Question

我尝试让我的symfony使用Active Directory进行授权。我遵循了这个文档：http://symfony.com/blog/new-in-symfony-2-8-ldap-component但没有成功。

表单提交后没有任何真正的更改，我保持匿名。

我试图将一些日志输出添加到Ldap组件，我看到 ldap-＆gt; bind永远不会被触发。 LdapClient，用户和授权提供者和工厂中的Althougn构造函数被解雇。

我想知道我的SecurityController是否存在问题？

感谢任何人。

我制作了一个简单的PHP脚本来测试我的设置，它运行正常：

$ldapserver = 'server.ip.address';
$ldapuser = '_user_for_search_sAMAccountname';
$ldappass = '_user_pass';
$ldapconn = ldap_connect($ldapserver);
if($ldapconn) {
    $ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass);
    if ($ldapbind) echo "LDAP bind successful...\n";
}

这是我的symfony文件（我使用symfony 3.0.3）：

应用程序/配置/ services.yml：

services:
    app.ldap:
        class: Symfony\Component\Ldap\LdapClient
        arguments: [ "server.ip.address" ]

应用程序/配置/ security.yml：

security:
    role_hierarchy:
        ROLE_ADMIN: [ROLE_USER]
    providers:
        app_users:
            ldap:
                service: app.ldap
                base_dn: ou=staff,dc=ldap,dc=server,dc=com
                search_dn: _user_for_search_sAMAccountname
                search_password: _user_pass
                filter: "(sAMAccountName={username})"
                default_roles: ROLE_USER

    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            provider: app_users
            pattern:  ^/
            logout:
                path:   /logout
                target: /
            form_login_ldap:
                service: app.ldap
                dn_string: "{username}" # !!! differs from default but no luck
                check_path: /login_check
                login_path: /login
            security: true
            anonymous: true
    access_control:
        - { path: /login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: /user, roles: ROLE_USER }
        - { path: /.*, roles: IS_AUTHENTICATED_ANONYMOUSLY }

应用程序/配置/ routing.yml中

login:
    path: /login
    defaults: { _controller: R61IP4BillBundle:Security:login }

login_check:
    path: /login_check

logout:
    path: /logout

user:
    path: /user
    defaults: { _controller: R61IP4BillBundle:Default:user }

SecurityController.php：

class SecurityController extends Controller
{
    public function loginAction(Request $request)
    {
        $authenticationUtils = $this->get('security.authentication_utils');
        $error = $authenticationUtils->getLastAuthenticationError();

        return $this->render(
            'R61IP4BillBundle:Security:login.html.twig',
            array(
                'error' => $error,
            )
        );
    }
}

login.html.twig：

{% if error %}
    <div>{{ error.messageKey|trans(error.messageData, 'security') }}</div>
{% endif %}
<form action="{{ path('login') }}" method="post">
    <label for="username">Username:</label>
    <input type="text" id="username" name="_username" />

    <label for="password">Password:</label>
    <input type="password" id="password" name="_password" />

    {#
        If you want to control the URL the user
        is redirected to on success (more details below)
        <input type="hidden" name="_target_path" value="/account" />
    #}
    <button type="submit">login</button>
</form>

这是dev.log。首先，Symfony将我从安全网址重定向到登录表单，然后提交表单。

[2016-03-16 16:23:26] request.INFO: Matched route "user". {"route_parameters":{"_controller":"R61\\IP4BillBundle\\Controller\\DefaultController::userAction","_route":"user"},"request_uri":"http://ip4bill.r61.net.hosting.r61.net/app_dev.php/user"} []
[2016-03-16 16:23:26] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-16 16:23:26] security.DEBUG: Access denied, the user is not fully authenticated; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AccessDeniedException(code: 403): Access Denied. at /http/ip4bill/site/ip4bill/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:70)"} []
[2016-03-16 16:23:26] security.DEBUG: Calling Authentication entry point. [] []
[2016-03-16 16:23:26] request.INFO: Matched route "login". {"route_parameters":{"_controller":"R61\\IP4BillBundle\\Controller\\SecurityController::loginAction","_route":"login"},"request_uri":"http://ip4bill.r61.net.hosting.r61.net/app_dev.php/login"} []
[2016-03-16 16:23:26] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-16 16:23:26] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"722104","_route":"_wdt"},"request_uri":"http://ip4bill.r61.net.hosting.r61.net/app_dev.php/_wdt/722104"} []
[2016-03-16 16:23:31] request.INFO: Matched route "login". {"route_parameters":{"_controller":"R61\\IP4BillBundle\\Controller\\SecurityController::loginAction","_route":"login"},"request_uri":"http://ip4bill.r61.net.hosting.r61.net/app_dev.php/login"} []
[2016-03-16 16:23:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-16 16:23:31] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"22d08e","_route":"_wdt"},"request_uri":"http://ip4bill.r61.net.hosting.r61.net/app_dev.php/_wdt/22d08e"} []

Answer 1

您的表单未使用正确的路径。不应使用path('login')，而应使用path('login_check')。

因此，永远不会针对Ldap服务器检查凭据是正常的。

无法在Symfony 3

1 个答案: