1. 首頁
  2. 問答
  3. 節點JS LDAP驗證用戶

節點JS LDAP驗證用戶

2013-07-22 119 views
11

我創建一個登錄驗證頁面,用戶將輸入有活動目錄的用戶名和密碼,使用的NodeJS我會檢查,看它是否是有效的,但我不斷收到節點JS LDAP驗證用戶

[Error: LDAP Error Bad search filter] 


[Error: Search returned != 1 results]

當我試圖尋找的用戶名和密碼,我的代碼如下:

我使用:https://github.com/jeremycx/node-LDAP,讓我們說,用戶進入hhill的用戶名

var ldap = require('LDAP'); 
    var ldapServer = new ldap({ uri: 'ldap://batman.lan', version: 3}); 

    ldapServer.open(function(error) { 
     if(error) { 
      throw new Error('Cant not connect'); 
     } else { 
      console.log('---- connected to ldap ----'); 

      username = '(cn='+username+')'; 
      ldapServer.findandbind({ 
       base: 'ou=users,ou=compton,dc=batman,dc=lan', 
       filter: username, 
       password: password 
      }, function(error, data) { 
       if(error){ 
        console.log(error); 
       } else { 
        console.log('---- verified user ----'); 
       } 
      }); 
     } 
    });

有沒有人有什麼我做錯了什麼建議?

UPDATE

這裏是我想出了一旦有人需要它,有答案的幫助下

var username = request.param('username'); 
    var password = request.param('password'); 

    var ldap = require('ldapjs'); 
    ldap.Attribute.settings.guid_format = ldap.GUID_FORMAT_B; 
    var client = ldap.createClient({ 
      url: 'ldap://batman.com/cn='+username+', ou=users, ou=compton, dc=batman, dc=com', 
      timeout: 5000, 
      connectTimeout: 10000 
    }); 
    var opts = { 
     filter: '(&(objectclass=user)(samaccountname='+username+'))', 
     scope: 'sub', 
     attributes: ['objectGUID'] 
    }; 

    console.log('--- going to try to connect user ---'); 

    try { 
     client.bind(username, password, function (error) { 
      if(error){ 
       console.log(error.message); 
       client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
      } else { 
       console.log('connected'); 
       client.search('ou=users, ou=compton, dc=batman, dc=com', opts, function(error, search) { 
        console.log('Searching.....'); 

        search.on('searchEntry', function(entry) { 
         if(entry.object){ 
          console.log('entry: %j ' + JSON.stringify(entry.object)); 
         } 
        }); 

        search.on('error', function(error) { 
         console.error('error: ' + error.message); 
        }); 

        client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
       }); 
      } 
     }); 
    } catch(error){ 
     console.log(error); 
     client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
    }

來源

2013-07-22 Sukh

+0

在第一種情況下,過濾器實際上是傳輸到服務器?在第二種情況下,多個對象與搜索參數匹配:也許它只需要一個匹配。 –

回答

8

在這種情況下,解決方案,需要ldapClient而非ldapServer,這是官方示例代碼doc

var ldap = require('ldapjs'); 

ldap.Attribute.settings.guid_format = ldap.GUID_FORMAT_B; 

var client = ldap.createClient({ 
    url: 'ldap://127.0.0.1/CN=test,OU=Development,DC=Home' 
}); 

var opts = { 
    filter: '(objectclass=user)', 
    scope: 'sub', 
    attributes: ['objectGUID'] 
}; 

client.bind('username', 'password', function (err) { 
    client.search('CN=test,OU=Development,DC=Home', opts, function (err, search) { 
    search.on('searchEntry', function (entry) { 
     var user = entry.object; 
     console.log(user.objectGUID); 
    }); 
    }); 
});

來源

2013-07-22 23:48:09 zsong

+1

我試過上面的,我得到以下錯誤oSuchObjectError:0000208D:NameErr:DSID-0310020A,問題2001(NO_OBJECT),數據0,最佳匹配: \t'OU = Users,OU = Newyork,DC = basingloc ,DC = lan' 它連接,但搜索失敗。在線search.on @sza – Sukh

+0

剛解決的問題,我有使用此解決方案。謝謝@zsong! –

7

@蘇克h謝謝你發佈你的UPDATE解決方案;但是,您在UPDATE中發佈的代碼存在問題。雖然它適用於簡單的情況,但對於較大的查詢,您會發現在輸出結果之前您將解除綁定。對我來說,解決方案是將你的解除綁定到search.on函數中。

這是你更新的編輯:

var ldap = require('ldapjs'); 
ldap.Attribute.settings.guid_format = ldap.GUID_FORMAT_B; 
var client = ldap.createClient({ 
     url: 'ldap://batman.com/cn='+username+', ou=users, ou=compton, dc=batman, dc=com', 
     timeout: 5000, 
     connectTimeout: 10000 
}); 
var opts = { 
    filter: '(&(objectclass=user)(samaccountname='+username+'))', 
    scope: 'sub', 
    //attributes: ['objectGUID'] 
    // This attribute list is what broke your solution 
    attributes: ['objectGUID','sAMAccountName','cn','mail','manager','memberOf'] 
}; 

console.log('--- going to try to connect user ---'); 

try { 
    client.bind(username, password, function (error) { 
     if(error){ 
      console.log(error.message); 
      client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
     } else { 
      console.log('connected'); 
      client.search('ou=users, ou=compton, dc=batman, dc=com', opts, function(error, search) { 
       console.log('Searching.....'); 

       search.on('searchEntry', function(entry) { 
        if(entry.object){ 
         console.log('entry: %j ' + JSON.stringify(entry.object)); 
        } 
        client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
       }); 

       search.on('error', function(error) { 
        console.error('error: ' + error.message); 
        client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
       }); 

       // don't do this here 
       //client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
      }); 
     } 
    }); 
} catch(error){ 
    console.log(error); 
    client.unbind(function(error) {if(error){console.log(error.message);} else{console.log('client disconnected');}}); 
}

至少這是我使用與Active Directory搜索解決方案時發現的。返回的memberOf條目很多我的使用情況和解除綁定正在做過早,所以我得到以下錯誤:

error: 1__ldap://my.domain.com/,OU=Employees,OU=Accounts,DC=my,DC=domain,DC=com closed 
client disconnected

來源

2013-10-28 18:06:18 Shaun

相關問題

 相關問題