我在Symfony有应用程序。用户使用FOS和Oauth登录。 现在我需要使用活动目录添加登录选项。 所以我已安装此捆绑包:https://github.com/Maks3w/FR3DLdapBundle但仍无法将其配置为工作。 我发布了我的配置和安全文件。任何想法我应该改变什么?
security.yml
security:
erase_credentials: false
encoders:
FOS\UserBundle\Model\UserInterface: sha512
#FOS\UserBundle\Model\UserInterface: plaintext
FR3D\LdapBundle\User\LdapUser: plaintext
providers:
chain_provider:
chain:
providers: [fos_userbundle, fr3d_ldapbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_provider.username_email
role_hierarchy:
ROLE_USER: ~
ROLE_ADMIN: [ROLE_USER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
doc:
pattern: ^/api/doc/$
security: false
oauth_token:
pattern: ^/oauth/v2/token
security: false
passwords:
pattern: ^/api/password
security: false
# Poniżej są metory autoryzacji.
oauth_authorize:
pattern: ^/site|^/fos|^/api
fr3d_ldap: ~
fos_oauth: true
form_login:
provider: fos_userbundle
check_path: /fos/login_check
login_path: /fos/login
logout:
path: /fos/logout
target: /
anonymous: true
access_control:
- { path: ^/oauth/v2/auth_login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/users/[0-9]+/(avatar|wallpaper), roles: [ IS_AUTHENTICATED_FULLY ] }
- { path: ^/api/users, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
- { path: ^/api/groups, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
- { path: ^/api/menus, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
- { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
- { path: ^/ /, roles: IS_AUTHENTICATED_ANONYMOUSLY }
config.yml
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: doctrine_extensions.yml }
- { resource: services.yml }
framework:
#esi: ~
#translator: { fallback: "%locale%" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
# Twig Configuration
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
# Assetic Configuration
assetic:
debug: "%kernel.debug%"
use_controller: false
bundles: [ ]
#java: /usr/bin/java
filters:
cssrewrite: ~
#closure:
# jar: "%kernel.root_dir%/Resources/java/compiler.jar"
#yui_css:
# jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"
# Doctrine Configuration
doctrine:
dbal:
default_connection: default
connections:
default:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
axp:
driver_class: Realestate\MssqlBundle\Driver\PDODblib\Driver
#driver: "%database_driver2%"
host: "%database_host2%"
#server: "%database_host2%"
#port: "%database_port2%"
#dbname: "%database_name2%"
user: "%database_user2%"
password: "%database_password2%"
#charset: UTF8
orm:
default_entity_manager: default
entity_managers:
default:
connection: default
auto_mapping: true
axp:
connection: axp
mappings:
XtrdAxpPeopleBundle: ~
auto_generate_proxy_classes: "%kernel.debug%"
# Swiftmailer Configuration
swiftmailer:
transport: "%mailer_transport%"
host: "%mailer_host%"
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }
fos_rest:
serializer:
serialize_null: true
routing_loader:
default_format: json
param_fetcher_listener: true
body_converter:
enabled: true
validate: true
body_listener:
array_normalizer: fos_rest.normalizer.camel_keys
decoders:
json: fos_rest.decoder.jsontoform
format_listener:
rules:
- { path: ^/api, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
- { path: ^/axp, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
- { path: ^/, priorities: [ html ], fallback_format: html, prefer_extension: false }
view:
serialize_null: true
view_response_listener: force
failed_validation: HTTP_UNPROCESSABLE_ENTITY
formats:
json: true
xml: true
nelmio_cors:
defaults:
allow_credentials: false
allow_origin: [ 'http://localhost:4200' ]
allow_headers: []
allow_methods: []
expose_headers: []
max_age: 0
hosts: []
paths:
'^/':
origin_regex: true
allow_origin: ['^http://localhost:[0-9]+', '^http://.*.Xtrd.com', '^http://localhost:8000+']
allow_headers: ['*']
allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
max_age: 3600
fos_oauth_server:
db_driver: orm
client_class: Xtrd\IntranetApiBundle\Entity\Client
access_token_class: Xtrd\IntranetApiBundle\Entity\AccessToken
refresh_token_class: Xtrd\IntranetApiBundle\Entity\RefreshToken
auth_code_class: Xtrd\IntranetApiBundle\Entity\AuthCode
service:
user_provider: fos_user.user_manager
#user_provider: fr3d_ldap.security.user.provider
fos_user:
db_driver: orm
firewall_name: oauth_authorize
user_class: Xtrd\IntranetApiBundle\Entity\User
group:
group_class: Xtrd\IntranetApiBundle\Entity\Group
parameters:
jms_serializer.camel_case_naming_strategy.class: JMS\Serializer\Naming\IdenticalPropertyNamingStrategy
jms_serializer:
handlers:
datetime:
default_format: "c" # ISO8601
default_timezone: "UTC" # defaults to whatever timezone set in php.ini or via date_default_timezone_set
property_naming:
separator:
lower_case: false
metadata:
cache: file
debug: "%kernel.debug%"
file_cache:
dir: "%kernel.cache_dir%/serializer"
auto_detection: true
directories:
FOSUserBundle:
namespace_prefix: "FOS\\UserBundle"
path: "@XtrdIntranetApiBundle/Resources/config/serializer/fos"
XtrdExchangeWebServicesBundle:
namespace_prefix: "Xtrd\\ExchangeWebServicesBundle"
path: "@XtrdIntranetApiBundle/Resources/config/serializer/ews"
XtrdIntranetApiBundle:
namespace_prefix: "Xtrd\\IntranetApiBundle"
path: "@XtrdIntranetApiBundle/Resources/config/serializer"
visitors:
json:
options: 128 # json_encode options bitmask
fr3d_ldap:
driver:
host: xtrd.com
#port: 389 # Optional
#username: # Optional
#password: # Optional
# bindRequiresDn: true
#baseDn: DC=Xtrd,DC=com
# accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
#accountFilterFormat: (&(samaccountname=%s))
# optReferrals: false # Optional
#useSsl: false # Enable SSL negotiation. Optional
# useStartTls: true # Enable TLS negotiation. Optional
# accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
#accountDomainName:
#accountDomainNameShort: # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
user:
baseDn: dc=xtrd,dc=com
filter: (&(objectClass=Person))
# filter: (&(objectClass=user))
attributes:
- { ldap_attr: samaccountname, user_method: setUsername }
# - { ldap_attr: userprincipalname, user_method: setUsername }
# - { ldap_attr: mail, user_method: setEmail }
# - { ldap_attr: givenname, user_method: setFirstName }
# - { ldap_attr: sn, user_method: setLastName }
# - { ldap_attr: description, user_method: setDescription }
# - { ldap_attr: password, user_method: setPassword }
#service:
#user_manager: fos_user.user_manager # Overrides default user manager
#ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager
答案 0 :(得分:1)
您是否看过我的Symfony AD Integration帖子:
https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/
我发现您正在使用REST API,因此您的配置可能与我的有点不同。我建议创建一个新的Symphony项目,并确保您可以首先使LDAP身份验证工作,然后接着进行AD身份验证。
顺便说一句,我不得不花费大量时间来完成这项工作,所以博客文章可以帮助你。