我在Node中拥有服务器,我正在尝试使用公司的广告授权用户。我有这样的路线:
const {isLogin, signup, login, logout} = require('../services/authorization.js')
app.post('/login', function(req, res, next) {
login(req,res,next)
.then((loginObject)=>{
res.status(200).send({msg:"Login Başarılı",user:loginObject.user});
})
.catch(err=>{
console.log("login hatalı err:",err)
res.status(400).send({msg:'Login hatalı', err:err});
})
;
});
和登录功能:
var login = function (req,res,next){
return new Promise(function (resolve, reject) {
passport.authenticate('ldapauth', {session: false},function(err, user, info) {
if (err) {
console.log("serverjs:login:err",err)
return reject(err)
}
if (! user) {
console.log("serverjs:login:!user",info,"-",user)
return reject(info.loginMessage)
}
req.login(user, loginErr => {
if (loginErr) {
console.log("serverjs:login:req.login:err:",loginErr)
return reject(loginErr);
}
req.session.save(() => {
req.session.user=user;
return resolve({user:user})
})
});
})(req, res, next);
})
}
我的护照是:
var LocalStrategy = require('passport-local').Strategy;
var LdapStrategy = require('passport-ldapauth');
// load up the user model
var User = require('../models/user.js');
const postGreAPI = require('../services/postGreAPI.js');
var logger = require("../../../log4js").logger;
var credentials = require('./credentials.js');
var OPTS = {
server: {
url: credentials.AUTH.LDAP.URL,// 'ldap://localhost:389'
bindDN: 'CN=appuser,OU=someou,DC=somedc,DC=local',//credentials.AUTH.LDAP.BINDDN, //'cn=root',
bindCredentials: 'XXXX',//credentials.AUTH.LDAP.BINDCREDENTIALS, //'secret',
searchBase: 'OU=Users,OU=someou,DC=somedc,DC=local',
searchFilter: '(sAMAccountName={{email}})'
},
usernameField : 'email',
passwordField : 'password',
};
// expose this function to our app using module.exports
module.exports = function(passport) {
// =========================================================================
// passport session setup ==================================================
// =========================================================================
// required for persistent login sessions
// passport needs ability to serialize and unserialize users out of session
// used to serialize the user for the session
passport.serializeUser(function(user, done) {
done(null, user.id);
});
// used to deserialize the user
passport.deserializeUser(function(id, done) {
postGreAPI.readUser(id)
.then(user=>{
done(null, user);
})
.catch(err=>{
done(err, null);
})
});
passport.use('ldapauth',new LdapStrategy(OPTS,
function(user, done) {
postGreAPI.readUserByEmail(email)
.then(user=>{
if (!user) {
return done(null, false, {loginMessage:'Hatalı Şifre ya da Kullanıcı Adı'}); // req.flash is the way to set flashdata using connect-flash
} else {
return done(null, user);
}
})
.catch(err=>{
return done(err);
})
}));
};
尽管我成功通过activedirectory2进行了身份验证,但我却无法使用passportjs。我尝试了很多选择。我查了所有与passport-ldapauth有关的内容。但是我总是收到消息“无效的用户名/密码”(我认为是来自client.js) 这是我的日志:
AlperFindUserThis: LdapAuth {
opts:
{ url: 'ldap://XX.XXX.X.XX:XXX',
bindDN:
'CN=appuser,OU=someou,DC=somedc,DC=local',
bindCredentials: 'XX',
searchBase: 'OU=Users,OU=someou,DC=somedc,DC=local',
searchFilter: '(sAMAccountName={{email}})',
searchScope: 'sub',
bindProperty: 'dn',
groupSearchScope: 'sub',
groupDnProperty: 'dn' },
log: undefined,
_events: { error: [ [Function], [Function] ] },
_eventsCount: 1,
_maxListeners: undefined,
clientOpts:
{ url: 'ldap://XX.XXX.X.XX:XXX',
tlsOptions: undefined,
socketPath: undefined,
log:
Logger {
_events: {},
_eventsCount: 0,
_maxListeners: undefined,
_level: 30,
streams: [Array],
serializers: [Object],
src: false,
fields: [Object] },
timeout: undefined,
connectTimeout: undefined,
idleTimeout: undefined,
reconnect: undefined,
strictDN: undefined,
queueSize: undefined,
queueTimeout: undefined,
queueDisable: undefined },
bindDN:
'CN=appuser,OU=someou,DC=somedc,DC=local',
bindCredentials: 'XXX',
_adminClient:
Client {
_events:
{ error: [Function: bound ],
connectTimeout: [Function: bound ] },
_eventsCount: 2,
_maxListeners: undefined,
host: 'XX.XXX.X.XX',
port: XXX,
secure: false,
url:
Url {
protocol: 'ldap:',
slashes: true,
auth: null,
host: 'XX.XXX.X.XX:XXX',
port: XXX,
hostname: 'XX.XXX.X.XX',
hash: null,
search: null,
query: null,
pathname: null,
path: null,
href: 'ldap://XX.XXX.X.XX:XXX',
secure: false },
tlsOptions: undefined,
socketPath: false,
log:
Logger {
_events: {},
_eventsCount: 0,
_maxListeners: undefined,
_isSimpleChild: true,
_level: 30,
streams: [Array],
serializers: [Object],
src: false,
fields: [Object] },
timeout: 0,
connectTimeout: 0,
idleTimeout: 0,
strictDN: true,
queue:
RequestQueue {
size: Infinity,
timeout: 0,
_queue: [],
_timer: null,
_frozen: false },
_socket: null,
connected: false,
_connectRetry:
Backoff {
_events: [Object],
_eventsCount: 2,
_maxListeners: undefined,
backoffStrategy_: [ExponentialBackoffStrategy],
maxNumberOfRetry_: 1,
backoffNumber_: 0,
backoffDelay_: 1,
timeoutID_:
Timeout {
_called: false,
_idleTimeout: 1,
_idlePrev: [Timeout],
_idleNext: [TimersList],
_idleStart: 13484,
_onTimeout: [Function: bound ],
_timerArgs: undefined,
_repeat: null,
_destroyed: false,
[Symbol(unrefed)]: false,
[Symbol(asyncId)]: 73,
[Symbol(triggerId)]: 69 },
handlers: [Object] },
connecting: true },
_adminBound: false,
_userClient:
Client {
_events:
{ error: [Function: bound ],
connectTimeout: [Function: bound ] },
_eventsCount: 2,
_maxListeners: undefined,
host: '10.222.8.33',
port: 389,
secure: false,
url:
Url {
protocol: 'ldap:',
slashes: true,
auth: null,
host: 'XX.XXX.X.XX:XXX',
port: XXX,
hostname: 'XX.XXX.X.XX',
hash: null,
search: null,
query: null,
pathname: null,
path: null,
href: 'ldap://XX.XXX.X.XX:XXX',
secure: false },
tlsOptions: undefined,
socketPath: false,
log:
Logger {
_events: {},
_eventsCount: 0,
_maxListeners: undefined,
_isSimpleChild: true,
_level: 30,
streams: [Array],
serializers: [Object],
src: false,
fields: [Object] },
timeout: 0,
connectTimeout: 0,
idleTimeout: 0,
strictDN: true,
queue:
RequestQueue {
size: Infinity,
timeout: 0,
_queue: [],
_timer: null,
_frozen: false },
_socket: null,
connected: false,
_connectRetry:
Backoff {
_events: [Object],
_eventsCount: 2,
_maxListeners: undefined,
backoffStrategy_: [ExponentialBackoffStrategy],
maxNumberOfRetry_: 1,
backoffNumber_: 0,
backoffDelay_: 1,
timeoutID_:
Timeout {
_called: false,
_idleTimeout: 1,
_idlePrev: [TimersList],
_idleNext: [Timeout],
_idleStart: 13484,
_onTimeout: [Function: bound ],
_timerArgs: undefined,
_repeat: null,
_destroyed: false,
[Symbol(unrefed)]: false,
[Symbol(asyncId)]: 77,
[Symbol(triggerId)]: 69 },
handlers: [Object] },
connecting: true },
_getGroups: [Function] }
-----------------------------
AlperSearch: OU=Users,OU=someou,DC=somedc,DC=local
-----------------------------
AlperSerchBaseOpt: { filter: '(sAMAccountName={{email}})', scope: 'sub' }
-----------------------------
-----------------------------
AlperAdminBindErr: { InvalidCredentialsError: 80090308: LdapErr: DSID-0C09042A, comment: AcceptSecurityContext error, data 52e, v3839
我还不能解决。你有什么建议吗?