Issues with updating typ:accounts-ldap package to Meteor 2.4 (or even 2.7)

Hi,

We’re upgrading our meteor apps, but we hit a snag when upgrading from 2.2.1 to 2.4 or anything higher.

typ:accounts-ldap does not support 2.0.1 and higher of accounts-base and accounts-password, which are used by 2.4 and higher at least.

Here is a minimal reproduction with code that throws the same error:

In dev_settings.json, pointing the ldap to an existing Windows Server with AD configured, it will produce the error as seen in the error_log.txt.

We do not have as much experience with Meteor packages debugging in general, and as such wish to:

  1. Seek advice and help with getting the typ:accounts-ldap package updated for the newer versions of Meteor (2.4 all the way to 2.7)
    We have a modified version of typ:accounts-ldap and typ:ldapjs under packages/ in the reproduction repo, but we are unable to figure out what went wrong based off the error message

  2. Alternatively, a similar package (that isn’t babrahams:accounts-ldap) that can be a pretty much drop-in replacement, or at least be able to support anonymous DN and certificates

Notes: the credentials and ldap addresses in the project files have been replaced to generic random variables, so as to still be able to give a idea as to the issue, without revealing anything that shouldn’t be revealed

In Meteor 2.2.1, the code excluding the modified typ packages were working fine. The packages that it was on can be seen here: Meteor 2.2.1 relevant files · GitHub

Other details:
- OS & OS Version: Windows 10 Pro (10.0.15063 Build 15063)
- MongoDB: 5.0.4 (Enterprise)
- Meteor Release Version: 2.4 (2.4.0_1)
- NodeJS Version: 14.19.1
- LDAP Server: Windows 2012R2

Error in question:

Exception while invoking method 'login' TypeError: Cannot read property '0' of undefined
     at MethodInvocation.<anonymous> (packages\typ_accounts-ldap.js:292:56)
    at packages/accounts-base/accounts_server.js:512:31
     at tryLoginMethod (packages/accounts-base/accounts_server.js:1305:14)
     at AccountsServer._runLoginHandlers (packages/accounts-base/accounts_server.js:510:22)
     at MethodInvocation.methods.login (packages/accounts-base/accounts_server.js:570:31)
     at maybeAuditArgumentChecks (packages/ddp-server/livedata_server.js:1885:12)
     at packages/ddp-server/livedata_server.js:769:19
     at Meteor.EnvironmentVariable.EVp.withValue (packages\meteor.js:1257:12)
     at packages/ddp-server/livedata_server.js:767:46
     at Meteor.EnvironmentVariable.EVp.withValue (packages\meteor.js:1257:12)
     at packages/ddp-server/livedata_server.js:765:46
     at new Promise (<anonymous>)
     at Session.method (packages/ddp-server/livedata_server.js:739:23)
     at packages/ddp-server/livedata_server.js:603:43

Any idea where this filename is coming from?!

That would be from one of those packages that we’re trying to update to work with 2.4 and higher, I think?

Here: minimal-reprod/ldap_server.js at main · DevDev24/minimal-reprod · GitHub

Ok, I’d suggest to start by guarding all ldapResponse.searchResults[0].email of invalid values. (e.g. ldapResponse.searchResults?.[0]?.email) and throw in some console.log() for ldapResponse.searchResults and see the form of the object (if any).

As far as I know there is no up-to-date LDAP integration package available. Part of the reason is that the basis for all of them is ldapjs which itself is far away from being modern JS. Nevertheless the latest version of the NPM package is 2.3.3 right now and most big apps are rolling their own authentication based directly on ldapjs see rocket.chat as an example:

I am afraid the drop-in replacement will be a difficult search :face_with_monocle:

We will try that out once we get back to our lab on Monday, thanks!

That’s… quite discouraging…

Hopefully we will be able to successfully update the typ:accounts-ldap package (or if not us, someone else), and publish the updated version onto Packosphere or otherwise share it for people who may also not want to keep recreating the wheel…