javascript ldapjs 认证(用户登录设置)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13255389/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ldapjs authentification (user login setup)
提问by Ross
So I'm currently running node.js, which has ldapjs installed.My aim is to have a system that uses ldapjs to allow users to login with a username and password.
所以我目前正在运行 node.js,它安装了 ldapjs。我的目标是拥有一个使用 ldapjs 允许用户使用用户名和密码登录的系统。
I have been reading over the http://ldapjs.orgdocumentation for awhile now but am struggling to understand the whole idea of ldap and ldapjs's implementation of it.
我已经阅读了http://ldapjs.org文档一段时间了,但我正在努力理解 ldap 和 ldapjs 实现它的整个想法。
I currently have this from the documentation
我目前从文档中得到了这个
var ldap = require('ldapjs');
var server = ldap.createServer();
server.bind('cn=root', function(req, res, next) {
if (req.dn.toString() !== 'cn=root' || req.credentials !== 'secret')
return next(new ldap.InvalidCredentialsError());
res.end();
return next();
});
server.listen(1389, function() {
console.log('LDAP server up at: %s', server.url);
});
Which allows me to run the below and successfully bind to the server.
这使我可以运行以下内容并成功绑定到服务器。
ldapsearch -H ldap://localhost:1389 -x -D cn=root -w secret -LLL -b "o=myhost" objectclass=*
But I'm really unsure of where to go from here or even if this is the correct approach...
但我真的不确定从这里去哪里,或者即使这是正确的方法......
The ideal setup would be to have a range of users and passwords, and on a successful ldap connection confirm the details are correct and respond with a true, or false if the username/pass was incorrect.
理想的设置是拥有一系列用户和密码,并在成功的 ldap 连接上确认详细信息正确,如果用户名/密码不正确,则以 true 或 false 响应。
Does anyone know of any good resources for finding out more about this, or better yet can suggest some basic client/server side code to give me an idea of where to go next!
有没有人知道有什么好的资源可以找到更多关于这方面的信息,或者更好的是可以建议一些基本的客户端/服务器端代码,让我知道下一步要去哪里!
Any replies would be really appreciated.
任何答复将不胜感激。
Many Thanks
非常感谢
回答by Bora
I never used ldapjs, but based on what I just quickly read in its seemingly incomplete document, it can be used to implement an LDAP server or an LDAP client, which seems to be what you're trying to do (i.e., I'm assuming you want to authenticate users in your application against an existing LDAP server). Most of the examples in its document focus on creating an LDAP server that listens on a certain port and interacts with a back-end database. If you're not trying to put an LDAP-based interface between your back-end database or store of users and passwords, then you probably don't need the server API. If you already have an LDAP server running, then you will need to use its client API to do something like this:
我从未使用过 ldapjs,但根据我刚刚在其看似不完整的文档中快速阅读的内容,它可用于实现 LDAP 服务器或 LDAP 客户端,这似乎是您想要做的(即,我假设您要针对现有 LDAP 服务器对应用程序中的用户进行身份验证)。其文档中的大多数示例都侧重于创建一个侦听特定端口并与后端数据库交互的 LDAP 服务器。如果您不想在后端数据库或用户和密码存储之间放置基于 LDAP 的接口,那么您可能不需要服务器 API。如果您已经有一个 LDAP 服务器在运行,那么您将需要使用其客户端 API 来执行以下操作:
1.Bind anonymously to the LDAP server that provides the directory services including the authentication services. It looks like you can just do this with:
1.匿名绑定到提供包括认证服务在内的目录服务的LDAP服务器。看起来你可以这样做:
var ldap = require('ldapjs');
var client = ldap.createClient({
url: 'ldap://my.ldap.server'
});
2.Search by the username (e.g., e-mail address) for the corresponding entry's DN
2.通过用户名(例如,电子邮件地址)搜索相应条目的DN
var opts = {
filter: '(mail=USERNAME)',
scope: 'sub'
};
client.search('ou=users,o=acme.com', opts, function(err, res) {
assert.ifError(err);
res.on('searchEntry', function(entry) {
console.log('entry: ' + JSON.stringify(entry.object));
});
res.on('searchReference', function(referral) {
console.log('referral: ' + referral.uris.join());
});
res.on('error', function(err) {
console.error('error: ' + err.message);
});
res.on('end', function(result) {
console.log('status: ' + result.status);
});
});
3.Grab the DN of the returned entry ( entry.object ). The documentation of this library doesn't talk much about how these objects can be used (e.g., what their methods, properties, etc. are). So, you will have to figure out how to actually get the DN or string representation of the DN of the entry you just retrieved from the directory server. [See the comment(s) below this answer]
3.获取返回条目的DN ( entry.object )。该库的文档并没有过多讨论如何使用这些对象(例如,它们的方法、属性等是什么)。因此,您必须弄清楚如何实际获取您刚刚从目录服务器中检索到的条目的 DN 或字符串表示形式。[请参阅此答案下方的评论]
4.Rebind to the server using that DN:
4.使用该DN重新绑定到服务器:
client.bind(DN_RETRIEVED, PASSWORD_USER_ENTERED, function(err) {
assert.ifError(err);
});
5.The result of the bind above is what you will need to use to determine whether or not the authentication was successful.
5.上面绑定的结果是您需要用来确定身份验证是否成功的结果。
If you are trying to implement an LDAP server in front of your user/password data store for LDAP-based authentication, then you will need to follow their server examples. I personally think this is an overkill and could be problematic in terms of security.
如果您尝试在您的用户/密码数据存储前面实现 LDAP 服务器以进行基于 LDAP 的身份验证,那么您将需要遵循他们的服务器示例。我个人认为这是一种矫枉过正,在安全方面可能会出现问题。
