Alternative authentication sources in CakePHP (LDAP)

后端未结

关注

 3  812

孤城傲影 2021-02-04 18:30

I\'m working on a CakePHP project and am currently building the user authentication part of it. The problem is that my authentication information (ie: the passwords) are not sto

3条回答

清酒与你 (楼主)

2021-02-04 19:06

Assuming you are simply binding against LDAP and are storing/retrieving User data from MySQL, this approach will work as a "bridge" which will automatically create accounts for successful logins:

// app/controllers/components/ldap_auth.php
_ldapAuth($user); // do your stuff
        if (!$ldapUser) {
            return null; // if bind fails, then return null (as stated in api)
        }
        // get the cake model you would normally be authenticating against
        $model =& $this->getModel(); // default is User
        // check for existing User in mysql
        $user = $model->find('first', array('conditions' => array(
            'username' => $ldapUser['cn']
        ));
        // if no existing User, create a new User
        if (!$user) {
            $user = $model->save(array('User' => array(
                'username' => $ldapUser['cn'],
                // .. map needed ldap fields to mysql fields ..
            )));
            if (!$user) {
                $this->cakeError('ldapCreateUser');
            }
            // pass the id of the newly created User to Auth's identify
            return parent::identify($model->id, $conditions);
        }
        // pass the id of the existing User to Auth's identify
        return parent::identify($user[$this->userModel][$model->primaryKey], $conditions);
    }
/**
 * Lets check LDAP
 *
 * @return mixed Array of user data from ldap, or false if bind fails
 */
    function _ldapAuth($user) {
        $username = $user[$this->userModel][$this->fields['username']];
        $password = $user[$this->userModel][$this->fields['password']];
        // use the php ldap functions here
        return $ldapUser;
    }
}
?>

To use, replace all references to Auth with LdapAuth in your application or follow the instructions here.

Note that although the protected _ldapAuth() method could be abstracted out to an LdapUser model, and that model should read from an LdapSource, and the LDAP server connection settings should be in the database.php config, and the LdapAuthComponent should be adapted to use configurable field mappings, these aren't requirements to "just get it done". :)

0 讨论(0)

查看其它3个回答