请帮我使用Laravel4进行LDAP身份验证。
我的配置总是返回false
我的 auth.php 是这样的:
<?php
return array(
/*
|--------------------------------------------------------------------------
| Default Authentication Driver
|--------------------------------------------------------------------------
|
| This option controls the authentication driver that will be utilized.
| This driver manages the retrieval and authentication of the users
| attempting to get access to protected areas of your application.
|
| Supported: "database", "eloquent"
|
*/
//'driver' => 'eloquent',
'driver' => 'ldap',
/*
|--------------------------------------------------------------------------
| Authentication Model
|--------------------------------------------------------------------------
|
| When using the "Eloquent" authentication driver, we need to know which
| Eloquent model should be used to retrieve your users. Of course, it
| is often just the "User" model but you may use whatever you like.
|
*/
'username_field' => 'username',
'model' => 'User',
/*
|--------------------------------------------------------------------------
| Authentication Table
|--------------------------------------------------------------------------
|
| When using the "Database" authentication driver, we need to know which
| table should be used to retrieve your users. We have chosen a basic
| default value but you may easily change it to any table you like.
|
*/
'table' => 'users',
/*
|--------------------------------------------------------------------------
| Password Reminder Settings
|--------------------------------------------------------------------------
|
| Here you may set the settings for password reminders, including a view
| that should be used as your password reminder e-mail. You will also
| be able to set the name of the table that holds the reset tokens.
|
| The "expire" time is the number of minutes that the reminder should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'reminder' => array(
'email' => 'emails.auth.reminder',
'table' => 'password_reminders',
'expire' => 60,
),
);
和我的 app / config / adldap.php 是这样的:
<?php
return array(
'account_suffix' => "@pusat.corp.pln.co.id",
'domain_controllers' => array("dc01.pusat.corp.pln.co.id","pusat.corp.pln.co.id"), // An array of domains may be provided for load balancing.
'base_dn' => 'DC=pusat','DC=corp','DC=pln','DC=co','DC=id',
'real_primary_group' => true, // Returns the primary group (an educated guess).
'use_ssl' => false, // If TLS is true this MUST be false.
'use_tls' => false, // If SSL is true this MUST be false.
'recursive_groups' => true,
);
在routes.php中
Route::post('login', function () {
$passhash = Input::get('password');
$credentials = array(
'username' => Input::get('username'),
'password' => Input::get('password')
);
if ($a = Auth::attempt($credentials))
return '<pre>' . print_r(Auth::user(), true);
else
dd($a);
});
答案 0 :(得分:10)
Laravel 4在其核心内置了LDAP身份验证。因此,这是将其添加到您的应用程序的快速而肮脏的方式。它使用内部LDAP PHP函数,因此您需要安装php5-ldap
包:
app / conf / auth.php的配置:
'ldap_tree' => 'OU=anything,DC=domain,DC=com',
'ldap_server' => 'your.ldap.server.com',
这是控制器使用的LDAP类:
class LDAP {
public static function authenticate($username, $password)
{
if(empty($username) or empty($password))
{
Log::error('Error binding to LDAP: username or password empty');
return false;
}
$ldapRdn = static::getLdapRdn($username);
$ldapconn = ldap_connect( Config::get('auth.ldap_server') ) or die("Could not connect to LDAP server.");
$result = false;
if ($ldapconn)
{
$ldapbind = @ldap_bind($ldapconn, $ldapRdn, $password);
if ($ldapbind)
{
$result = true;
} else {
Log::error('Error binding to LDAP server.');
}
ldap_unbind($ldapconn);
} else {
Log::error('Error connecting to LDAP.');
}
return $result;
}
public static function getLdapRdn($username)
{
return str_replace('[username]', $username, 'CN=[username],' . Config::get('auth.ldap_tree'));
}
}
用于处理应用登录的AuthController:
class AuthController extends Controller {
public function __construct(LDAP $ldap)
{
$this->ldap = $ldap;
}
public function login()
{
if ( $this->ldap->authenticate( Input::get('email'), Input::get('password') ) )
{
$user = User::where('email', Input::get('email'))->first();
Auth::login( $user );
return Redirect::to('home');
}
return Redirect::refresh()->with('error', 'User and/or password are incorrect.');
}
public function logout()
{
if ( ! Auth::guest())
{
Auth::logout();
return Redirect::to('message')
->with('message', 'You just logged out.');
}
return Redirect::to('login');
}
}
请注意,此控制器正在为LDAP类使用依赖注入,它将由Laravel自动注入。