relwell / dapsbundle Goto Github PK

How would I go about assigning Roles to users who login via LDAP?

Allow secure connections in LDAP class.

Estimate: 2-4hrs

Some updates to the Ldap library have been pushed by Lyrixx. We should add these in so our version doesn't fork excessively.

I placed the DapsBundle into my Symfony 2 application's src directory and then got the following errors:

'The service "daps_ldap.ldap" has a dependency on a non-existent parameter "daps_ldap.ldap.host". Did you mean one of these: "daps_ldap.ldap.admin.host", "daps_ldap.ldap.class"?'

and

'The service "daps_ldap.ldap" has a dependency on a non-existent parameter "daps_ldap.ldap.admin.username_suffix". Did you mean one of these: "daps_ldap.ldap.admin.enable", "daps_ldap.ldap.admin.username_suffic"?'

Here are the full Uncaught Exception messages:

[Fri Jun 28 13:02:35 2013] [error] [client 10.0.2.2] PHP Fatal error:  Uncaught exception 'Symfony\\Component\\DependencyInjection\\Exception\\ParameterNotFoundException' with message 'The service "daps_ldap.ldap" has a dependency on a non-existent parameter "daps_ldap.ldap.host". Did you mean one of these: "daps_ldap.ldap.admin.host", "daps_ldap.ldap.class"?' in /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php:108\nStack trace:\n#0 /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php(234): Symfony\\Component\\DependencyInjection\\ParameterBag\\ParameterBag->get('daps_ldap.ldap....')\n#1 /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php(205): Symfony\\Component\\DependencyInjection\\ParameterBag\\ParameterBag->resolveString('%daps_ldap.ldap...', Array)\n#2 /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php(195): Symfony\\Component\\DependencyInjection\\ParameterBag\\Par in /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php on line 108
[Fri Jun 28 13:09:03 2013] [error] [client 10.0.2.2] PHP Fatal error:  Uncaught exception 'Symfony\\Component\\DependencyInjection\\Exception\\ParameterNotFoundException' with message 'The service "daps_ldap.ldap" has a dependency on a non-existent parameter "daps_ldap.ldap.admin.username_suffix". Did you mean one of these: "daps_ldap.ldap.admin.enable", "daps_ldap.ldap.admin.username_suffic"?' in /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php:108\nStack trace:\n#0 /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php(234): Symfony\\Component\\DependencyInjection\\ParameterBag\\ParameterBag->get('daps_ldap.ldap....')\n#1 /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php(205): Symfony\\Component\\DependencyInjection\\ParameterBag\\ParameterBag->resolveString('%daps_ldap.ldap...', Array)\n#2 /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php(195): Symfony\\Component\\D in /vagrant/aces/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/ParameterBag/ParameterBag.php on line 108

Are the parameter names in ldapcredentials.yml incorrect or are the arguments in services.xml incorrect?

Does the LdapBundle allow for Symfony's remember-me functionality? I got the following error when I followed the Symfony docs - How to add "Remember Me" Login Functionality.

PHP Fatal error: Uncaught exception 'RuntimeException' with message 'You must configure at least one remember-me aware listener (such as form-login) for each firewall that has remember-me enabled.' in /path/to/my/app/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php:97\nStack trace:\n#0 /path/to/my/app/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php(387): Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\RememberMeFactory->create(Object(Symfony\Component\DependencyInjection\ContainerBuilder), 'main', Array, 'daps_ldap_user_...', NULL)\n#1 /path/to/my/app/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php(338): Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension->createAuthenticationListeners(Object(Symfony\Component\DependencyInjection\ContainerBuilder), 'main', Array, Array, 'daps_ldap_user_...')\n#2 /path/to/my/app/vendor/symfony/symfony/src in /path/to/my/app/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php on line 97,

Hi @relwell,
What is the configuration to make the bundle use user credentials to authenticate against the LDAP server ? It is a MS Active Directory.

Thanks

For example, if the group tree is located at ou=groups,dc=example,dc=org and the user is listed a a member of cn=it,ou=departments,ou=groups,dc=example,dc=org, they should have the Symfony role ROLE_LDAP_DEPARTMENTS_IT.

Currently, the project simply generates a slug from the role's common name (cn), whereas here we want any child node from the ou "groups" to be included.

Time Estimate: 6-12 hours

Create a .gitignore listing for a file that lists the DN and password of a general-purpose user for the purpose of pre-binding. If the appropriate parameter is set, bind using these credentials. Otherwise, bind anonymously.

Set a value in the ldap class that would block providing a user based on this authentication. Require that binding to a provided set of credentials that do not match this "pre-authenticated" value occur before successfully returning a user.

Estimate: 3-5 hours

Being a non-active user varies from implementation to implementation. In the case we will be providing for, an inactive user is determined by a specific value for an entry in the listing for that provided user. Create two config values that determine the key and value needed to identify an INACTIVE user. If that value is met, then do not allow that user to bind.

Was: Unbind and throw an authentication error if the value of the retrieved LDAP user's user account control key is 66050 (aka 0x2).

Estimate: 4-6hrs

I am using Active Directory with this plugin, and everything is great except the getBoundRolesByOrg returns the OU in which the member's group resides and not the group name itself.

I had to change "ou" on line 448 in Ldap.php to "cn" instead to get the actual group name. I am not sure if this is expected behavior or not.

Is there any documentation on how to setup and incorporate this Bundle into an existing Symfony application?