Reusue the single correct ldap.createClient call also in auth

src/externalldap.js

@@ -57,8 +57,9 @@ function validUserRequirements(user) {
 }
 
 // performs service bind if required
-function getClient(externalLdapConfig, callback) {
+function getClient(externalLdapConfig, doBindAuth, callback) {
     assert.strictEqual(typeof externalLdapConfig, 'object');
+    assert.strictEqual(typeof doBindAuth, 'boolean');
     assert.strictEqual(typeof callback, 'function');
 
     // ensure we only callback once since we also have to listen to client.error events
@@ -88,7 +89,8 @@ function getClient(externalLdapConfig, callback) {
         callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
     });
 
-    if (!externalLdapConfig.bindDn) return callback(null, client);
+    // skip bind auth if none exist or if not wanted
+    if (!externalLdapConfig.bindDn || !doBindAuth) return callback(null, client);
 
     client.bind(externalLdapConfig.bindDn, externalLdapConfig.bindPassword, function (error) {
         if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
@@ -103,7 +105,7 @@ function ldapGetByDN(externalLdapConfig, dn, callback) {
     assert.strictEqual(typeof dn, 'string');
     assert.strictEqual(typeof callback, 'function');
 
-    getClient(externalLdapConfig, function (error, client) {
+    getClient(externalLdapConfig, true, function (error, client) {
         if (error) return callback(error);
 
         let searchOptions = {
@@ -140,7 +142,7 @@ function ldapUserSearch(externalLdapConfig, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    getClient(externalLdapConfig, function (error, client) {
+    getClient(externalLdapConfig, true, function (error, client) {
         if (error) return callback(error);
 
         let searchOptions = {
@@ -181,7 +183,7 @@ function ldapGroupSearch(externalLdapConfig, options, callback) {
     assert.strictEqual(typeof options, 'object');
     assert.strictEqual(typeof callback, 'function');
 
-    getClient(externalLdapConfig, function (error, client) {
+    getClient(externalLdapConfig, true, function (error, client) {
         if (error) return callback(error);
 
         let searchOptions = {
@@ -248,7 +250,7 @@ function testConfig(config, callback) {
         if (!config.groupnameField || typeof config.groupnameField !== 'string') return callback(new BoxError(BoxError.BAD_FIELD, 'groupFilter must not be empty'));
     }
 
-    getClient(config, function (error, client) {
+    getClient(config, true, function (error, client) {
         if (error) return callback(error);
 
         var opts = {
@@ -332,12 +334,15 @@ function verifyPassword(user, password, callback) {
             if (ldapUsers.length === 0) return callback(new BoxError(BoxError.NOT_FOUND));
             if (ldapUsers.length > 1) return callback(new BoxError(BoxError.CONFLICT));
 
-            let client = ldap.createClient({ url: externalLdapConfig.url });
+            getClient(externalLdapConfig, false, function (error, client) {
-            client.bind(ldapUsers[0].dn, password, function (error) {
+                if (error) return callback(error);
-                if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
-                if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
 
-                callback(null, translateUser(externalLdapConfig, ldapUsers[0]));
+                client.bind(ldapUsers[0].dn, password, function (error) {
+                    if (error instanceof ldap.InvalidCredentialsError) return callback(new BoxError(BoxError.INVALID_CREDENTIALS));
+                    if (error) return callback(new BoxError(BoxError.EXTERNAL_ERROR, error));
+
+                    callback(null, translateUser(externalLdapConfig, ldapUsers[0]));
+                });
             });
         });
     });