使用sf3 可以检查symfony 3密码,但使用静态dn
dn_string: 'uid={username},dc=example,dc=com'
所以我创建了自己的UserAuthenticationProvider类
但现在我不知道如何在我的security.yml中声明它?
security.yml
providers:
your_db_provider:
entity:
class: AcSecurityBundle:User
property: username
fos_userbundle:
id: fos_user.user_provider.username
secured_area:
pattern: ^/
anonymous: true
provider: your_db_provider
form_login:
csrf_token_generator: security.csrf.token_manager
use_referer: true
form_login_ldap:
service: ldap
use_referer: true
logout: true
AcSecurityBundle / AcUserAuthenticationProvider.php
类AcUserAuthenticationProvider扩展UserAuthenticationProvider {
function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
$username = $token->getUsername();
$password = $token->getCredentials();
if ('' === $password) {
throw new BadCredentialsException('The presented password must not be empty.');
}
try {
$query = "(sAMAccountName=$username)";
$search_dn = "CN=app,OU=apps,DC=domain,DC=be";
$search_password = "mdp";
$this->ldap->bind($search_dn, $search_password);
$t = $this->ldap->query("OU=At,OU=user,DC=domain,DC=be", $query);
$entry = $t->execute();
if ($entry->count() > 0) {
$dn = $entry[0]->getDn();
}
$this->ldap->bind($dn, $password);
} catch (ConnectionException $e) {
throw new BadCredentialsException('The presented password is invalid.');
}
}
}
谢谢
答案 0 :(得分:1)
由于Symfony 3.1 Symfony使用了新的ldap提供程序 的Symfony \组件\的Ldap \的Ldap
提供者示例:
services:
app.ldap:
class: Symfony\Component\Ldap\Ldap
factory: [ 'Symfony\Component\Ldap\Ldap', 'create']
arguments:
- ext_ldap
- host: srv-host
#debug: true
与您要使用的适配器关联的字符串。
只有一个 现在支持,这是ext_ldap New Ldap provider by Symfony, explained.
安全提供程序示例:
providers:
#webservice_provider:
#id: app.webservice_user_provider
company_ldap:
ldap:
service: app.ldap
base_dn: DC=example, DC=local
search_dn: "CN=AdminName,OU=YourAdminGroup,DC=example,DC=LOCAL"
search_password: 'AdminPass'
default_roles: ROLE_USER
现在你可以查看你的ldap系统了。
如果你设置了你的 form_login_ldap权限,您的用户可以通过您的表单进行身份验证
安全form_login_ldap示例:
form_login_ldap:
provider: company_ldap
service: app.ldap #system/provider your user authenticate to
dn_string: '{username}@example.local'
csrf_token_generator: security.csrf.token_manager
check_path: /login_check #make sure the check is behind the firewall
login_path: /login #make sure login IS_AUTHENTICATED_ANONYMOUSLY
logout:
path: /logout #logout path
target: /login #after logout redirect to login
anonymous: true
Access_control /防火墙示例:
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
- { path: ^/, role: ROLE_USER } #all pages require user to be logged in
现在您拥有动态ldap登录表单。 Symfony login form setup
希望这会对你有所帮助。我花了8天的时间来解决这个问题。
答案 1 :(得分:0)
您不需要执行上述任何操作。您可以将DN字符串用作:
dn_string: '{username}'
这实际上是默认值according to the docs。这将起作用,因为除了完整的DN(例如sAMAccountName或UPN)之外,AD还支持多种绑定方法。