1

我正在使用ldapjs包。我正在使用此代码,它允许我使用readonly凭据绑定到 ldap 服务器并从中提取一个用户配置文件ou=people

'use strict';

// Figure 1

const ldap = require('ldapjs');

const ldapClient = ldap.createClient({
  url: 'ldap://127.0.0.1:389'
});

const username = 'cn=readonly,dc=vodolaz095,dc=life';
const password = 'readonly';

ldapClient.bind(
  username,
  password,
  function (error) {
    if (error) {
      throw error;
    }
    console.log('bind performed');

    ldapClient.search('ou=people,dc=vodolaz095,dc=life', {
      filter: `(uid=vodolaz095)`,
      scope: 'one',
      attributes: ['uid', 'dn', 'cn', 'mail']
    }, function (error, res) {
      if (error) {
        throw error;
      }
      res.on('searchEntry', function (data) {
        // console.log('Data found', data);
        console.log('Data object', JSON.stringify(data.object, null, 2));
      });
      res.once('error', function(error){
        throw error;
      });
      res.once('end', function () {
        console.log('Completed');
        process.exit(0)
      });
    });
  }
);

现在,我将用户名和密码更改为受限用户的用户名和密码,我通过readonly凭据提取并执行相同的代码:


// same code as in figure 1

const username = 'uid=vodolaz095,ou=people,dc=vodolaz095,dc=life';
const password = 'thisIsNotAPassword123';

// same code as in figure 1

我可以绑定到ldap服务器,没问题。但是当我尝试获取自己的个人资料时,它返回给我 NoSuchObjectError: No such Object 错误

所以,问题是:我怎样openldap 才能获得我绑定的用户的个人资料?比如,我怎样才能发出whoami命令?

4

1 回答 1

1

您可以通过base使用您的 bindDN 设置搜索来获取您绑定的用户的条目,并将范围设置为base(没有任何过滤器)。

因此,如果username是 bindDN,这应该可以工作:

ldapClient.search(username, {
  scope: 'base',
  attributes: ['uid', 'dn', 'cn', 'mail']
}

UPD:按预期工作的完整代码示例:



'use strict';

const ldap = require('ldapjs');

const ldapClient = ldap.createClient({
  url: 'ldap://127.0.0.1:389'
});


const username = 'uid=vodolaz095,ou=people,dc=vodolaz095,dc=life'
const password = 'thisIsVerySecureSecretPassword';


ldapClient.bind(
  username,
  password,
  function (error) {
    if (error) {
      throw error;
    }
    console.log('bind performed');

    ldapClient.search('uid=vodolaz095,ou=people,dc=vodolaz095,dc=life', { // notice, full id of user profile here
      filter: `(uid=vodolaz095)`, // seems to be ignored, same result, if filter used or not used
      scope: 'base', // important
      attributes: ['uid', 'dn', 'cn', 'mail']
    }, function (error, res) {
      if (error) {
        throw error;
      }
      res.on('searchEntry', function (data) {
        // console.log('Data found', data);
        console.log('Data object', JSON.stringify(data.object, null, 2));
      });
      res.once('error', function (error){
        throw error;
      });
      res.once('end', function () {
        console.log('All passed');
        process.exit(0);
      });
    });
  }
);
于 2021-02-02T10:17:13.653 回答