我正在尝试使用LDAP连接来授权我的用户,同时保持FOSUser管理它们,我正在使用本教程http://blog.henriet.eu/authentification-ldap-avec-symfony-2.1-et-fosuserbundle.html
获得当前配置
fr3d_ldap:
driver:
host: dsti-dc1
port: 389 # Optional
#username: # Optional
# password: # Optional
bindRequiresDn: true # Optional
baseDn: dc=cm-funchal, dc=pt
# accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
# optReferrals: false # Optional
useSsl: false # Enable SSL negotiation. Optional
# useStartTls: true # Enable TLS negotiation. Optional
# accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
# accountDomainName: HOST
# accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
user:
baseDn: dc=cm-funchal, dc=pt
filter: (&(objectClass=user))
attributes:
- { ldap_attr: samaccountname, user_method: setUsername } # champ login
# - { ldap_attr: sn, user_method: setName }
# - { ldap_attr: preferredlanguage, user_method: setLanguage }
# - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser
# - { ldap_attr: ..., user_method: ... } # Optional
# service:
# user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator
# ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager
当我尝试登录时,我总是得到“无效的凭据”但是通过命令行
ldapsearch -H ldap://dsti-dc1:389 -x -b DC=cm-funchal,DC=pt -D test@cm-funchal.pt -w 'tetst“
我得到了大量数据的回复。知道为什么捆绑不会验证凭据? TY
修改 我正在发布我的完整配置
//security.yml
security:
# Preserve plain text password in token for refresh the user.
# Analyze the security considerations before turn off this setting.
erase_credentials: false
providers:
chain_provider:
chain:
providers: [fos_userbundle, fr3d_ldapbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_manager
firewalls:
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: chain_provider
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: /
logout: true
anonymous: true
encoders:
LDAPCMF\AuthBundle\Entity\User: plaintext
// CONFIG.yml
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
# Put parameters here that don't need to change on each machine where the app is deployed
# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
locale: en
framework:
#esi: ~
#translator: { fallbacks: ["%locale%"] }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
#serializer: { enable_annotations: true }
templating:
engines: ['twig']
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
# Twig Configuration
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
# Doctrine Configuration
doctrine:
dbal:
driver: pdo_mysql
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
# if using pdo_sqlite as your database driver:
# 1. add the path in parameters.yml
# e.g. database_path: "%kernel.root_dir%/data/data.db3"
# 2. Uncomment database_path in parameters.yml.dist
# 3. Uncomment next line:
# path: "%database_path%"
orm:
auto_generate_proxy_classes: "%kernel.debug%"
naming_strategy: doctrine.orm.naming_strategy.underscore
auto_mapping: true
# Swiftmailer Configuration
swiftmailer:
transport: "%mailer_transport%"
host: "%mailer_host%"
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: LDAPCMF\AuthBundle\Entity\User
fr3d_ldap:
driver:
host: dsti-dc1
port: 389 # Optional
username: test@cm-funchal.pt
password: test # Optional
bindRequiresDn: true # Optional
baseDn: dc=cm-funchal, dc=pt
# accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
# optReferrals: false # Optional
useSsl: false # Enable SSL negotiation. Optional
# useStartTls: true # Enable TLS negotiation. Optional
# accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
# accountDomainName: HOST
# accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
user:
baseDn: dc=cm-funchal, dc=pt
filter: (&(objectClass=Person))
attributes:
- { ldap_attr: samaccountname, user_method: setUsername } # champ login
# - { ldap_attr: sn, user_method: setName }
# - { ldap_attr: preferredlanguage, user_method: setLanguage }
# - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser
# - { ldap_attr: ..., user_method: ... } # Optional
# service:
# user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator
# ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager
和我的用户类:
namespace LDAPCMF\AuthBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use FR3D\LdapBundle\Model\LdapUserInterface;
use FOS\UserBundle\Model\User as BaseUser;
/**
* User
*
* @ORM\Table()
* @ORM\Entity
*/
class User extends BaseUser implements LdapUserInterface
{
/**
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;
/**
* @ORM\Column(type="string", nullable=true)
*/
protected $name;
/**
* Ldap Object Distinguished Name
* @ORM\Column(type="string", length=128)
* @var string $dn
*/
private $dn;
public function __construct()
{
parent::__construct();
if (empty($this->roles)) {
$this->roles[] = 'ROLE_USER';
}
}
public function setName($name) {
$this->name = $name;
}
/**
* {@inheritDoc}
*/
public function setDn($dn)
{
$this->dn = $dn;
}
/**
* {@inheritDoc}
*/
public function getDn()
{
return $this->dn;
}
}
我现在正在
Authentication request could not be processed due to a system problem.
编辑2
这样的接缝是服务器问题?尝试使用http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/捆绑并完美地工作,但当我更改为我的服务器时,我得到了错误。可能与ldap配置有关吗?
编辑3
获得以下dev.log
[2016-03-23 13:05:30] request.INFO: Matched route "fos_user_security_check". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::checkAction","_route":"fos_user_security_check"},"request_uri":"http://localhost:8000/login_check"} []
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"function":"trigger_error"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/ChainUserProvider.php","line":49,"function":"loadUserByUsername","class":"FOS\\UserBundle\\Model\\UserManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php","line":55,"function":"loadUserByUsername","class":"Symfony\\Component\\Security\\Core\\User\\ChainUserProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php","line":70,"function":"retrieveUser","class":"FR3D\\LdapBundle\\Security\\Authentication\\LdapAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2667,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php","line":107,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php","line":146,"function":"attemptAuthentication","class":"Symfony\\Component\\Security\\Http\\Firewall\\UsernamePasswordFormAuthenticationListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2582,"function":"handle","class":"Symfony\\Component\\Security\\Http\\Firewall\\AbstractAuthenticationListener","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1853,"function":"call_user_func"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1771,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":132,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":120,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":62,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php","line":69,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":185,"function":"handle","class":"Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Resources/config/router_dev.php","line":40,"args":["/home/sergio/Desktop/RSU/web/app_dev.php"],"function":"require"}]} []
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["semivi@cm-funchal.pt"] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))(sAMAccountName=semivi@cm-funchal.pt)), sAMAccountName,cn,mail) [] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] []
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928} []
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["semivi@cm-funchal.pt"] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))(sAMAccountName=semivi@cm-funchal.pt)), sAMAccountName,cn,mail) [] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] []
[2016-03-23 13:05:30] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:94, FR3D\\LdapBundle\\Driver\\LdapDriverException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php:55)"} []
[2016-03-23 13:05:30] security.DEBUG: Authentication failure, redirect triggered. {"failure_path":"/login"} []
[2016-03-23 13:05:31] request.INFO: Matched route "fos_user_security_login". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::loginAction","_route":"fos_user_security_login"},"request_uri":"http://localhost:8000/login"} []
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-23 13:05:31] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"8a4680","_route":"_wdt"},"request_uri":"http://localhost:8000/_wdt/8a4680"} []
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
答案 0 :(得分:0)
似乎您的LDAP不允许匿名搜索,因此您必须填写用户名和密码配置集。
fr3d_ldap:
driver:
username: test@cm-funchal.pt
password: tetst
答案 1 :(得分:0)
修正了问题,默认情况下驱动程序文件执行cn =“XXX”,我的环境cn与samaaccount名称相同。编辑了驱动程序文件并用samaacount替换了cn。