我目前正在尝试在我的应用上设置LDAP。
以下是配置文件:
services.yaml:
Symfony\Component\Ldap\Ldap:
arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
arguments:
- host: mydc.network.lan
port: 389
#encryption: tls
options:
protocol_version: 3
referrals: false
security.yaml:
providers:
in_memory: { memory: ~ }
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: "dc=XXXXX,dc=com"
search_dn: "CN=XXXXXX,OU=LDAP,OU=Services Accounts,OU=Administration,DC=XXXXX,DC=com"
search_password: "XXXXXXXXXXXXXXXXX"
default_roles: ROLE_USER
filter: "(samAccountName={username})"
uid_key: uid
[...]
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
security: true
anonymous: true
provider: my_ldap
form_login_ldap:
login_path: /login
check_path: /login
service: Symfony\Component\Ldap\Ldap
dn_string: '{uid_key}={username}'
我的问题是:
错误:
[2019-07-17 12:00:35] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException(code: 0): Bad credentials. at XXXXXX\\vendor\\symfony\\security-core\\Authentication\\Provider\\UserAuthenticationProvider.php:67, Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException(code: 0): User \"cmx\" not found. at XXXXXX\LdapUserProvider.php:80)"} []
错误:
[2019-07-17 12:01:25] php.DEBUG: Warning: ldap_bind(): Unable to bind to server: Invalid credentials
这是LdapUserProvider,从构造函数到我收到错误的地方:
public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null)
{
if (null === $uidKey) {
$uidKey = 'sAMAccountName';
}
if (null === $filter) {
$filter = '({uid_key}={username})';
}
$this->ldap = $ldap;
$this->baseDn = $baseDn;
$this->searchDn = $searchDn;
$this->searchPassword = $searchPassword;
$this->defaultRoles = $defaultRoles;
$this->uidKey = $uidKey;
$this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
$this->passwordAttribute = $passwordAttribute;
}
/**
* {@inheritdoc}
*/
public function loadUserByUsername($username)
{
try {
$this->ldap->bind($this->searchDn, $this->searchPassword); <------- this fails if I put a filter
$username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
$query = str_replace('{username}', $username, $this->defaultSearch); <------- this is empty if I don't put a filter
$search = $this->ldap->query($this->baseDn, $query);
} catch (ConnectionException $e) {
throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
}
$entries = $search->execute();
$count = \count($entries);
if (!$count) {
throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
}
看着构造函数,我不明白为什么查询字符串为空...知道吗?
答案 0 :(得分:0)
好的,这是使它正常工作的确切方法:
providers:
in_memory: { memory: ~ }
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: "dc=XXXX,dc=com"
search_dn: "CN=XXXXXXX,OU=LDAP,OU=Services Accounts,OU=Administration,DC=XXXX,DC=com"
search_password: "XXXXX"
default_roles: ROLE_USER
filter: "({uid_key}={username})"
uid_key: samAccountName
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
security: true
anonymous: true
provider: my_ldap
form_login_ldap:
login_path: /login
check_path: /login
service: Symfony\Component\Ldap\Ldap
dn_string: 'dc=XXXXX,dc=com'
query_string: '(samAccountName={username})'
一次也很接近此,因为我尝试了以下操作:
query_string: '({uid_key}={username})'
并收到此错误:
Could not complete search with dn "dc=XXXXX,dc=com", query "({uid_key}=cmx)" and filters "*". LDAP error was [-7] Bad search filter
感谢您的帮助,埃里克!