1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/* global WIKI */
// ------------------------------------
// LDAP Account
// ------------------------------------
const LdapStrategy = require('passport-ldapauth').Strategy
const fs = require('fs')
const _ = require('lodash')
module.exports = {
init (passport, conf) {
passport.use('ldap',
new LdapStrategy({
server: {
url: conf.url,
bindDn: conf.bindDn,
bindCredentials: conf.bindCredentials,
searchBase: conf.searchBase,
searchFilter: conf.searchFilter,
tlsOptions: (conf.tlsEnabled) ? {
rejectUnauthorized: conf.verifyTLSCertificate,
ca: [
fs.readFileSync(conf.tlsCertPath)
]
} : {}
},
usernameField: 'email',
passwordField: 'password',
passReqToCallback: false
}, async (profile, cb) => {
try {
const userId = _.get(profile, conf.mappingUID, null)
if (!userId) {
throw new Error('Invalid Unique ID field mapping!')
}
const user = await WIKI.models.users.processProfile({
profile: {
id: userId,
email: _.get(profile, conf.mappingEmail, ''),
displayName: _.get(profile, conf.mappingDisplayName, '???'),
picture: _.get(profile, conf.mappingPicture, '')
},
providerKey: 'ldap'
})
cb(null, user)
} catch (err) {
if (WIKI.config.flags.ldapdebug) {
WIKI.logger.warn('LDAP LOGIN ERROR (c2): ', err)
}
cb(err, null)
}
}
))
}
}