback) {
+    const client = ldapjs.createClient({ url: baseURL })
+    const control = new ldapjs.PasswordPolicyControl()
+
+    client.bind(targetDN, pwd, control, (err, res) => {
+      t.error(err)
+      t.ok(res)
+      t.equal(res.status, 0)
+
+      let error = null
+      let timeBeforeExpiration = null
+      let graceAuthNsRemaining = null
+
+      res.controls.forEach(control => {
+        if (control.type === ldapjs.PasswordPolicyControl.OID) {
+          error = control.value.error ?? error
+          timeBeforeExpiration = control.value.timeBeforeExpiration ?? timeBeforeExpiration
+          graceAuthNsRemaining = control.value.graceAuthNsRemaining ?? graceAuthNsRemaining
+        }
+      })
+
+      if (expected.error !== undefined) {
+        t.equal(error, expected.error)
+      }
+      if (expected.timeBeforeExpiration !== undefined) {
+        t.equal(timeBeforeExpiration, expected.timeBeforeExpiration)
+      }
+      if (expected.graceAuthNsRemaining !== undefined) {
+        t.equal(graceAuthNsRemaining, expected.graceAuthNsRemaining)
+      }
+
+      callback(client)
+    })
+  }
+
+  function changePassword (client, newPwd, callback) {
+    const change = new ldapjs.Change({
+      operation: 'replace',
+      modification: new ldapjs.Attribute({
+        type: 'userPassword',
+        values: newPwd
+      })
+    })
+
+    client.modify(targetDN, change, (err, res) => {
+      t.error(err)
+      t.ok(res)
+      t.equal(res.status, 0)
+
+      callback()
+    })
+  }
+})

test-integration/client/issues.test.js

@@ -10,7 +10,14 @@ const PORT = process.env.PORT || 389
 const baseURL = `${SCHEME}://${HOST}:${PORT}`
 
 tap.test('modifyDN with long name (issue #480)', t => {
-  const longStr = 'a292979f2c86d513d48bbb9786b564b3c5228146e5ba46f404724e322544a7304a2b1049168803a5485e2d57a544c6a0d860af91330acb77e5907a9e601ad1227e80e0dc50abe963b47a004f2c90f570450d0e920d15436fdc771e3bdac0487a9735473ed3a79361d1778d7e53a7fb0e5f01f97a75ef05837d1d5496fc86968ff47fcb64'
+  // 2023-08-15: disabling this 265 character string until a bug can be
+  // fixed in OpenLDAP. See https://github.com/ldapjs/docker-test-openldap/blob/d48bc2fb001b4ed9a152715ced4a2cb120439ec4/bootstrap/slapd-init.sh#L19-L31.
+  // const longStr = 'a292979f2c86d513d48bbb9786b564b3c5228146e5ba46f404724e322544a7304a2b1049168803a5485e2d57a544c6a0d860af91330acb77e5907a9e601ad1227e80e0dc50abe963b47a004f2c90f570450d0e920d15436fdc771e3bdac0487a9735473ed3a79361d1778d7e53a7fb0e5f01f97a75ef05837d1d5496fc86968ff47fcb64'
+
+  // 2023-08-15: this 140 character string satisfies the original issue
+  // (https://github.com/ldapjs/node-ldapjs/issues/480) and avoids a bug
+  // in OpenLDAP 2.5.
+  const longStr = '292979f2c86d513d48bbb9786b564b3c5228146e5ba46f404724e322544a7304a2b1049168803a5485e2d57a544c6a0d860af91330acb77e5907a9e601ad1227e80e0dc50ab'
   const targetDN = 'cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'
   const client = ldapjs.createClient({ url: baseURL })
   client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', bindHandler)
@@ -80,9 +87,9 @@ tap.test('can access large groups (issue #582)', t => {
 
         const memberAttr = results[0].attributes.find(a => a.type === 'member')
         t.ok(memberAttr)
-        t.ok(memberAttr.vals)
+        t.ok(memberAttr.values)
-        t.type(memberAttr.vals, Array)
+        t.type(memberAttr.values, Array)
-        t.equal(memberAttr.vals.length, 2000)
+        t.equal(memberAttr.values.length, 2000)
 
         client.unbind(t.end)
       })

test/client.test.js

@@ -10,6 +10,7 @@ const Attribute = require('@ldapjs/attribute')
 const Change = require('@ldapjs/change')
 const messages = require('@ldapjs/messages')
 const controls = require('@ldapjs/controls')
+const dn = require('@ldapjs/dn')
 const ldap = require('../lib')
 
 const {
@@ -761,6 +762,36 @@ tap.test('search basic', function (t) {
   })
 })
 
+tap.test('search basic with DN', function (t) {
+  const { SearchResultEntry, SearchResultDone } = messages
+
+  t.context.client.search(dn.DN.fromString('cn=test, ' + SUFFIX, '(objectclass=*)'), function (err, res) {
+    t.error(err)
+    t.ok(res)
+    let gotEntry = 0
+    res.on('searchEntry', function (entry) {
+      t.ok(entry)
+      t.ok(entry instanceof SearchResultEntry)
+      t.equal(entry.dn.toString(), 'cn=test,' + SUFFIX)
+      t.ok(entry.attributes)
+      t.ok(entry.attributes.length)
+      t.equal(entry.attributes[0].type, 'cn')
+      t.equal(entry.attributes[1].type, 'SN')
+      gotEntry++
+    })
+    res.on('error', function (err) {
+      t.fail(err)
+    })
+    res.on('end', function (res) {
+      t.ok(res)
+      t.ok(res instanceof SearchResultDone)
+      t.equal(res.status, 0)
+      t.equal(gotEntry, 2)
+      t.end()
+    })
+  })
+})
+
 tap.test('GH-602 search basic with delayed event listener binding', function (t) {
   t.context.client.search('cn=test, ' + SUFFIX, '(objectclass=*)', function (err, res) {
     t.error(err)

test/issue-845.test.js

@@ -0,0 +1,116 @@
+'use strict'
+
+const tap = require('tap')
+const { SearchResultEntry, SearchRequest } = require('@ldapjs/messages')
+const ldapjs = require('../')
+
+const server = ldapjs.createServer()
+
+const SUFFIX = ''
+const directory = {
+  'dc=example,dc=com': {
+    objectclass: 'example',
+    dc: 'example',
+    cn: 'example'
+  }
+}
+
+server.bind(SUFFIX, (req, res, done) => {
+  res.end()
+  return done()
+})
+
+server.search(SUFFIX, (req, res, done) => {
+  const dn = req.dn.toString().toLowerCase()
+
+  if (Object.hasOwn(directory, dn) === false) {
+    return done(Error('not in directory'))
+  }
+
+  switch (req.scope) {
+    case SearchRequest.SCOPE_BASE:
+    case SearchRequest.SCOPE_SUBTREE: {
+      res.send(new SearchResultEntry({ objectName: `dc=${req.scopeName}` }))
+      break
+    }
+  }
+
+  res.end()
+  done()
+})
+
+tap.beforeEach(t => {
+  return new Promise((resolve, reject) => {
+    server.listen(0, '127.0.0.1', (err) => {
+      if (err) return reject(err)
+      t.context.url = server.url
+
+      t.context.client = ldapjs.createClient({ url: [server.url] })
+      t.context.searchOpts = {
+        filter: '(&(objectClass=*))',
+        scope: 'sub',
+        attributes: ['dn', 'cn']
+      }
+
+      resolve()
+    })
+  })
+})
+
+tap.afterEach(t => {
+  return new Promise((resolve, reject) => {
+    t.context.client.destroy()
+    server.close((err) => {
+      if (err) return reject(err)
+      resolve()
+    })
+  })
+})
+
+tap.test('rejects if search not in directory', t => {
+  const { client, searchOpts } = t.context
+
+  client.search('dc=nope', searchOpts, (err, res) => {
+    t.error(err)
+    res.on('error', err => {
+      // TODO: plain error messages should not be lost
+      // This should be fixed in a revamp of the server code.
+      // ~ jsumners 2023-03-08
+      t.equal(err.lde_message, 'Operations Error')
+      t.end()
+    })
+  })
+})
+
+tap.test('base scope matches', t => {
+  const { client, searchOpts } = t.context
+  searchOpts.scope = 'base'
+
+  client.search('dc=example,dc=com', searchOpts, (err, res) => {
+    t.error(err)
+    res.on('error', (err) => {
+      t.error(err)
+      t.end()
+    })
+    res.on('searchEntry', entry => {
+      t.equal(entry.objectName.toString(), 'dc=base')
+      t.end()
+    })
+  })
+})
+
+tap.test('sub scope matches', t => {
+  const { client, searchOpts } = t.context
+
+  client.search('dc=example,dc=com', searchOpts, (err, res) => {
+    t.error(err)
+    res.on('error', (err) => {
+      t.error(err)
+      t.end()
+    })
+    res.on('searchEntry', entry => {
+      t.equal(entry.objectName.toString(), 'dc=subtree')
+      t.end()
+    })
+  })
+})

test/issue-890.test.js

@@ -0,0 +1,103 @@
+'use strict'
+
+// This test is complicated. It must simulate a server sending an unsolicited,
+// or a mismatched, message in order to force the client's internal message
+// tracker to try and find a corresponding sent message that does not exist.
+// In order to do that, we need to set a high test timeout and wait for the
+// error message to be logged.
+
+const tap = require('tap')
+const ldapjs = require('../')
+const { SearchResultEntry } = require('@ldapjs/messages')
+const server = ldapjs.createServer()
+const SUFFIX = ''
+
+tap.timeout = 10000
+
+server.bind(SUFFIX, (res, done) => {
+  res.end()
+  return done()
+})
+
+server.search(SUFFIX, (req, res, done) => {
+  const result = new SearchResultEntry({
+    objectName: `dc=${req.scopeName}`
+  })
+
+  // Respond to the search request with a matched response.
+  res.send(result)
+  res.end()
+
+  // After a short delay, send ANOTHER response to the client that will not
+  // be matched by the client's internal tracker.
+  setTimeout(
+    () => {
+      res.send(result)
+      res.end()
+      done()
+    },
+    100
+  )
+})
+
+tap.beforeEach(t => {
+  return new Promise((resolve, reject) => {
+    server.listen(0, '127.0.0.1', (err) => {
+      if (err) return reject(err)
+
+      t.context.logMessages = []
+      t.context.logger = {
+        child () { return this },
+        debug () {},
+        error (...args) {
+          t.context.logMessages.push(args)
+        },
+        trace () {}
+      }
+
+      t.context.url = server.url
+      t.context.client = ldapjs.createClient({
+        url: [server.url],
+        timeout: 5,
+        log: t.context.logger
+      })
+
+      resolve()
+    })
+  })
+})
+
+tap.afterEach(t => {
+  return new Promise((resolve, reject) => {
+    t.context.client.destroy()
+    server.close((err) => {
+      if (err) return reject(err)
+      resolve()
+    })
+  })
+})
+
+tap.test('handle null messages', t => {
+  const { client, logMessages } = t.context
+
+  // There's no way to get an error from the client when it has received an
+  // unmatched response from the server. So we need to poll our logger instance
+  // and detect when the corresponding error message has been logged.
+  const timer = setInterval(
+    () => {
+      if (logMessages.length > 0) {
+        t.equal(
+          logMessages.some(msg => msg[1] === 'unmatched server message received'),
+          true
+        )
+        clearInterval(timer)
+        t.end()
+      }
+    },
+    100
+  )
+
+  client.search('dc=test', (error) => {
+    t.error(error)
+  })
+})

test/server.test.js

@@ -3,6 +3,7 @@
 const net = require('net')
 const tap = require('tap')
 const vasync = require('vasync')
+const vm = require('node:vm')
 const { getSock } = require('./utils')
 const ldap = require('../lib')
 
@@ -256,6 +257,27 @@ tap.test('bind/unbind identity anonymous', function (t) {
   })
 })
 
+tap.test('does not crash on empty DN values', function (t) {
+  const server = ldap.createServer({
+    connectionRouter: function (c) {
+      server.newConnection(c)
+      server.emit('testconnection', c)
+    }
+  })
+
+  server.listen(t.context.sock, function () {
+    const client = ldap.createClient({ socketPath: t.context.sock })
+    server.once('testconnection', () => {
+      client.bind('', 'pw', function (err) {
+        t.ok(err, 'blank bind dn throws error')
+        client.unbind(function () {
+          server.close(() => t.end())
+        })
+      })
+    })
+  })
+})
+
 tap.test('bind/unbind identity user', function (t) {
   const server = ldap.createServer({
     connectionRouter: function (c) {
@@ -434,3 +456,16 @@ tap.test('multithreading support via hook', function (t) {
     })
   })
 })
+
+tap.test('cross-realm type checks', function (t) {
+  const server = ldap.createServer()
+  const ctx = vm.createContext({})
+  vm.runInContext(
+    'globalThis.search=function(){};\n' +
+    'globalThis.searches=[function(){}];'
+    , ctx)
+  server.search('', ctx.search)
+  server.search('', ctx.searches)
+  t.ok(server)
+  t.end()
+})