Hyperledger fabric 通过hyperledger fabric ca使用誓言或电子邮件/密码注册/登录
我是Hyperledger Fabric开发的新手,我正在尝试进行用户友好的注册Hyperledger fabric 通过hyperledger fabric ca使用誓言或电子邮件/密码注册/登录,hyperledger-fabric,hyperledger,user-registration,hyperledger-fabric-ca,Hyperledger Fabric,Hyperledger,User Registration,Hyperledger Fabric Ca,我是Hyperledger Fabric开发的新手,我正在尝试进行用户友好的注册 例如: +从google帐户使用Oauth +或者使用传统的电子邮件密码注册 我已经阅读了hyperledger fabric文档,并尝试了其中的一些示例。我只知道新身份创建过程如下: 1.使用fabric ca客户端或SDK从fabric ca服务器获取管理员身份 2.使用该管理员标识注册新标识。 3.然后,fabric ca服务器将发回新身份的ID和密码(所谓的密码) 4.用户将使用该ID和密码注册新用户,以及
例如:
+从google帐户使用Oauth
+或者使用传统的电子邮件密码注册 我已经阅读了hyperledger fabric文档,并尝试了其中的一些示例。我只知道新身份创建过程如下:
1.使用fabric ca客户端或SDK从fabric ca服务器获取管理员身份
2.使用该管理员标识注册新标识。
3.然后,fabric ca服务器将发回新身份的ID和密码(所谓的密码)
4.用户将使用该ID和密码注册新用户,以及创建交易等。
所以,我的问题是:
(我以前读过这个问题:,所以我认为有一种方法可以做到这一点,但还没有找到答案)
您可以使用Ldap进行身份验证,并使用mysql或postgres任何这些数据库连接fabric-ca。由于您将使用Ldap,您将能够使用普通电子邮件和密码进行注册,这是根据hyperledger fabric docs推荐的方法 结构CA服务器可以配置为从LDAP服务器读取
ldap:
# Enables or disables the LDAP client (default: false)
enabled: false
# The URL of the LDAP server
url: <scheme>://<adminDN>:<adminPassword>@<host>:<port>/<base>
userfilter: <filter>
attribute:
# 'names' is an array of strings that identify the specific attributes
# which are requested from the LDAP server.
names: <LDAPAttrs>
# The 'converters' section is used to convert LDAP attribute values
# to fabric CA attribute values.
#
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
#
# As another example, assume a user has an LDAP attribute named
# 'member' which has multiple values of "dn1", "dn2", and "dn3".
# Further assume the following configuration.
# converters:
# - name: myAttr
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: client
# - name: dn2
# value: peer
# The value of the user's 'myAttr' attribute is then computed to be
# "client,peer,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "client" and "dn2" with "peer".
converters:
- name: <fcaAttrName>
value: <fcaExpr>
maps:
<mapName>:
- name: <from>
value: <to>
特别是,结构CA服务器可以连接到LDAP服务器以执行以下操作:
注册前验证身份
检索用于授权的标识的属性值。
修改结构CA服务器配置文件的LDAP部分,以将服务器配置为连接到LDAP服务器
ldap:
# Enables or disables the LDAP client (default: false)
enabled: false
# The URL of the LDAP server
url: <scheme>://<adminDN>:<adminPassword>@<host>:<port>/<base>
userfilter: <filter>
attribute:
# 'names' is an array of strings that identify the specific attributes
# which are requested from the LDAP server.
names: <LDAPAttrs>
# The 'converters' section is used to convert LDAP attribute values
# to fabric CA attribute values.
#
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
#
# As another example, assume a user has an LDAP attribute named
# 'member' which has multiple values of "dn1", "dn2", and "dn3".
# Further assume the following configuration.
# converters:
# - name: myAttr
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: client
# - name: dn2
# value: peer
# The value of the user's 'myAttr' attribute is then computed to be
# "client,peer,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "client" and "dn2" with "peer".
converters:
- name: <fcaAttrName>
value: <fcaExpr>
maps:
<mapName>:
- name: <from>
value: <to>
ldap:
#启用或禁用LDAP客户端(默认值:false)
已启用:false
#LDAP服务器的URL
url:://在这里