Freeipa接入Yapi.
vi my-api/config.json
1...
2 "ldapLogin": {
3 "enable": true,
4 "server": "ldap://ldap.bybon.cn",
5 "baseDn": "uid=manager,cn=users,cn=accounts,dc=bybon,dc=cn",
6 "bindPassword": "xxxxxxxx",
7 "searchDn": "cn=users,cn=accounts,dc=bybon,dc=cn",
8 "searchStandard": "mail",
9 "emailPostfix": "@bybon.cn",
10 "emailKey": "mail",
11 "usernameKey": "displayName"
12 }
这里需要修改一下,vi my-yapi/vendors/server/controllers/user.js
理由如下,登录的时候,yapi的逻辑是先判断用户邮件,把邮件中的用户名摘出来,然后加上配置中的邮件域。
这个逻辑在ldap中就不对了,改成如下格式,这样直接输入ldap用户名就可以登录了
1 /**
2 * ldap登录
3 * @interface /user/login_by_ldap
4 * @method
5 * @category user
6 * @foldnumber 10
7 * @param {String} email email名称,不能为空
8 * @param {String} password 密码,不能为空
9 * @returns {Object}
10 *
11 */
12 async getLdapAuth(ctx) {
13 try {
14 const { email, password } = ctx.request.body;
15 //no const username = email.split(/\@/g)[0];
16 //1 const { info: ldapInfo } = await ldap.ldapQuery(email, password);
17 //2 const emailPrefix = email.split(/\@/g)[0];
18 //3 const emailPostfix = yapi.WEBCONFIG.ldapLogin.emailPostfix;
19
20 //zrr
21 const emailPrefix = email.split(/\@/g)[0];
22 const emailPostfix = yapi.WEBCONFIG.ldapLogin.emailPostfix;
23 const { info: ldapInfo } = await ldap.ldapQuery(
24 (emailPostfix ? emailPrefix + emailPostfix : email),password);
25 //zrr
26
27
28 const emailParams =
29 ldapInfo[yapi.WEBCONFIG.ldapLogin.emailKey || 'mail'] ||
30 (emailPostfix ? emailPrefix + emailPostfix : email);
31 const username = ldapInfo[yapi.WEBCONFIG.ldapLogin.usernameKey] || emailPrefix;
