Symfony 4 + LDAP

问题

I want to set up on an application developed under symfony 4 the authentication system using LDAP component.

I already tested directly and I was able in a controller to get user(s) datas using:

$ldap = Ldap::create('ext_ldap', array(
    'host' => 'my-server',
    'encryption' => 'none',
));
...

But i need to use a login form with userPrincipalName field and password field.

here is the code :

#service.yaml

parameters:
    ldap.host: XX.XX.XX.XX

services:
    #...

    App\Service\LdapConnection:
        arguments: ['%ldap.host%', '%ldap.domain%']

    Symfony\Component\Ldap\Ldap:
        arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
    Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
        arguments:
            -   host: '%ldap.host%'
                port: 389
                encryption: none
                options:
                    protocol_version: 3
                    referrals: false

---

security:
    providers:
        #in_memory: { memory: ~ }
        my_ldap:
            ldap:
                service: Symfony\Component\Ldap\Ldap
                base_dn: dc=assoc,dc=org
                search_dn: cn=read-only-,dc=assoc,dc=org
                search_password: POeJKz1532
                default_roles: ROLE_USER
                uid_key: userPrincipalName
                filter: ({uid_key}={username})
    firewalls:
        dev:
            pattern: ^/(_(profiler|wdt)|css|images|js)/
            security: false
        main:
            anonymous: ~
            form_login_ldap:
                provider:  my_ldap
                login_path: login
                check_path: login_check
                service: Symfony\Component\Ldap\Ldap
                dn_string: '{username}@assoc.org'
                query_string: '(&(sAMAccountName={username})(DC=assoc,DC=org))'

    access_control:
        - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: IS_AUTHENTICATED_FULLY }

---

<form action="{{ path('login') }}" method="post">

    {% if error %}
        <div class="alert alert-danger" role="alert">{{ error.messageKey|trans(error.messageData, 'security') }}</div>
    {% endif %}

    <input type="hidden" name="_csrf_token" value="{{ csrf_token('authenticate') }}">

    <label for="username">Username</label>
    <input type="email" id="username" name="_username" value="{{ last_username }}" required autofocus>

    <label for="password">Password</label>
    <input type="password" id="password" name="_password" required>

    <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>

</form>

---

# SecurityController

    /**
     * @Route("/login", name="login")
     */
    public function login(Request $request, AuthenticationUtils $authenticationUtils)
    {
        // get the login error if there is one
        $error = $authenticationUtils->getLastAuthenticationError();

        // last username entered by the user
        $lastUsername = $authenticationUtils->getLastUsername();

        return $this->render('security/login.html.twig', array(
            'last_username' => $lastUsername,
            'error'         => $error,
        ));
    }

Any idea ?? Thanks

Solution

main:
    anonymous: ~
    form_login_ldap:
        dn_string: '{username}'

来源：https://stackoverflow.com/questions/51193210/symfony-4-ldap