| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- /* global WIKI */
- // ------------------------------------
- // LDAP Account
- // ------------------------------------
- const LdapStrategy = require('passport-ldapauth').Strategy
- const fs = require('fs')
- const _ = require('lodash')
- module.exports = {
- init (passport, conf) {
- passport.use('ldap',
- new LdapStrategy({
- server: {
- url: conf.url,
- bindDn: conf.bindDn,
- bindCredentials: conf.bindCredentials,
- searchBase: conf.searchBase,
- searchFilter: conf.searchFilter,
- tlsOptions: (conf.tlsEnabled) ? {
- rejectUnauthorized: conf.verifyTLSCertificate,
- ca: [
- fs.readFileSync(conf.tlsCertPath)
- ]
- } : {},
- includeRaw: true
- },
- usernameField: 'email',
- passwordField: 'password',
- passReqToCallback: true
- }, async (req, profile, cb) => {
- try {
- const userId = _.get(profile, conf.mappingUID, null)
- if (!userId) {
- throw new Error('Invalid Unique ID field mapping!')
- }
- const user = await WIKI.models.users.processProfile({
- providerKey: req.params.strategy,
- profile: {
- id: userId,
- email: String(_.get(profile, conf.mappingEmail, '')).split(',')[0],
- displayName: _.get(profile, conf.mappingDisplayName, '???'),
- picture: _.get(profile, `_raw.${conf.mappingPicture}`, '')
- }
- })
- cb(null, user)
- } catch (err) {
- if (WIKI.config.flags.ldapdebug) {
- WIKI.logger.warn('LDAP LOGIN ERROR (c2): ', err)
- }
- cb(err, null)
- }
- }
- ))
- }
- }
|
