Add decommission note

.github/workflows/integration.yml

@@ -20,10 +20,12 @@ jobs:
 
     services:
       openldap:
-        image: ghcr.io/ldapjs/docker-test-openldap/openldap:latest
+        image: ghcr.io/ldapjs/docker-test-openldap/openldap:2023-10-30
         ports:
           - 389:389
           - 636:636
+        options: >
+          --health-cmd "ldapsearch -Y EXTERNAL -Q -H ldapi:// -b ou=people,dc=planetexpress,dc=com -LLL '(cn=Turanga Leela)' cn"
 
     steps:
       - uses: actions/checkout@v3

README.md

@@ -1,71 +1,34 @@
-# LDAPjs
+# Project Decomissioned
 
-[![Build Status](https://github.com/ldapjs/node-ldapjs/workflows/Lint%20And%20Test/badge.svg)](https://github.com/ldapjs/node-ldapjs/actions)
+This project has been decomissioned. I, James Sumners, took it on when it was
-[![Coverage Status](https://coveralls.io/repos/github/ldapjs/node-ldapjs/badge.svg)](https://coveralls.io/github/ldapjs/node-ldapjs/)
+languishing without any maintenance as it filled a need in the ecosystem and
+I had built things at a prior organization that depended upon this project.
+I spent a lot of time triaging issues and reworking things toward a path
+that could be more easily maintained by a community of volunteers. But I have
+not had the time to dedicate to this project in quite a while. There are
+outstanding issues that would take me at least a week of dedicated development
+time to solve, and I cannot afford to take time off of work to do that.
+Particularly considering that the aforementioned organization was two
+jobs ago, and it is extremely unlikely that I will transition to a role again
+that will need this project.
 
-LDAPjs makes the LDAP protocol a first class citizen in Node.js.
+So, why am I just now deciding to decomission this project? Because today,
+2024-05-14, I received the following email:
 
-## Usage
+![Abusive email](dt.png)
 
-For full docs, head on over to <http://ldapjs.org>.
+I will not tolerate abuse, and I especially will not tolerate tacit death
+threats, over a hobby. You can thank the author of that email for the
+decomissioning on this project.
 
-```javascript
+My recommendation to you in regard to LDAP operations: write a gateway in a
-var ldap = require('ldapjs');
+language that is more suited to these types of operations. I'd suggest
+[Go](https://go.dev).
 
-var server = ldap.createServer();
+👋
 
-server.search('dc=example', function(req, res, next) {
+P.S.: if I ever do need this project again, I might revive it. But I'd fight
-  var obj = {
+hard for my suggestion above. Also, I will consider turning it over to an
-    dn: req.dn.toString(),
+interested party, but I will require at least one recommendation from a
-    attributes: {
+Node.js core contributor that I can vet with the people that I know on that
-      objectclass: ['organization', 'top'],
+team.
-      o: 'example'
-    }
-  };
-
-  if (req.filter.matches(obj.attributes))
-  res.send(obj);
-
-  res.end();
-});
-
-server.listen(1389, function() {
-  console.log('ldapjs listening at ' + server.url);
-});
-```
-
-To run that, assuming you've got the [OpenLDAP](http://www.openldap.org/)
-client on your system:
-
-    ldapsearch -H ldap://localhost:1389 -x -b dc=example objectclass=*
-
-## Installation
-
-    npm install ldapjs
-
-## Node.js Version Support
-
-As of `ldapjs@3` we only support the active Node.js LTS releases.
-See [https://github.com/nodejs/release#release-schedule][schedule] for the LTS
-release schedule.
-
-For a definitive list of Node.js version we support, see the version matrix
-we test against in our [CI configuration][ci-config].
-
-Note: given the release date of `ldapjs@3`, and the short window of time that
-Node.js v14 had remaining on its LTS window, we opted to not support Node.js
-v14 with `ldapjs@3` (we released late February 2023 and v14 goes into
-maintenance in late April 2023). Also, Node.js v14 will be end-of-life (EOL) on
-September 11, 2023; this is a very shortened EOL timeline and makes it even
-more reasonable to not support it at this point.
-
-[schedule]: https://github.com/nodejs/release#release-schedule
-[ci-config]: https://github.com/ldapjs/node-ldapjs/blob/master/.github/workflows/main.yml
-
-## License
-
-MIT.
-
-## Bugs
-
-See <https://github.com/ldapjs/node-ldapjs/issues>.

docker-compose.yml

@@ -1,8 +1,10 @@
-version: '3'
-
 services:
   openldap:
-    image: ghcr.io/ldapjs/docker-test-openldap/openldap:latest
+    image: ghcr.io/ldapjs/docker-test-openldap/openldap:2023-10-30
     ports:
       - 389:389
       - 636:636
+    healthcheck:
+      start_period: 3s
+      test: >
+        /usr/bin/ldapsearch -Y EXTERNAL -Q -H ldapi:// -b ou=people,dc=planetexpress,dc=com -LLL '(cn=Turanga Leela)' cn 1>/dev/null

lib/client/client.js

@@ -80,7 +80,7 @@ function validateControls (controls) {
 
 function ensureDN (input) {
   if (DN.isDn(input)) {
-    return DN
+    return input
   } else if (typeof (input) === 'string') {
     return DN.fromString(input)
   } else {

lib/server.js

@@ -854,11 +854,11 @@ Server.prototype._getHandlerChain = function _getHandlerChain (req) {
   }
 
   // Otherwise, match via DN rules
-  assert.ok(req.dn)
   const keys = this._sortedRouteKeys()
   let fallbackHandler = [noSuffixHandler]
   // invalid DNs in non-strict mode are routed to the default handler
   const testDN = (typeof (req.dn) === 'string') ? DN.fromString(req.dn) : req.dn
+  assert.ok(testDN)
 
   for (let i = 0; i < keys.length; i++) {
     const suffix = keys[i]

package.json

@@ -3,7 +3,7 @@
   "name": "ldapjs",
   "homepage": "http://ldapjs.org",
   "description": "LDAP client and server APIs",
-  "version": "3.0.3",
+  "version": "3.0.7",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -11,13 +11,13 @@
   },
   "main": "lib/index.js",
   "dependencies": {
-    "@ldapjs/asn1": "2.0.0",
+    "@ldapjs/asn1": "^2.0.0",
-    "@ldapjs/attribute": "1.0.0",
+    "@ldapjs/attribute": "^1.0.0",
-    "@ldapjs/change": "1.0.0",
+    "@ldapjs/change": "^1.0.0",
-    "@ldapjs/controls": "2.0.0",
+    "@ldapjs/controls": "^2.1.0",
-    "@ldapjs/dn": "1.1.0",
+    "@ldapjs/dn": "^1.1.0",
-    "@ldapjs/filter": "2.1.0",
+    "@ldapjs/filter": "^2.1.1",
-    "@ldapjs/messages": "^1.2.0",
+    "@ldapjs/messages": "^1.3.0",
     "@ldapjs/protocol": "^1.2.1",
     "abstract-logging": "^2.0.1",
     "assert-plus": "^1.0.0",
@@ -47,7 +47,7 @@
     "test:cov:html": "tap --coverage-report=html -R terse",
     "test:watch": "tap -n -w --no-coverage-report -R terse",
     "test:integration": "tap --no-cov -R terse 'test-integration/**/*.test.js'",
-    "test:integration:local": "docker-compose up -d && npm run test:integration && docker-compose down",
+    "test:integration:local": "docker-compose up -d --wait && npm run test:integration ; docker-compose down",
     "lint": "eslint . --fix",
     "lint:ci": "eslint .",
     "docs": "node scripts/build-docs.js"

test-integration/client/issue-860.test.js

@@ -11,20 +11,33 @@ const baseURL = `${SCHEME}://${HOST}:${PORT}`
 
 const client = ldapjs.createClient({ url: baseURL })
 
-const opts = {
+tap.before(() => {
-  filter: '(&(objectClass=person))',
+  return new Promise((resolve, reject) => {
-  scope: 'sub',
+    client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
-  paged: true,
+      if (err) {
-  sizeLimit: 100,
+        return reject(err)
-  attributes: ['cn', 'employeeID']
+      }
-}
+      resolve()
+    })
+  })
+})
 
-const baseDN = parseDN('ou=テスト,dc=planetexpress,dc=com')
+tap.teardown(() => {
+  client.unbind()
+})
 
 tap.test('can search OUs with Japanese characters', t => {
-  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+  t.plan(2)
-    t.error(err, 'bind error')
+
-  })
+  const opts = {
+    filter: '(&(objectClass=person))',
+    scope: 'sub',
+    paged: true,
+    sizeLimit: 100,
+    attributes: ['cn', 'employeeID']
+  }
+
+  const baseDN = parseDN('ou=テスト,dc=planetexpress,dc=com')
 
   client.search(baseDN.toString(), opts, (err, res) => {
     t.error(err, 'search error')
@@ -42,7 +55,41 @@ tap.test('can search OUs with Japanese characters', t => {
       t.error(err, 'search entry error')
     })
     res.on('end', () => {
-      client.unbind(t.end)
+      t.end()
+    })
+  })
+})
+
+tap.test('can search with non-ascii chars in filter', t => {
+  t.plan(3)
+
+  const opts = {
+    filter: '(&(sn=Rodríguez))',
+    scope: 'sub',
+    attributes: ['dn', 'sn', 'cn'],
+    type: 'user'
+  }
+
+  let searchEntryCount = 0
+  client.search('dc=planetexpress,dc=com', opts, (err, res) => {
+    t.error(err, 'search error')
+    res.on('searchEntry', (entry) => {
+      searchEntryCount += 1
+      t.match(entry.pojo, {
+        type: 'SearchResultEntry',
+        objectName: 'cn=Bender Bending Rodr\\c3\\adguez,ou=people,dc=planetexpress,dc=com',
+        attributes: [{
+          type: 'cn',
+          values: ['Bender Bending Rodríguez']
+        }]
+      })
+    })
+    res.on('error', (err) => {
+      t.error(err, 'search entry error')
+    })
+    res.on('end', () => {
+      t.equal(searchEntryCount, 1, 'should have found 1 entry')
+      t.end()
     })
   })
 })

test-integration/client/issue-923.test.js

@@ -0,0 +1,91 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+const { DN } = require('@ldapjs/dn')
+const Change = require('@ldapjs/change')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+tap.teardown(() => {
+  client.unbind()
+})
+
+tap.test('modifies entry specified by dn string', t => {
+  t.plan(4)
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+    t.error(err, 'bind error')
+  })
+
+  const dn = 'cn=large10,ou=large_ou,dc=planetexpress,dc=com'
+  const change = new Change({
+    operation: 'replace',
+    modification: {
+      type: 'givenName',
+      values: ['test']
+    }
+  })
+
+  client.modify(dn, change, (err) => {
+    t.error(err, 'modify error')
+    validateChange({ t, expected: 'test', client })
+  })
+})
+
+tap.test('modifies entry specified by dn object', t => {
+  t.plan(4)
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+    t.error(err, 'bind error')
+  })
+
+  const dn = DN.fromString('cn=large10,ou=large_ou,dc=planetexpress,dc=com')
+  const change = new Change({
+    operation: 'replace',
+    modification: {
+      type: 'givenName',
+      values: ['test2']
+    }
+  })
+
+  client.modify(dn, change, (err) => {
+    t.error(err, 'modify error')
+    validateChange({ t, expected: 'test2', client })
+  })
+})
+
+function validateChange ({ t, expected, client }) {
+  const searchBase = 'ou=large_ou,dc=planetexpress,dc=com'
+  const searchOpts = {
+    filter: '(cn=large10)',
+    scope: 'subtree',
+    attributes: ['givenName'],
+    sizeLimit: 10,
+    timeLimit: 0
+  }
+
+  client.search(searchBase, searchOpts, (err, res) => {
+    t.error(err, 'search error')
+
+    res.on('searchEntry', entry => {
+      t.equal(
+        entry.attributes.filter(a => a.type === 'givenName').pop().values.pop(),
+        expected
+      )
+    })
+
+    res.on('error', err => {
+      t.error(err, 'search entry error')
+    })
+
+    res.on('end', () => {
+      t.end()
+    })
+  })
+}

test-integration/client/issue-940.test.js

@@ -0,0 +1,81 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+const Change = require('@ldapjs/change')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+const client = ldapjs.createClient({ url: baseURL })
+
+tap.before(() => {
+  return new Promise((resolve, reject) => {
+    client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err) => {
+      if (err) {
+        return reject(err)
+      }
+      resolve()
+    })
+  })
+})
+
+tap.teardown(() => {
+  client.unbind()
+})
+
+tap.test('can modify entries with non-ascii chars in RDN', t => {
+  t.plan(6)
+
+  const dn = 'cn=Mendonça,ou=people,dc=planetexpress,dc=com'
+  const entry = {
+    objectclass: 'person',
+    sn: 'change me'
+  }
+
+  client.add(dn, entry, error => {
+    t.error(error, 'add should not error')
+    doSearch('change me', doModify)
+  })
+
+  function doModify () {
+    const change = new Change({
+      operation: 'replace',
+      modification: {
+        type: 'sn',
+        values: ['changed']
+      }
+    })
+
+    client.modify(dn, change, (error) => {
+      t.error(error, 'modify should not error')
+      doSearch('changed', t.end.bind(t))
+    })
+  }
+
+  function doSearch (expected, callback) {
+    const searchOpts = {
+      filter: '(&(objectclass=person)(cn=Mendonça))',
+      scope: 'subtree',
+      attributes: ['sn']
+    }
+    client.search('ou=people,dc=planetexpress,dc=com', searchOpts, (error, res) => {
+      t.error(error, 'search should not error')
+
+      res.on('searchEntry', entry => {
+        const found = entry.attributes.filter(a => a.type === 'sn').pop().values.pop()
+        t.equal(found, expected, `expected '${expected}' and got '${found}'`)
+      })
+
+      res.on('error', error => {
+        t.error(error, 'search result processing should not error')
+      })
+
+      res.on('end', () => {
+        callback()
+      })
+    })
+  }
+})

test-integration/client/issue-946.test.js

@@ -0,0 +1,87 @@
+'use strict'
+
+const tap = require('tap')
+const ldapjs = require('../../lib')
+
+const SCHEME = process.env.SCHEME || 'ldap'
+const HOST = process.env.HOST || '127.0.0.1'
+const PORT = process.env.PORT || 389
+const baseURL = `${SCHEME}://${HOST}:${PORT}`
+
+tap.test('can use password policy response', t => {
+  const client = ldapjs.createClient({ url: baseURL })
+  const targetDN = 'cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com'
+
+  client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', (err, res) => {
+    t.error(err)
+    t.ok(res)
+    t.equal(res.status, 0)
+
+    const newPassword = 'bender2'
+    changePassword(client, newPassword, () => {
+      client.unbind()
+      bindNewClient(newPassword, { error: 2 }, (client) => {
+        const newPassword = 'bender'
+        changePassword(client, newPassword, () => {
+          client.unbind()
+          bindNewClient(newPassword, { timeBeforeExpiration: 1000 }, (client) => {
+            client.unbind(t.end)
+          })
+        })
+      })
+    })
+  })
+
+  function bindNewClient (pwd, expected, callback) {
+    const client = ldapjs.createClient({ url: baseURL })
+    const control = new ldapjs.PasswordPolicyControl()
+
+    client.bind(targetDN, pwd, control, (err, res) => {
+      t.error(err)
+      t.ok(res)
+      t.equal(res.status, 0)
+
+      let error = null
+      let timeBeforeExpiration = null
+      let graceAuthNsRemaining = null
+
+      res.controls.forEach(control => {
+        if (control.type === ldapjs.PasswordPolicyControl.OID) {
+          error = control.value.error ?? error
+          timeBeforeExpiration = control.value.timeBeforeExpiration ?? timeBeforeExpiration
+          graceAuthNsRemaining = control.value.graceAuthNsRemaining ?? graceAuthNsRemaining
+        }
+      })
+
+      if (expected.error !== undefined) {
+        t.equal(error, expected.error)
+      }
+      if (expected.timeBeforeExpiration !== undefined) {
+        t.equal(timeBeforeExpiration, expected.timeBeforeExpiration)
+      }
+      if (expected.graceAuthNsRemaining !== undefined) {
+        t.equal(graceAuthNsRemaining, expected.graceAuthNsRemaining)
+      }
+
+      callback(client)
+    })
+  }
+
+  function changePassword (client, newPwd, callback) {
+    const change = new ldapjs.Change({
+      operation: 'replace',
+      modification: new ldapjs.Attribute({
+        type: 'userPassword',
+        values: newPwd
+      })
+    })
+
+    client.modify(targetDN, change, (err, res) => {
+      t.error(err)
+      t.ok(res)
+      t.equal(res.status, 0)
+
+      callback()
+    })
+  }
+})

test-integration/client/issues.test.js

@@ -10,7 +10,14 @@ const PORT = process.env.PORT || 389
 const baseURL = `${SCHEME}://${HOST}:${PORT}`
 
 tap.test('modifyDN with long name (issue #480)', t => {
-  const longStr = 'a292979f2c86d513d48bbb9786b564b3c5228146e5ba46f404724e322544a7304a2b1049168803a5485e2d57a544c6a0d860af91330acb77e5907a9e601ad1227e80e0dc50abe963b47a004f2c90f570450d0e920d15436fdc771e3bdac0487a9735473ed3a79361d1778d7e53a7fb0e5f01f97a75ef05837d1d5496fc86968ff47fcb64'
+  // 2023-08-15: disabling this 265 character string until a bug can be
+  // fixed in OpenLDAP. See https://github.com/ldapjs/docker-test-openldap/blob/d48bc2fb001b4ed9a152715ced4a2cb120439ec4/bootstrap/slapd-init.sh#L19-L31.
+  // const longStr = 'a292979f2c86d513d48bbb9786b564b3c5228146e5ba46f404724e322544a7304a2b1049168803a5485e2d57a544c6a0d860af91330acb77e5907a9e601ad1227e80e0dc50abe963b47a004f2c90f570450d0e920d15436fdc771e3bdac0487a9735473ed3a79361d1778d7e53a7fb0e5f01f97a75ef05837d1d5496fc86968ff47fcb64'
+
+  // 2023-08-15: this 140 character string satisfies the original issue
+  // (https://github.com/ldapjs/node-ldapjs/issues/480) and avoids a bug
+  // in OpenLDAP 2.5.
+  const longStr = '292979f2c86d513d48bbb9786b564b3c5228146e5ba46f404724e322544a7304a2b1049168803a5485e2d57a544c6a0d860af91330acb77e5907a9e601ad1227e80e0dc50ab'
   const targetDN = 'cn=Turanga Leela,ou=people,dc=planetexpress,dc=com'
   const client = ldapjs.createClient({ url: baseURL })
   client.bind('cn=admin,dc=planetexpress,dc=com', 'GoodNewsEveryone', bindHandler)

test/client.test.js

@@ -10,6 +10,7 @@ const Attribute = require('@ldapjs/attribute')
 const Change = require('@ldapjs/change')
 const messages = require('@ldapjs/messages')
 const controls = require('@ldapjs/controls')
+const dn = require('@ldapjs/dn')
 const ldap = require('../lib')
 
 const {
@@ -761,6 +762,36 @@ tap.test('search basic', function (t) {
   })
 })
 
+tap.test('search basic with DN', function (t) {
+  const { SearchResultEntry, SearchResultDone } = messages
+
+  t.context.client.search(dn.DN.fromString('cn=test, ' + SUFFIX, '(objectclass=*)'), function (err, res) {
+    t.error(err)
+    t.ok(res)
+    let gotEntry = 0
+    res.on('searchEntry', function (entry) {
+      t.ok(entry)
+      t.ok(entry instanceof SearchResultEntry)
+      t.equal(entry.dn.toString(), 'cn=test,' + SUFFIX)
+      t.ok(entry.attributes)
+      t.ok(entry.attributes.length)
+      t.equal(entry.attributes[0].type, 'cn')
+      t.equal(entry.attributes[1].type, 'SN')
+      gotEntry++
+    })
+    res.on('error', function (err) {
+      t.fail(err)
+    })
+    res.on('end', function (res) {
+      t.ok(res)
+      t.ok(res instanceof SearchResultDone)
+      t.equal(res.status, 0)
+      t.equal(gotEntry, 2)
+      t.end()
+    })
+  })
+})
+
 tap.test('GH-602 search basic with delayed event listener binding', function (t) {
   t.context.client.search('cn=test, ' + SUFFIX, '(objectclass=*)', function (err, res) {
     t.error(err)

test/server.test.js

@@ -257,6 +257,27 @@ tap.test('bind/unbind identity anonymous', function (t) {
   })
 })
 
+tap.test('does not crash on empty DN values', function (t) {
+  const server = ldap.createServer({
+    connectionRouter: function (c) {
+      server.newConnection(c)
+      server.emit('testconnection', c)
+    }
+  })
+
+  server.listen(t.context.sock, function () {
+    const client = ldap.createClient({ socketPath: t.context.sock })
+    server.once('testconnection', () => {
+      client.bind('', 'pw', function (err) {
+        t.ok(err, 'blank bind dn throws error')
+        client.unbind(function () {
+          server.close(() => t.end())
+        })
+      })
+    })
+  })
+})
+
 tap.test('bind/unbind identity user', function (t) {
   const server = ldap.createServer({
     connectionRouter: function (c) {