我正在尝试使用Symfony 3.4通过ldap(窗口活动目录)验证用户,并使用此documentation
请帮助我!!!!
但我收到错误:
php.DEBUG:警告:ldap_bind():无法绑定到服务器:凭据无效{"异常":" [object](Symfony \ Component \ Debug \ Exception \ SilencedErrorContext:{ \"严重性\":2,\"文件\":\" C:\\ OSPanel \\域\\ warcsymfony \\厂商\\ symfony的\\ symfony的\\ SRC \\的Symfony \\元器件\\的Ldap \\适配器\\ ExtLdap \\ Connection.php \" \"线\":53,\"跟踪\":[{\"文件\":\" C:\\ OSPanel \\域\\ warcsymfony \\厂商\\ symfony的\\的symfony \\ SRC \\ Symfony的\\元器件\\的Ldap \\ Ldap.php \" \"线\":38,\"功能\":\"结合\" \"类\":\" Symfony的\\元器件\\的Ldap \\适配器\\ ExtLdap \\连接\" \"输入\":\" - > \"}],\"计数\":1})"} [] [2018-03-14 10:27:03] security.INFO:身份验证请求失败。 {" exception":" [object](Symfony \ Component \ Security \ Core \ Exception \ BadCredentialsException(code:0):凭据错误。位于C:\ OSPanel \ domains \ warcsymfony \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Security \ Core \ Authentication \ Provider \ UserAuthenticationProvider.php:71,Symfony \ Component \ Security \ Core \ Exception \ UsernameNotFoundException(code:0):User \" testusername \& #34;未找到。在C:\ OSPanel \ domains \ warcsymfony \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Security \ Core \ User \ LdapUserProvider.php:75,Symfony \ Component \ Ldap \ Exception \ ConnectionException(代码:0):C:\ OSPanel \ domains \ warcsymfony \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Ldap \ Adapter \ ExtLdap \ Connection.php中的凭据无效:54)"} [] [2018-03-14 10:27:03] security.DEBUG:身份验证失败,重定向触发。 {" failure_path":"登录"} []
我尝试更改参数,但它不起作用
security.yml
security:
providers:
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: DC=example,DC=com
search_dn: 'OU=all-users-accounts,DC=example,DC=com'
search_password: password
default_roles: ROLE_USER
uid_key: sAMAccountName
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
form_login_ldap:
login_path: login
check_path: login
service: Symfony\Component\Ldap\Ldap
dn_string: 'sAMAccountName={username},DC=example,DC=com'
service.yml
services:
Symfony\Component\Ldap\Ldap:
arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
arguments:
- host: **.**.**.**
port: 389
encryption: 'none'
options:
protocol_version: 3
referrals: false
SecurityController
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request, AuthenticationUtils $authenticationUtils){
$error = $authenticationUtils->getLastAuthenticationError();
$username = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', array(
'last_username' => $username,
'error' => $error
));
}
答案 0 :(得分:1)
经过测试和工作。我认为你的错误是search_dn,search_password和query_string。
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: "DC=example,DC=lv"
#remmber this is ldap user with read only permisions
#could be also just username search_dn:"bind"
search_dn: "CN=bind bind,CN=Users,DC=example,DC=lv"
search_password: "bind user password"
uid_key: sAMAccountName
在表单示例中我使用了查询字符串 - 它检查sAMAccoutName和是否是SystemGroup的成员。
form_login_ldap:
provider: my_ldap
login_path: login_route
check_path: login_check_form
service: Symfony\Component\Ldap\Ldap
dn_string: 'DC=example,DC=lv'
query_string: '(&(sAMAccountName={username})(memberof=CN=SystemGroup,OU=Groups,OU=xxx_users,DC=example,DC=lv))'
使用ldap_search测试您的query_string http://php.net/manual/en/function.ldap-search.php#112191
答案 1 :(得分:0)
我相信你的search_dn是不正确的,这一行:
search_dn: 'OU=all-users-accounts,DC=example,DC=com'
它必须是有权浏览Active Directory的管理员的dn。您可以使用Softerra's free LDAP Browser浏览活动目录并找出答案。
我的Symfony LDAP Component AD Authentication文章中概述了这一点。请注意,您需要进行大量调试才能使其正常工作,但一旦您完成它就很容易。