我一直在与护照-ddapauth挣扎了几天,而且我没有更多的想法,我做错了什么。
简而言之,我有一个使用两种护照策略的项目:本地和LDAP。本地策略对我来说非常适合,但LDAP是有问题的。
我有一个AD的只读用户(我们称之为“ldap-read-only-admin”),我可以通过外部LDAP客户端与该用户连接并查看相关的OU。我还对SearchBase进行了三重检查,看起来是正确的。
但是,当将相同的配置传递给passport-ldapauth时,似乎它无法绑定用户凭据(我猜)。关于如何调试它的任何想法将非常感激。
这是app.js:
var express = require("express");
var app = express();
var path = require("path");
var session = require("express-session");
var mongoose = require("mongoose");
var passport = require("passport");
var flash = require("connect-flash");
var cookieParser = require("cookie-parser");
var bodyParser = require("body-parser");
var morgan = require("morgan");
var configDB = require('./config/database.js');
require('./config/passport.js')(passport); // pass passport for configuration
app.use(express.static(__dirname + '/public'));
app.set('view engine', 'ejs');
//connect to the Database
var promise = mongoose.connect(configDB.url, {
useMongoClient: true,
});
app.use(morgan('dev')); // log every request to the console
app.use(cookieParser()); // read cookies (needed for auth)
//app.use(bodyParser()); // get information from html forms
app.use(bodyParser.urlencoded({
extended: true
}));
app.use(bodyParser.json({
extended: true
}));
// configuring passport
app.use(session({ secret: 'secret', resave: true, saveUninitialized: true })); // session secret
app.use(passport.initialize());
app.use(passport.session()); // persistent login sessions
app.use(flash()); // use connect-flash for flash messages stored in session
require('./modules/routes.js')(app, passport); // load our routes and pass in our app and fully configured passport
//make Web server listen on a specific port
app.listen(3000);
logger.info("Listening on port 3000");
这是routes.js(相关部分):
module.exports = function(app, passport) {
app.post('/', function(req, res, next) {
passport.authenticate('ldap-login', {session: true}, function(err, user, info) {
console.log("user: " + user);
console.log("info: " + JSON.stringify(info));
if (err) {
return next(err); // will generate a 500 error
}
// Generate a JSON response reflecting authentication status
if (! user) {
return res.send({ success : false, message : 'authentication failed' });
}
return res.send({ success : true, message : 'authentication succeeded' });
})(req, res, next);
});
}
这是passport.js:
var LocalStrategy = require('passport-local').Strategy;
var LdapStrategy = require('passport-ldapauth').Strategy;
// load the user model
var User = require('../modules/user.js');
// expose this function to our app using module.exports
module.exports = function(passport) {
// =========================================================================
// passport session setup ==================================================
// =========================================================================
// required for persistent login sessions
// passport needs ability to serialize and unserialize users out of session
// used to serialize the user for the session
passport.serializeUser(function(user, done) {
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
User.findById(id, function(err, user) {
done(err, user);
});
});
// =========================================================================
// LOCAL LOGIN =============================================================
// =========================================================================
passport.use('local-login', new LocalStrategy({
passReqToCallback : true // allows us to pass back the entire request to the callback
},
function(req, username, password, done) { // callback with email and password from our form
// find a user whose email is the same as the forms email
// we are checking to see if the user trying to login already exists
User.findOne({ username : username }, function(err, user) {
// if there are any errors, return the error before anything else
if (err)
return done(err);
// if no user is found, return the message
if (!user)
return done(null, false, req.flash('loginMessage', 'The username "' + username + '" is not found.')); // req.flash is the way to set flashdata using connect-flash
// if the user is found but the password is wrong
if (!user.validPassword(password))
return done(null, false, req.flash('loginMessage', 'Oops! Wrong password.')); // create the loginMessage and save it to session as flashdata
// all is well, return successful user
return done(null, user);
});
}));
// =========================================================================
// LDAP Login ==============================================================
// =========================================================================
var opts = {
server: {
url: 'ldap://<ldap server address>:389',
bindDn: 'cn=ldap-read-only-admin',
bindCredentials: 'password',
searchBase: 'OU=XX1, OU=XX2, DC=domain, DC=local',
searchFilter: '(uid={{username}})',
// passReqToCallback : true
}
};
passport.use('ldap-login', new LdapStrategy(opts, function(req, user, done) {
console.log("Passport LDAP authentication.");
done(null, user);
}
));
};
答案 0 :(得分:4)
经过五个小时的尝试,我设法解决了我的问题。
首先,我的&#34; ldap-read-only-admin&#34;与其他用户在相同的OU下,因此我必须将整个路径放在bindDN字符串中的ldap-read-only-admin。其次,我需要使用sAMAccountName而不是uid。第三,我不得不从LdapStrategy函数中删除req。
以下是passport.js中的ldap登录方式:
componentDidMount
希望它会对某人有所帮助。