LDAP Authentication with Symfony 2.8

前端 未结 4 1071
时光取名叫无心
时光取名叫无心 2021-02-09 08:20

I\'m trying to use the new LdapUserProvider in Symfony 2.8. I believe I have configured everything per the docs.

My user can successfully authenticate, and then gets red

相关标签:
4条回答
  • 2021-02-09 08:41

    I had almost exactly the same problem. After intense debugging, I came to the line:

    in \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken::__construct:

    parent::setAuthenticated(count($roles) > 0);
    

    This was a problem, because I diagnosed, that UsernamePasswordToken was coming unauthenticated from session storage to begin with. This was caused by no roles assigned due to my custom overriding of default services.

    Normally, LDAP will be called only once on login and no password should be stored in session. Only authenticated = true in serialized token.

    Are you sure you are getting unserialised authenticated token?

    0 讨论(0)
  • 2021-02-09 08:55

    Finally I found what was the problem.

    You have to chain the UserProvider:

    chain_provider:
        chain:
                 providers: [in_memory, app_users]
        in_memory:
            memory: ~
        app_users:
            ldap:
               .....</i>
    
    0 讨论(0)
  • 2021-02-09 08:55

    I had same problem. In my case it was wrong configuration of framework.session.handler_id – I had to change it from native file handler to null which is default PHP session handler.

    0 讨论(0)
  • 2021-02-09 08:55

    In Symfony 3.1, the LdapClient component was deprecated. So I wanted to update the solution. This solution should also work for Symfony 2.8/2.9 apps.

    #security.yml
    security:
        firewalls:
            restricted_area:
                provider: app_users
                form_login_ldap:
                    service: ldap.auth
                    dn_string: "%dn_string%"
    
        providers:
            app_users:
                ldap:
                    service: ldap.auth
                    base_dn: "dc=domain,dc=net"
                    search_dn: "cn=Manager,DC=domain,DC=net"
                    search_password: secretPassword
                    filter: "(&(aptAccountEnabled=1)(ObjectClass=aptAccount)({uid_key}={username}))"
                    default_roles: ROLE_USER
                    uid_key: uid
    
    #services.yml
    services:
        ldap.auth:
            class: 'Symfony\Component\Ldap\Ldap'
            factory:
                - 'Symfony\Component\Ldap\Ldap'
                - 'create'
            arguments:
                - 'ext_ldap'  # adapter
                -
                  host: database
                  options:
                      protocol_version: 3
    
    0 讨论(0)
提交回复
热议问题