ccovey / ldap-auth Goto Github PK
View Code? Open in Web Editor NEWldap-auth
ldap-auth
I am using Sentry to manage permissions and it is my last stage in a multi stage auth. LDAP being my first.
What I needed to accomplish was to always check the AD groups and make sure they matched. I could not do this because if the user existed locally in the db, it would not return the ldap groups to compare.
I found I could bypass the returning of the user model on auth if i did not include the model in app/config/auth.php and then I could always check Active directory and compare groups.
It might be helpful to include this information in your documentation.
thanks,
I've got an issue with my default route. Basically I'm checking Auth to see if a user is logged in or if they are a guest.
Route::get('/', 'LoginController@showLogin')->before('guest');
If the LDAP server is available, everything is peachy...however if it is down, I get adLDAP\adLDAPException "Bind to Active Directory failed. Check the login credentials and/or server details. AD said: Can't contact LDAP server", apparently before I ever get to my Login Controller (which has it's own error handling)
What's the best way to catch these errors?
I've gone ahead and followed all install instructions on https://github.com/ccovey/ldap-auth to try and get LDAP authentication with Laravel 4.1.
adldap.php
return array(
'account_suffix' => "@xxxxxxx.xxx.xxx",
'domain_controllers' => array("dc01.xxxxxxx.xxx.xxx"),
'base_dn' => 'DC=xxxxxxxx,DC=xxx,DC=xxx',
);
Now if I leave the adldap.php file as is above and run the following route.php file
Route::get('/', function()
{
$credentials = array(
'username' => 'username',
'password' => 'password'
);
if($a = Auth::attempt($credentials))
{
return print_r(Auth::user(), true);
}
else
{
dd($a);
}
});
I get the following output
bool(false)
Which doesn't seem to make sense because I am using the correct username/password. I am also using the same configuration in regards to the domain and DCs when running ADSI from MSSQL so I know it works.
Now, if I change the adldap.php file to include a admin_username, admin_password I get the following error in my laravel.log
'Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: Can't contact LDAP server'
Any suggestions? Thanks in advance.
I want to create a simple crud for users and store them in a database, but I have to ckeck if the user exist in a LDAP server before adding it to the table. So, in case the username doesn't exists or is wrong, I can show an error message.
Obviously, I just have the username of the person I want to add. In adLdap I used to use the function "info" for bring some basic information about a user (no password needed) and this way I know if the account exists or not.
How can I achieve this with this driver?
(I have installed the driver and works well, I have made a couple of tests with username/passwords that I know)
In "LdapAuthUserProvider.php", method "validateCredentials()", the key "username" is used instead of the method "getUsernameField()":
public function validateCredentials(UserInterface $user, array $credentials)
{
return $this->ad->authenticate($credentials['username'], $credentials['password']);
}
But the field name can be modify in config file via "username_field" if it is not "username" in the users table (it's my case). So, it would be better to do it like this:
return $this->ad->authenticate($credentials[$this->getUsernameField()], $credentials['password']);
Any suggestions on how to get the adldap dependency working? Having trouble installing via Composer. Using Laravel 4.2.x, ldap-auth 1.1.x
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- ccovey/ldap-auth v1.1.1 requires adldap/adldap 4.x-dev -> no matching package found.
- ccovey/ldap-auth v1.1.0 requires adldap/adldap 4.x-dev -> no matching package found.
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package adldap/adldap could not be found in any version, there may be a typo in the package name.
Great package so far, thanks!
But I have a problem. With the standard Auth Provider I can do something like tihs:
// app/models/User.php
public function exams()
{
return $this->hasMany('Exam');
}
// app/routes.php
Route::get('/', function() {
return Auth::user()->exams;
});
After I implemented your package I can't do that anymore:
ErrorException
Undefined index: exams
..vendor\ccovey\ldap-auth\src\Ccovey\LdapAuth\LdapUser.php
Am I doing something wrong or is that just not supported from your side?
Using this module on 4.1.26 results in a fatal error:
Class Ccovey\LdapAuth\LdapAuthUserProvider contains 2 abstract methods and must therefore be declared abstract or implement the remaining methods (Illuminate\Auth\UserProviderInterface::retrieveByToken, Illuminate\Auth\UserProviderInterface::updateRememberToken)
Getting this problem when the user exists in the user table.
here is the stack:
Just a reminder about our conversation on irc. It appears this line: https://github.com/ccovey/ldap-auth/blob/master/src/Ccovey/LdapAuth/LdapAuthUserProvider.php#L155 merges the local model with the AD data with the local data taking priority. I (we) believe this is the wrong way around.
Hi,
this is very use full library. I can connect to AD, retrieve users information.
However I can't figure out what role and where the DB takes in this process?
I cannot authenticate user if there is one in my users table with the username I am trying to login e.g.
AD user
'username' => 'somename'
'displayname' => 'Some Name'
'primarygroup' => 'Admins'
'groups' =>
array
'IT' => 'IT'
'Power Users' => 'Poer Users'
DB user
'id' => 1
'username' => 'somename'
'password_old' => 'i do not save passwords to DB '
Form fields
'username' => 'somename'
'password' => 'ad_password'
I assume that Auth is trying to authenticate to DB instead of AD. And I cannot follow the code to debug the steps of the library.
Thanks.
Hi all, what the best way to retrieve the "department" attribute from each user?
I'm still trying to understand how to build queries in ldap.
Hi ccovey
Great job!
I need all groups of an user. But I don't get all groups. U use infoCollection() in your class, but this method ignores recursive_groups
.
Do I have a chance to call adLDAPs groups()
method myself?
Has anyone been able to install this? Composer cannot resolve the dependencies for me.
The installation section still instructs you to require an older version of ldap-auth, which requires a version of adldap/adldap which no longer exists.
I cannot run (all) artisan commands with this module enabled. It results in an ErrorException regarding ldap_start_tls () because that only works when accessed via https/web.
Would it be possible to prevent loading/running this module when artisan is being used? It should be possible with App::runningInConsole()
AFAIK.
Trying to composer update
on a fresh install of Laravel 4.1 yields this missing dependency.
Added in composer.json
:
"require": {
"laravel/framework": "4.1.*",
"ccovey/ldap-auth": "1.1.x"
},
Then running a composer update
:
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- ccovey/ldap-auth v1.1.1 requires adldap/adldap 4.x-dev -> no matching package found.
Weird because adldap
is in Packagist: https://packagist.org/packages/adldap/adldap
But there doesn't seem to be a -dev
tag on the github repo: https://github.com/ztec/adLDAP/tags
Anyone else having this issue?
Is it possible to have the system authenticate users from multiple domains in the same forest ?
Got an error on fresh install today. on line 12 I changed extend to extends and viola!
When doing the update from Laravel 4.1.25 to 4.1.26 (2) new errors are generated:
Symfony \ Component \ Debug \ Exception \ FatalErrorException
syntax error, unexpected 'extend' (T_STRING), expecting '{'
../vendor/ccovey/ldap-auth/src/Ccovey/LdapAuth/LdapUser.php
class LdapUser extend Model implements Auth\UserInterface
replaced syntax to be:
class LdapUser extends Model implements Auth\UserInterface
and now received a new error
Class Ccovey\LdapAuth\LdapUser contains 3 abstract methods and must therefore be declared abstract or implement the remaining methods (Illuminate\Auth\UserInterface::getRememberToken, Illuminate\Auth\UserInterface::setRememberToken, Illuminate\Auth\UserInterface::getRememberTokenName)
Any ideas on the fix of the new syntax?
After some struggling, I finally got this package to work.... nice job, BTW :)
However, the only way I was able to get it to work was by specifying admin credentials (admin_username and admin_password) in config/adldap.php.
I'd rather not have admin credentials tied into the code. Anyone have any ideas as to why this is the case? If I remove the admin credentials, the login simply fails.
Users get locked out in Active Directory after browsing protected routes.
The issue seems to be in this line: https://github.com/ccovey/ldap-auth/blob/master/src/Ccovey/LdapAuth/LdapAuthUserProvider.php#L49
In Laravel, retrieveById should not try to authenticate the user on every request after the user has been validated and granted access. It should make a query to check the user is still valid. Even if you decide to authenticate the user, you're only passing the username when $adldap->authenticate also expects a password. This is locking every account used to log into my app.
This one had me puzzled for a couple of hours - everything seemed to be working fine, no errors were appearing but I kept getting bounced back to my login screen by the auth filter.
Turns out, the user name in LDAP (Active Directory) was in capitals, and the user name in my database table was lower case. As soon as I made them the same case, I could auth successfully.
Tested with both a SQLite and MySQL database, same result in both.
I'm getting Call to undefined method Ccovey\LdapAuth\LdapAuthServiceProvider::attempt() and pretty much the same for any standard Auth:: method that I'm trying to use in my project. I've followed the readme when setting up the project, no errors are thrown as far as setup goes. Any help will be appreciated.
In https://github.com/ccovey/ldap-auth/blob/master/src/Ccovey/LdapAuth/LdapAuthUserProvider.php#L77 you need to either call the exception with \ in the beginning, or add a use statement to the top.
Currently getting:
Class 'Ccovey\LdapAuth\InvalidArgumentException' not found
We didn't have a username_field defined in app/config/auth.php
and kept getting an error preventing the authentication from working, would it be beneficial to add a default username_field to LdapAuthUserProvider.php
?
I have found a litte bug in the function getAuthIdentifier
in the file LdapUser.php on Line 24
public function getAuthIdentifier()
{
$username = (Config::has('auth.username_field')) ? Config::get('auth.username_field') : 'username';
return $this->attributes[$username];
}
If you habe defined an 'fields' array (I did it in my Laravel 4 config/auth.php file), then you need to explicity set a field 'username' => 'samaccountname',
. Otherwise the lookup will file and fire an Undefined index: username error.
The function mentioned above should be re-written to
public function getAuthIdentifier()
{
//_'username'_ changed to _$this->attributes['username'] = 'username'_
$username = (Config::has('auth.username_field')) ? Config::get('auth.username_field') : $this->attributes['username'] = 'username';
return $this->attributes[$username];
}
With this litte modification, the authication works fine, even if no username field is defiend.
Hi
Pls close this issue if I'm asking something stupid, as I'm not sure if this is an issue or if I'm doing something wrong.
Just wanted to install the latest version. Therefore I've added "ccovey/ldap-auth": "dev-master",
to the laravel main composer.json file. Unfortunately, it wasn't successful. Which is strange, because #16 should already have solved that problem.
Received the follwoing error message:
Problem 1
- Installation request for ccovey/ldap-auth dev-master -> satisfiable by ccovey/ldap-auth[dev-master].
- ccovey/ldap-auth dev-master requires adldap/adldap dev-master -> no matching package found.
So I have donwloaded and installed both of the packeges manualy. "ccovey/ldap-auth": "dev-master"
and "adldap/adldap": "dev-master"
. This did work, expect one thing.
In the composer.json of this package there is an autoload section:
"autoload": {
"classmap": [
"src/migrations"
],
"psr-0": {
"Ccovey\\LdapAuth": "src/"
}
},
The stanard folders config / lang / migrations / views are missing in the current release. If I do add them manualy, everything is working as expected.
(Sorry for my bad English)
In your readme you say that this package can be used with a model:
"You can still use a model with this implementation as well if you want. ldap-auth will take your fields from ldap and attach them to the model allowing you to access things such as roles / permissions from the model if the account is valid in Active Directory."
But would you perhaps be able to give a tutorial or instruction how to attach your Auth driver to a model? I'm having trouble trying to figure it out, thanks!!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.