我正在尝试构建一台NodeJS服务器,并计划使用该组织的Microsoft Active Directory进行身份验证。
I'm trying to build one NodeJS server and planning to use the organization's Microsoft Active Directory for authentication.
我在很多软件包(activedirectory,activedirectory2,ldapjs等)中都尝试了相同的方法
I tried the same with many packages (activedirectory, activedirectory2, ldapjs etc.)
似乎为我工作。
我提供了LDAP URL,下面是我的代码。
I'm supplying the LDAP URL and below is my code.
var ldapjs = require('ldapjs'); var config = { url: 'ldap://mycompany/dc=mycompany,dc=com' ,timeout: 10 ,reconnect: { "initialDelay": 100, "maxDelay": 500, "failAfter": 5 } } var username = "user_id@mycompany"; var password="password"; const ldapClient = ldapjs.createClient(config); ldapClient.bind(username, password, function (err) { console.log("Logging data..."); ldapClient.search('dc=mycompany,dc=com', function (err, search) { if (err) { console.log('ERROR: ' +JSON.stringify(err)); return; } search.on('searchEntry', function (err,entry) { if (err) { console.log('ERROR: ' +JSON.stringify(err)); return; } else{ var user = entry.object; console.log("Done."); return; } }); }); });有时它可以工作,但是在大多数情况下,我一直在跟踪错误(可能是在选择不同的IP)
Sometimes it works, but for most of the times I keep on getting following error (may be when it chooses a different IP)
Error: connect ETIMEDOUT <ip address>:389 at Object.exports._errnoException (util.js:1018:11) at exports._exceptionWithHostPort (util.js:1041:20) at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)让我感到困惑的是;如果我在C#应用程序中尝试使用相同的LDAP URL,则可以正常工作。
What puzzles me is; if I try with the same LDAP URL in my C# application, it works fine.
.Net应用程序使用它的方式与NodeJS使用方式有什么区别吗?
Is there a difference in the way .Net app uses it than the way NodeJS uses?
我可以吗?
推荐答案我通过首先获取发出请求的用户名来完成此工作 npm:express-ntlm 。然后使用这些信息,我使用 npm:activedirectory 来向Active Directory查询该用户的详细信息。 / p>
I got this working by first getting the username that made the request with npm:express-ntlm. Then with this information, I use npm:activedirectory to query Active Directory for that user's details.
app.use( ntlm({ domain: process.env.DOMAIN, domaincontroller: process.env.DOMAINCONTROLLER }) ); ... app.use("/", authenticate, require("./routes/index"));在经过身份验证的中间件中,我现在可以访问包含
Inside my authenticate middleware I now have access to req.ntlm which contains
{ DomainName: '...', UserName: '...', Workstation: '...', Authenticated: true }我设置了ActiveDirectory对象,并注意 bindDN和 bindCredentials,而不是 username和 password:
I setup the ActiveDirectory object, and note "bindDN" and "bindCredentials" instead of "username" and "password":
var ad = new ActiveDirectory({ url: process.env.DOMAINCONTROLLER, baseDN: process.env.BASEDN, bindDN: process.env.USERNAME, bindCredentials: process.env.PASSWORD });然后,您可以像在npm:activedirectory文档中那样使用广告对象:
Then you can use the ad object like in the npm:activedirectory documentation:
ad.findUser(req.ntlm.UserName, (err, adUser) => { ... });findUser返回诸如名字和姓氏,电子邮件地址之类的东西,这些是我所需要的,但您可以轻松地分组调查。
findUser returns things like first and last name, email address, which is all I needed but you could easily look into groups.
更多推荐
使用NodeJS进行Active Directory身份验证
发布评论