使用LDAP FR3DLdapBundle的Symfony2 FOSUSER

时间:2016-03-21 17:27:15

标签: php symfony ldap fosuserbundle fr3dldapbundle

我正在尝试使用LDAP连接来授权我的用户,同时保持FOSUser管理它们,我正在使用本教程http://blog.henriet.eu/authentification-ldap-avec-symfony-2.1-et-fosuserbundle.html

获得当前配置

fr3d_ldap:
    driver:
        host:                dsti-dc1
        port:                389    # Optional
        #username:                # Optional
       # password:                # Optional
        bindRequiresDn:      true   # Optional
        baseDn: dc=cm-funchal, dc=pt
#       accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
#       optReferrals:        false  # Optional
        useSsl:              false   # Enable SSL negotiation. Optional
#       useStartTls:         true   # Enable TLS negotiation. Optional
#       accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
#       accountDomainName: HOST
#       accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
    user:
        baseDn: dc=cm-funchal, dc=pt
        filter: (&(objectClass=user))
        attributes:
           - { ldap_attr: samaccountname,  user_method: setUsername } # champ login
         #  - { ldap_attr: sn, user_method: setName }
        #   - { ldap_attr: preferredlanguage, user_method: setLanguage }
         #  - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser

#           - { ldap_attr: ...,  user_method: ... }         # Optional
#   service:
#       user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator
#       ldap_manager: fr3d_ldap.ldap_manager.default   # Overrides default ldap manager

当我尝试登录时,我总是得到“无效的凭据”但是通过命令行

ldapsearch -H ldap://dsti-dc1:389 -x -b DC=cm-funchal,DC=pt -D test@cm-funchal.pt -w 'tetst

我得到了大量数据的回复。知道为什么捆绑不会验证凭据? TY

修改 我正在发布我的完整配置

//security.yml

security:
  # Preserve plain text password in token for refresh the user.
  # Analyze the security considerations before turn off this setting.
  erase_credentials: false


  providers:
    chain_provider:
      chain:
        providers: [fos_userbundle, fr3d_ldapbundle]
    fr3d_ldapbundle:
      id: fr3d_ldap.security.user.provider
    fos_userbundle:
      id: fos_user.user_manager

  firewalls:
    main:
      pattern: ^/
      fr3d_ldap: ~
      form_login:
          provider: chain_provider
          csrf_token_generator: security.csrf.token_manager
          always_use_default_target_path: true
          default_target_path: /
      logout:     true
      anonymous:  true


  encoders:
      LDAPCMF\AuthBundle\Entity\User: plaintext

// CONFIG.yml

imports:
    - { resource: parameters.yml }
    - { resource: security.yml }
    - { resource: services.yml }

# Put parameters here that don't need to change on each machine where the app is deployed
# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
    locale: en

framework:
    #esi:             ~
    #translator:      { fallbacks: ["%locale%"] }
    secret:          "%secret%"
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    #serializer:      { enable_annotations: true }
    templating:
        engines: ['twig']
    default_locale:  "%locale%"
    trusted_hosts:   ~
    trusted_proxies: ~
    session:
        # handler_id set to null will use default session handler from php.ini
        handler_id:  ~
    fragments:       ~
    http_method_override: true

# Twig Configuration
twig:
    debug:            "%kernel.debug%"
    strict_variables: "%kernel.debug%"

# Doctrine Configuration
doctrine:
    dbal:
        driver:   pdo_mysql
        host:     "%database_host%"
        port:     "%database_port%"
        dbname:   "%database_name%"
        user:     "%database_user%"
        password: "%database_password%"
        charset:  UTF8
        # if using pdo_sqlite as your database driver:
        #   1. add the path in parameters.yml
        #     e.g. database_path: "%kernel.root_dir%/data/data.db3"
        #   2. Uncomment database_path in parameters.yml.dist
        #   3. Uncomment next line:
        #     path:     "%database_path%"

    orm:
        auto_generate_proxy_classes: "%kernel.debug%"
        naming_strategy: doctrine.orm.naming_strategy.underscore
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: "%mailer_transport%"
    host:      "%mailer_host%"
    username:  "%mailer_user%"
    password:  "%mailer_password%"
    spool:     { type: memory }


fos_user:
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
    firewall_name: main
    user_class: LDAPCMF\AuthBundle\Entity\User

fr3d_ldap:
    driver:
        host:                dsti-dc1
        port:                389    # Optional
        username:            test@cm-funchal.pt
        password:            test    # Optional
        bindRequiresDn:      true   # Optional
        baseDn: dc=cm-funchal, dc=pt
#       accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
#       optReferrals:        false  # Optional
        useSsl:              false   # Enable SSL negotiation. Optional
#       useStartTls:         true   # Enable TLS negotiation. Optional
#       accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
#       accountDomainName: HOST
#       accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
    user:
        baseDn: dc=cm-funchal, dc=pt
        filter: (&(objectClass=Person))
        attributes:
           - { ldap_attr: samaccountname,  user_method: setUsername } # champ login
         #  - { ldap_attr: sn, user_method: setName }
        #   - { ldap_attr: preferredlanguage, user_method: setLanguage }
         #  - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser

#           - { ldap_attr: ...,  user_method: ... }         # Optional
#   service:
#       user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator
#       ldap_manager: fr3d_ldap.ldap_manager.default   # Overrides default ldap manager

和我的用户类:

namespace LDAPCMF\AuthBundle\Entity;


use Doctrine\ORM\Mapping as ORM;
use FR3D\LdapBundle\Model\LdapUserInterface;
use FOS\UserBundle\Model\User as BaseUser;

/**
 * User
 *
 * @ORM\Table()
 * @ORM\Entity
 */
class User extends BaseUser implements LdapUserInterface
{

    /**
     * @ORM\Id
     * @ORM\Column(type="integer")
     * @ORM\GeneratedValue(strategy="AUTO")
     */
    protected $id;

    /**
     * @ORM\Column(type="string", nullable=true)
     */
    protected $name;

    /**
     * Ldap Object Distinguished Name
     * @ORM\Column(type="string", length=128)
     * @var string $dn
     */
    private $dn;

    public function __construct()
    {
        parent::__construct();
        if (empty($this->roles)) {
            $this->roles[] = 'ROLE_USER';
        }
    }

    public function setName($name) {
        $this->name = $name;
    }

    /**
     * {@inheritDoc}
     */
    public function setDn($dn)
    {
        $this->dn = $dn;
    }

    /**
     * {@inheritDoc}
     */
    public function getDn()
    {
        return $this->dn;
    }

}

我现在正在

Authentication request could not be processed due to a system problem.

编辑2

这样的接缝是服务器问题?尝试使用http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/捆绑并完美地工作,但当我更改为我的服务器时,我得到了错误。可能与ldap配置有关吗?

编辑3

获得以下dev.log

[2016-03-23 13:05:30] request.INFO: Matched route "fos_user_security_check". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::checkAction","_route":"fos_user_security_check"},"request_uri":"http://localhost:8000/login_check"} []
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"function":"trigger_error"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/ChainUserProvider.php","line":49,"function":"loadUserByUsername","class":"FOS\\UserBundle\\Model\\UserManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php","line":55,"function":"loadUserByUsername","class":"Symfony\\Component\\Security\\Core\\User\\ChainUserProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php","line":70,"function":"retrieveUser","class":"FR3D\\LdapBundle\\Security\\Authentication\\LdapAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2667,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php","line":107,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php","line":146,"function":"attemptAuthentication","class":"Symfony\\Component\\Security\\Http\\Firewall\\UsernamePasswordFormAuthenticationListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2582,"function":"handle","class":"Symfony\\Component\\Security\\Http\\Firewall\\AbstractAuthenticationListener","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1853,"function":"call_user_func"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1771,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":132,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":120,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":62,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php","line":69,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":185,"function":"handle","class":"Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Resources/config/router_dev.php","line":40,"args":["/home/sergio/Desktop/RSU/web/app_dev.php"],"function":"require"}]} []
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["semivi@cm-funchal.pt"] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))(sAMAccountName=semivi@cm-funchal.pt)), sAMAccountName,cn,mail) [] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] []
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928} []
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["semivi@cm-funchal.pt"] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))(sAMAccountName=semivi@cm-funchal.pt)), sAMAccountName,cn,mail) [] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] []
[2016-03-23 13:05:30] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:94, FR3D\\LdapBundle\\Driver\\LdapDriverException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php:55)"} []
[2016-03-23 13:05:30] security.DEBUG: Authentication failure, redirect triggered. {"failure_path":"/login"} []
[2016-03-23 13:05:31] request.INFO: Matched route "fos_user_security_login". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::loginAction","_route":"fos_user_security_login"},"request_uri":"http://localhost:8000/login"} []
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-23 13:05:31] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"8a4680","_route":"_wdt"},"request_uri":"http://localhost:8000/_wdt/8a4680"} []
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []

2 个答案:

答案 0 :(得分:0)

似乎您的LDAP不允许匿名搜索,因此您必须填写用户名和密码配置集。

fr3d_ldap:
    driver:
        username: test@cm-funchal.pt
        password: tetst

答案 1 :(得分:0)

修正了问题,默认情况下驱动程序文件执行cn =“XXX”,我的环境cn与samaaccount名称相同。编辑了驱动程序文件并用samaacount替换了cn。