PROSAGA码农传奇-nodejs-NodeJS RADIUS OTP身份验证

<div class =“post-text”itemprop =“text”>
  <P>
    以下是一些信息和指导。
  </p>
  <P>
    可能吗？是。
  </p>
  <P>
    Nodejs Radius包：
    <a href="https://www.npmjs.com/package/radius" rel="nofollow noreferrer">
      https://www.npmjs.com/package/radius
    </A>
    
Nodejs OTP包：
    <a href="https://www.npmjs.com/package/otplib" rel="nofollow noreferrer">
      https://www.npmjs.com/package/otplib
    </A>
  </p>
  <P>
    使用radius包进行OTP的示例：
    <a href="https://github.com/mcguinness/simple-radius-server" rel="nofollow noreferrer">
      https://github.com/mcguinness/simple-radius-server
    </A>
  </p>
  <P>
    您应该能够派生示例并修改它以使用OTP包生成OTP令牌。
  </p>
  <P>
    另一种可能性是在Docker容器中部署FreeIPA，然后使用ldapjs从节点对FreeIPA容器进行身份验证。有关如何使用ldapjs对FreeIPA进行身份验证的示例，请参阅下面的代码。
  </p>
  <P>
  </p>
  <div class =“snippet”data-lang =“js”data-hide =“false”data-console =“true”data-babel =“false”>
    <div class =“snippet-code”>
       <pre class="snippet-code-js lang-js prettyprint-override">
        <code>
          const LDAP = require('ldapjs');

class LDAPAuth {
    constructor({url, base, uid}) {
        this.errorCount = 0
        setInterval(()=>this.errorCount = 0, 10000)
        let self = this
        function createLdap() {
            self.ldap = LDAP.createClient({url})
                .on('error', (error)=> {
                    console.error('Error in ldap',error)
                    self.errorCount++
                    if (self.errorCount > 20) {
                        console.error('Too many errors! Giving up...')
                        process.exit()
                    } else {
                        createLdap()
                    }
                })
        }
        createLdap()
        this.base = base
        this.uid = uid
    }

authenicate({username, password, count = 0}) {
        let dn = `${this.uid}=${username},${this.base}`
        if (count > 5) {
            return Promise.reject('Failed to authenticate with LDAP!')
        }
        return new Promise((resolve, reject)=> {
            this.ldap.bind(dn, password, (err, res) => {
                if (err) {
                    if (err && err.stack && err.stack.indexOf(`${this.url} closed`) > -1) {
                        count++
                        // wait 1 second to give the ldap error handler time to reconnect
                        return setTimeout(()=>resolve(this.authenicate({username, password})), 2000)
                    }
                    console.error('ldap error', err)
                    reject(err)
                }
                if (res) resolve()
                else reject()
            })
        })

}
}

module.exports = LDAPAuth
        </code>
      </pre>
    </DIV>
  </DIV>
  <P>
  </p>
  <P>
    注意：代码示例有问题，我现在不会这样写，但现在已经运行好几年了，所以除非有必要，否则不要触摸它。
  </p>
</DIV>