diff --git a/lib/passport-ldapauth/strategy.js b/lib/passport-ldapauth/strategy.js index e3c9359..56c1746 100644 --- a/lib/passport-ldapauth/strategy.js +++ b/lib/passport-ldapauth/strategy.js @@ -300,8 +300,8 @@ var handleAuthentication = function(req, options) { return this.fail({ message: options.constraintViolation || 'Exceeded password retry limit, account locked' }, 401); } - // Other errors are (most likely) real errors - return errorHandler(err); + // Other errors are (most likely) real errors and are handled with the 'error' event listener + return; } if (!user) { diff --git a/test/strategy-test.js b/test/strategy-test.js index 161264c..b4a0191 100644 --- a/test/strategy-test.js +++ b/test/strategy-test.js @@ -425,4 +425,43 @@ describe('LDAP authentication strategy', function() { }); }); }); + + describe('with multiple server URLs', function() { + after(stop_servers); + + it('should fail the authentication with an error when all servers fail', function(cb) { + var TWO_SERVERS_ALL_FAIL = JSON.parse(JSON.stringify(BASE_OPTS)); + + TWO_SERVERS_ALL_FAIL.server.url = [ + 'ldap://255.255.255.255', // Unreachable network + 'ldap://i.do.not.exist.local:65433' // Non-existing domain + ]; + + start_servers(TWO_SERVERS_ALL_FAIL, BASE_TEST_OPTS)(function() { + request(expressapp) + .post('/login') + .send({username: 'valid', password: 'valid'}) + .expect(500) + .end(cb); + }); + }); + + it('should succeed when a server replies with success', function(cb) { + var THREE_SERVERS_LAST_SUCCEEDS = JSON.parse(JSON.stringify(BASE_OPTS)); + + THREE_SERVERS_LAST_SUCCEEDS.server.url = [ + 'ldap://255.255.255.255', // Unreachable network + 'ldap://i.do.not.exist.local:65433', // Non-existing domain + 'ldap://localhost:' + LDAP_PORT.toString() + ]; + + start_servers(THREE_SERVERS_LAST_SUCCEEDS, BASE_TEST_OPTS)(function() { + request(expressapp) + .post('/login') + .send({username: 'valid', password: 'valid'}) + .expect(200) + .end(cb); + }); + }); + }); });