使用NodeJS进行Active Directory身份验证 [英] Active Directory authentication with NodeJS
问题描述
我正在尝试构建一台NodeJS服务器,并计划使用该组织的Microsoft Active Directory进行身份验证。
I'm trying to build one NodeJS server and planning to use the organization's Microsoft Active Directory for authentication.
我在很多软件包(activedirectory,activedirectory2,ldapjs等)中都尝试了相同的方法
I tried the same with many packages (activedirectory, activedirectory2, ldapjs etc.)
似乎为我工作。
我提供了LDAP URL,下面是我的代码。
I'm supplying the LDAP URL and below is my code.
var ldapjs = require('ldapjs');
var config = { url: 'ldap://mycompany.com/dc=mycompany,dc=com'
,timeout: 10
,reconnect: {
"initialDelay": 100,
"maxDelay": 500,
"failAfter": 5
}
}
var username = "user_id@mycompany.com";
var password="password";
const ldapClient = ldapjs.createClient(config);
ldapClient.bind(username, password, function (err) {
console.log("Logging data...");
ldapClient.search('dc=mycompany,dc=com', function (err, search) {
if (err) {
console.log('ERROR: ' +JSON.stringify(err));
return;
}
search.on('searchEntry', function (err,entry) {
if (err) {
console.log('ERROR: ' +JSON.stringify(err));
return;
}
else{
var user = entry.object;
console.log("Done.");
return;
}
});
});
});
有时它可以工作,但是在大多数情况下,我一直在跟踪错误(可能是在选择不同的IP)
Sometimes it works, but for most of the times I keep on getting following error (may be when it chooses a different IP)
Error: connect ETIMEDOUT <ip address>:389
at Object.exports._errnoException (util.js:1018:11)
at exports._exceptionWithHostPort (util.js:1041:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)
让我感到困惑的是;如果我在C#应用程序中尝试使用相同的LDAP URL,则可以正常工作。
What puzzles me is; if I try with the same LDAP URL in my C# application, it works fine.
.Net应用程序使用它的方式与NodeJS使用方式有什么区别吗?
Is there a difference in the way .Net app uses it than the way NodeJS uses?
我可以吗?
推荐答案
我通过首先获取发出请求的用户名来完成此工作 npm:express-ntlm 。然后使用这些信息,我使用 npm:activedirectory 来向Active Directory查询该用户的详细信息。 / p>
I got this working by first getting the username that made the request with npm:express-ntlm. Then with this information, I use npm:activedirectory to query Active Directory for that user's details.
app.use(
ntlm({
domain: process.env.DOMAIN,
domaincontroller: process.env.DOMAINCONTROLLER
})
);
...
app.use("/", authenticate, require("./routes/index"));
在经过身份验证的中间件中,我现在可以访问包含
Inside my authenticate middleware I now have access to req.ntlm which contains
{ DomainName: '...',
UserName: '...',
Workstation: '...',
Authenticated: true }
我设置了ActiveDirectory对象,并注意 bindDN和 bindCredentials,而不是 username和 password:
I setup the ActiveDirectory object, and note "bindDN" and "bindCredentials" instead of "username" and "password":
var ad = new ActiveDirectory({
url: process.env.DOMAINCONTROLLER,
baseDN: process.env.BASEDN,
bindDN: process.env.USERNAME,
bindCredentials: process.env.PASSWORD
});
然后,您可以像在npm:activedirectory文档中那样使用广告对象:
Then you can use the ad object like in the npm:activedirectory documentation:
ad.findUser(req.ntlm.UserName, (err, adUser) => {
...
});
findUser返回诸如名字和姓氏,电子邮件地址之类的东西,这些是我所需要的,但您可以轻松地分组调查。
findUser returns things like first and last name, email address, which is all I needed but you could easily look into groups.
这篇关于使用NodeJS进行Active Directory身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!