在symfony 3

时间:2016-10-24 09:43:54

标签: symfony ldap

使用sf3 可以检查symfony 3密码,但使用静态dn

dn_string: 'uid={username},dc=example,dc=com'

所以我创建了自己的UserAuthenticationProvider类

但现在我不知道如何在我的security.yml中声明它?

security.yml

  providers:

    your_db_provider:
        entity:
            class: AcSecurityBundle:User
            property: username
    fos_userbundle:
        id: fos_user.user_provider.username

   secured_area:
        pattern:    ^/
        anonymous: true
        provider: your_db_provider
        form_login:
            csrf_token_generator: security.csrf.token_manager
            use_referer: true
        form_login_ldap:
            service: ldap
            use_referer: true
        logout: true

AcSecurityBundle / AcUserAuthenticationProvider.php

类AcUserAuthenticationProvider扩展UserAuthenticationProvider {

function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
    $username = $token->getUsername();
    $password = $token->getCredentials();

    if ('' === $password) {
        throw new BadCredentialsException('The presented password must not be empty.');
    }

    try {
        $query = "(sAMAccountName=$username)";

        $search_dn = "CN=app,OU=apps,DC=domain,DC=be";
        $search_password = "mdp";
        $this->ldap->bind($search_dn, $search_password);

        $t = $this->ldap->query("OU=At,OU=user,DC=domain,DC=be", $query);

        $entry = $t->execute();

        if ($entry->count() > 0) {
            $dn = $entry[0]->getDn();
        }

        $this->ldap->bind($dn, $password);
    } catch (ConnectionException $e) {
        throw new BadCredentialsException('The presented password is invalid.');
    }
}

}

谢谢

2 个答案:

答案 0 :(得分:1)

  

由于Symfony 3.1 Symfony使用了新的ldap提供程序   的Symfony \组件\的Ldap \的Ldap

提供者示例:

services:

app.ldap:
    class: Symfony\Component\Ldap\Ldap
    factory: [ 'Symfony\Component\Ldap\Ldap', 'create']
    arguments:
        - ext_ldap
        - host: srv-host
          #debug: true
  

与您要使用的适配器关联的字符串。
只有一个   现在支持,这是ext_ldap   New Ldap provider by Symfony, explained.

安全提供程序示例:

providers:
    #webservice_provider:
        #id: app.webservice_user_provider
    company_ldap:
        ldap:
            service: app.ldap
            base_dn: DC=example, DC=local
            search_dn: "CN=AdminName,OU=YourAdminGroup,DC=example,DC=LOCAL"
            search_password: 'AdminPass'
            default_roles: ROLE_USER
  

现在你可以查看你的ldap系统了。
如果你设置了你的   form_login_ldap权限,您的用户可以通过您的表单进行身份验证

安全form_login_ldap示例:

form_login_ldap:
   provider: company_ldap
   service: app.ldap #system/provider your user authenticate to
   dn_string: '{username}@example.local'
   csrf_token_generator: security.csrf.token_manager
   check_path: /login_check #make sure the check is behind the firewall
   login_path: /login #make sure login IS_AUTHENTICATED_ANONYMOUSLY

   logout:       
      path:   /logout  #logout path
      target: /login   #after logout redirect to login
   anonymous:    true

Access_control /防火墙示例:

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/admin/, role: ROLE_ADMIN }
    - { path: ^/, role: ROLE_USER } #all pages require user to be logged in

现在您拥有动态ldap登录表单。 Symfony login form setup

希望这会对你有所帮助。我花了8天的时间来解决这个问题。

答案 1 :(得分:0)

您不需要执行上述任何操作。您可以将DN字符串用作:

dn_string: '{username}'

这实际上是默认值according to the docs。这将起作用,因为除了完整的DN(例如sAMAccountName或UPN)之外,AD还支持多种绑定方法。