/
ldap.js
98 lines (85 loc) · 2.5 KB
/
ldap.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
'use strict'
const ldap = require('ldapjs')
const config = require('config')
const ldapConf = config.get('ldap')
function createClient (opts) {
return new Promise((resolve, reject) => {
const dn = opts.credentials.dn
const passwd = opts.credentials.passwd
const client = ldap.createClient(opts)
function onConnect () {
client.removeListener('error', onError)
client.bind(dn, passwd, err => {
/* istanbul ignore if */
if (err) reject(new Error(err))
else resolve(client)
})
}
/* istanbul ignore next */
function onError (err) {
client.removeListener('connect', onConnect)
reject(new Error(err))
}
client.once('connect', onConnect)
client.once('error', onError)
client.once('connectTimeout', /* istanbul ignore next */ () => {
onError(new Error('connect timeout'))
})
})
}
module.exports = class LDAPUtil {
static async createClient () {
return createClient({
url: ldapConf.server,
credentials: {
dn: ldapConf.bindDN,
passwd: ldapConf.password
}
})
}
static closeClient (client) {
client.destroy()
}
static get enable () {
return !!ldapConf.server
}
static async authenticate (username, password, client) {
return new Promise((resolve, reject) => {
if (!client) return reject(new Error('LDAP connection is not yet bound'))
const opts = {
scope: 'sub',
filter: `(${ldapConf.filter.attributeName}=${username})`
}
client.search(ldapConf.filter.base, opts, (err, search) => {
/* istanbul ignore if */
if (err) return reject(new Error(err))
const items = []
search.on('error', /* istanbul ignore next */ e => {
if (e) reject(new Error(e))
})
search.on('searchEntry', entry => {
items.push(entry.object)
})
search.on('end', result => {
if (items.length === 1) {
// create ldap client for user bind
createClient({
url: ldapConf.server,
credentials: {
dn: items[0].dn,
passwd: password
}
}).then(client => {
// unbind connection is disconnected
client.unbind(() => resolve(true))
}).catch(() => {
reject(new Error('用户名或密码错误'))
})
} else {
reject(new Error('用户名或密码错误'))
}
})
})
})
}
}