我是Nodejs的初学者,我正在尝试在Web应用程序中包括Active Directory身份验证。另外,我正在尝试在允许用户使用该用户之前检查该用户是否属于某个组。我正在尝试关注this article,但它对我不起作用:
我使用了以下代码:
var passport = require('passport')
var ActiveDirectoryStrategy = require('passport-activedirectory')
var ActiveDirectory = require('activedirectory')
var ad = new ActiveDirectory({
url: 'ldap://my.domain.com',
baseDN: 'DC=my,DC=domain,DC=com',
username: '[email protected]',
password: 'readuserspassword'
})
passport.use(new ActiveDirectoryStrategy({
integrated: false,
ldap: ad
}, function (profile, ad, done) {
ad.isUserMemberOf(profile._json.dn, 'AccessGroup', function (err, isMember)
{
if (err) return done(err)
return done(null, profile)
})
}))
作为中间件,我使用以下代码:
var opts = { failWithError: true }
app.post('/login', passport.authenticate('ActiveDirectory', opts),
function(req, res) {
res.json(req.user)
}, function (err) {
res.status(401).send('Not Authenticated')
})
但是,当我尝试打开“登录”页面时收到此错误:
AuthenticationError:未经授权完全失败(D:\ Java Script \ NodeJs \ Printer \ node_modules \ passport \ lib \ middleware \ authenticate.js:172:21)尝试(D:\ Java Script \ NodeJs \ Printer \ node_modules \ passport \ lib \ Middleware \ authenticate.js:180:28)在Strategy.strategy.fail(D:\ Java Script \ NodeJs \ Printer \ node_modules \ passport \ lib \ middleware \ authenticate.js:297:9)在D:\ Java Script \ NodeJs \ Printer \ node_modules \ passport-activedirectory \ index.js:143:22在onFind(D:\ Java Script \ NodeJs \ Printer \ node_modules \ activedirectory \ lib \ activedirectory.js:1334:21)在onSearchEnd(D:\ Java Script \ NodeJs \ Printer \ node_modules \ activedirectory \ lib \ activedirectory.js:506:21)在EventEmitter。 (D:\ Java Script \ NodeJs \ Printer \ node_modules \ activedirectory \ lib \ activedirectory.js:540:7)在emitOne上(events.js:116:13)在EventEmitter.emit(events.js:211:7)在sendResult(D:\ Java Script \ NodeJs \ Printer \ node_modules \ ldapjs \ lib \ client \ client.js:1389:22)在messageCallback(D:\ Java Script \ NodeJs \ Printer \ node_modules \ ldapjs \ lib \ client \ client.js:1421:16)在Parser.onMessage(D:\ Java Script \ NodeJs \ Printer \ node_modules \ ldapjs \ lib \ client \ client.js:1089:14)在emitOne(events.js:116:13)在Parser.emit(events.js:211:7)在Parser.write(D:\ Java Script \ NodeJs \ Printer \ node_modules \ ldapjs \ lib \ messages \ parser.js:111:8)最后(D:\ Java Script \ NodeJs \ Printer \ node_modules \ ldapjs \ lib \ messages \ parser.js:66:19)
非常感谢您的帮助。谢谢
而不是创建活动目录的实例(var ad = ... bla bla),请尝试在通行证策略上设置ldap密钥值:
ldap: {
url: 'ldap://my.domain.com',
baseDN: 'DC=my,DC=domain,DC=com',
username: '[email protected]',
password: 'readuserspassword'
}
身份验证方法应如下所示:
router.post('/login', function(req, res, next) {
passport.authenticate('ActiveDirectory', { failWithError: true }, function(err, user, info) {
if (err) { return next(JSON.stringify(err)); }
if (!user) { return res.send({ success : false, message : 'authentication failed' }); }
return res.status(200).json({ user });
})(req, res, next); });