使用NodeJS进行Active Directory身份验证 [英] Active Directory authentication with NodeJS

问题描述

我正在尝试构建一台NodeJS服务器，并计划使用该组织的Microsoft Active Directory进行身份验证。

I'm trying to build one NodeJS server and planning to use the organization's Microsoft Active Directory for authentication.

我在很多软件包（activedirectory，activedirectory2，ldapjs等）中都尝试了相同的方法

I tried the same with many packages (activedirectory, activedirectory2, ldapjs etc.)

似乎为我工作。

我提供了LDAP URL，下面是我的代码。

I'm supplying the LDAP URL and below is my code.

var ldapjs = require('ldapjs');

var config = { url: 'ldap://mycompany.com/dc=mycompany,dc=com'
           ,timeout: 10
           ,reconnect: {
              "initialDelay": 100,
              "maxDelay": 500,
              "failAfter": 5
              } 
        }

var username = "user_id@mycompany.com";
var password="password";

const ldapClient = ldapjs.createClient(config);


ldapClient.bind(username, password, function (err) {
console.log("Logging data...");
ldapClient.search('dc=mycompany,dc=com', function (err, search) {
 if (err) {
    console.log('ERROR: ' +JSON.stringify(err));
    return;
  }
search.on('searchEntry', function (err,entry) {
   if (err) {
    console.log('ERROR: ' +JSON.stringify(err));
    return;
  }
  else{
    var user = entry.object;
    console.log("Done.");
    return;
   }

   });
  });
});

有时它可以工作，但是在大多数情况下，我一直在跟踪错误（可能是在选择不同的IP）

Sometimes it works, but for most of the times I keep on getting following error (may be when it chooses a different IP)

Error: connect ETIMEDOUT <ip address>:389
at Object.exports._errnoException (util.js:1018:11)
at exports._exceptionWithHostPort (util.js:1041:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)

让我感到困惑的是；如果我在C＃应用程序中尝试使用相同的LDAP URL，则可以正常工作。

What puzzles me is; if I try with the same LDAP URL in my C# application, it works fine.

.Net应用程序使用它的方式与NodeJS使用方式有什么区别吗？

Is there a difference in the way .Net app uses it than the way NodeJS uses?

我可以吗？

推荐答案

我通过首先获取发出请求的用户名来完成此工作 npm：express-ntlm 。然后使用这些信息，我使用 npm：activedirectory 来向Active Directory查询该用户的详细信息。 / p>

I got this working by first getting the username that made the request with npm:express-ntlm. Then with this information, I use npm:activedirectory to query Active Directory for that user's details.

app.use(
  ntlm({
    domain: process.env.DOMAIN,
    domaincontroller: process.env.DOMAINCONTROLLER
  })
);

...

app.use("/", authenticate, require("./routes/index"));

在经过身份验证的中间件中，我现在可以访问包含

Inside my authenticate middleware I now have access to req.ntlm which contains

{ DomainName: '...',
  UserName: '...',
  Workstation: '...',
  Authenticated: true }

我设置了ActiveDirectory对象，并注意 bindDN和 bindCredentials，而不是 username和 password：

I setup the ActiveDirectory object, and note "bindDN" and "bindCredentials" instead of "username" and "password":

var ad = new ActiveDirectory({
  url: process.env.DOMAINCONTROLLER,
  baseDN: process.env.BASEDN,
  bindDN: process.env.USERNAME,
  bindCredentials: process.env.PASSWORD
});

然后，您可以像在npm：activedirectory文档中那样使用广告对象：

Then you can use the ad object like in the npm:activedirectory documentation:

ad.findUser(req.ntlm.UserName, (err, adUser) => {
    ...
});

findUser返回诸如名字和姓氏，电子邮件地址之类的东西，这些是我所需要的，但您可以轻松地分组调查。

findUser returns things like first and last name, email address, which is all I needed but you could easily look into groups.

这篇关于使用NodeJS进行Active Directory身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！