先参照《1107-FreeIPA 和 FreeRadius 搭建双因子认证》完成 FreeIPA  环境配置。

vi my-api/config.json

...
    "ldapLogin": {
      "enable": true,
      "server": "ldap://ldap.bybon.cn",
      "baseDn": "uid=manager,cn=users,cn=accounts,dc=bybon,dc=cn",
      "bindPassword": "xxxxxxxx",
      "searchDn": "cn=users,cn=accounts,dc=bybon,dc=cn",
      "searchStandard": "mail",
      "emailPostfix": "@bybon.cn",
      "emailKey": "mail",
      "usernameKey": "displayName"
   }

这里需要修改一下,vi my-yapi/vendors/server/controllers/user.js

理由如下,登录的时候,yapi的逻辑是先判断用户邮件,把邮件中的用户名摘出来,然后加上配置中的邮件域。

这个逻辑在ldap中就不对了,改成如下格式,这样直接输入ldap用户名就可以登录了

  /**
   * ldap登录
   * @interface /user/login_by_ldap
   * @method
   * @category user
   * @foldnumber 10
   * @param {String} email email名称,不能为空
   * @param  {String} password 密码,不能为空
   * @returns {Object}
   *
   */
  async getLdapAuth(ctx) {
    try {
      const { email, password } = ctx.request.body;
      //no const username = email.split(/\@/g)[0];
      //1 const { info: ldapInfo } = await ldap.ldapQuery(email, password);
      //2 const emailPrefix = email.split(/\@/g)[0];
      //3 const emailPostfix = yapi.WEBCONFIG.ldapLogin.emailPostfix;

      //zrr
      const emailPrefix = email.split(/\@/g)[0];
      const emailPostfix = yapi.WEBCONFIG.ldapLogin.emailPostfix;
      const { info: ldapInfo } = await ldap.ldapQuery(
        (emailPostfix ? emailPrefix + emailPostfix : email),password);
      //zrr


      const emailParams =
        ldapInfo[yapi.WEBCONFIG.ldapLogin.emailKey || 'mail'] ||
        (emailPostfix ? emailPrefix + emailPostfix : email);
      const username = ldapInfo[yapi.WEBCONFIG.ldapLogin.usernameKey] || emailPrefix;


  • 无标签
写评论...