使用 NodeJS 进行 Active Directory 身份验证 [英] Active Directory authentication with NodeJS
问题描述
我正在尝试构建一台 NodeJS 服务器并计划使用该组织的 Microsoft Active Directory 进行身份验证.
I'm trying to build one NodeJS server and planning to use the organization's Microsoft Active Directory for authentication.
我对许多软件包(activedirectory、activedirectory2、ldapjs 等)尝试了同样的方法
I tried the same with many packages (activedirectory, activedirectory2, ldapjs etc.)
但它们似乎都不适合我.
But none of them seems to work for me.
我提供了 LDAP URL,下面是我的代码.
I'm supplying the LDAP URL and below is my code.
var ldapjs = require('ldapjs');
var config = { url: 'ldap://mycompany.com/dc=mycompany,dc=com'
,timeout: 10
,reconnect: {
"initialDelay": 100,
"maxDelay": 500,
"failAfter": 5
}
}
var username = "user_id@mycompany.com";
var password="password";
const ldapClient = ldapjs.createClient(config);
ldapClient.bind(username, password, function (err) {
console.log("Logging data...");
ldapClient.search('dc=mycompany,dc=com', function (err, search) {
if (err) {
console.log('ERROR: ' +JSON.stringify(err));
return;
}
search.on('searchEntry', function (err,entry) {
if (err) {
console.log('ERROR: ' +JSON.stringify(err));
return;
}
else{
var user = entry.object;
console.log("Done.");
return;
}
});
});
});
有时它可以工作,但在大多数情况下,我不断收到以下错误(可能是当它选择了不同的 IP 时)
Sometimes it works, but for most of the times I keep on getting following error (may be when it chooses a different IP)
Error: connect ETIMEDOUT <ip address>:389
at Object.exports._errnoException (util.js:1018:11)
at exports._exceptionWithHostPort (util.js:1041:20)
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1090:14)
令我困惑的是;如果我在我的 C# 应用程序中尝试使用相同的 LDAP URL,它工作正常.
What puzzles me is; if I try with the same LDAP URL in my C# application, it works fine.
.Net 应用程序使用它的方式与 NodeJS 使用的方式有什么不同吗?
Is there a difference in the way .Net app uses it than the way NodeJS uses?
我可以通过某种方式更改我的代码以使其正常工作吗?
Can I change my code in some way to make it work?
推荐答案
因为这是 Google 搜索结果中弹出的第一个问题,而且我花了很长时间才弄清楚如何使用 Active Directory 身份验证,所以我我将分享本教程中的解决方案.
Because this is the first question that pops up in Google's search result, and it took me quite some time to figure out how to use Active Directory Authentication, I'm going to share the solution from This tutorial.
与我在互联网上找到的其他示例相比,它非常容易理解和实现:
It was very easy to understand and implement comparing to other examples I've found on the internet:
npm install --save activedirectory
// Initialize
var ActiveDirectory = require('activedirectory');
var config = {
url: 'ldap://dc.domain.com',
baseDN: 'dc=domain,dc=com'
};
var ad = new ActiveDirectory(config);
var username = 'john.smith@domain.com';
var password = 'password';
// Authenticate
ad.authenticate(username, password, function(err, auth) {
if (err) {
console.log('ERROR: '+JSON.stringify(err));
return;
}
if (auth) {
console.log('Authenticated!');
}
else {
console.log('Authentication failed!');
}
});
最困难的部分是弄清楚用户名使用什么后缀.
The most difficult part was to figure out what suffix to use for the username.
我收到错误:
错误:{"lde_message":"80090308: LdapErr: DSID-0C090400,评论:AcceptSecurityContext 错误,数据 52e,v1db1u0000","lde_dn":null}
ERROR: {"lde_message":"80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1u0000","lde_dn":null}
在最终设置正确的后缀之前,对我来说是这样的:var username = 'john.smith@foo.companyname.com
Before finally setting the right suffix, for me it was something like:
var username = 'john.smith@foo.companyname.com
这篇关于使用 NodeJS 进行 Active Directory 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
