问题
I'm trying to use the new LdapUserProvider in Symfony 2.8. I believe I have configured everything per the docs.
My user can successfully authenticate, and then gets redirected to the secured page. After the redirection is where the issue begins. Symfony tries to bind as the authenticated user, but with a null password, which is rejected by open ldap.
Here are the relevant log entries and config values.
Config:
services:
app.ldap:
class: Symfony\Component\Ldap\LdapClient
arguments: [ "localhost" ]
Security:
security:
firewalls:
restricted_area:
provider: app_users
form_login_ldap:
service: app.ldap
dn_string: "uid={username},DC=mydomain,DC=net"
check_path: login_check
login_path: login
providers:
app_users:
ldap:
service: app.ldap
base_dn: dc=mydomain,dc=net
search_dn: cn=Manager,DC=mydomain,DC=net
search_password: secretPassword
filter: "(&(aptAccountEnabled=1)(ObjectClass=aptAccount)(uid={username}))"
default_roles: ROLE_USER
And the log file:
[2015-12-18 13:55:11] request.INFO: Matched route "login_check". {"route_parameters":{"_route":"login_check"},"request_uri":"http://ancdev.admin.aptalaska.net/~dmorphis/Portal/web/app_dev.php/Login/Verify"} []
[2015-12-18 13:55:11] security.DEBUG: Read existing security token from the session. {"key":"_security_restricted_area"} []
[2015-12-18 13:55:11] security.DEBUG: User was reloaded from a user provider. {"username":"dan.smartrg","provider":"Symfony\\Component\\Security\\Core\\User\\LdapUserProvider"} []
[2015-12-18 13:55:26] security.INFO: User has been authenticated successfully. {"username":"dan.smartrg"} []
<snip>
[2015-12-18 13:55:26] security.DEBUG: Stored the security token in the session. {"key":"_security_restricted_area"} []
<snip>
[2015-12-18 13:55:27] request.INFO: Matched route "home.index". {"route_parameters":{"_controller":"Apt\\PortalBundle\\Controller\\DefaultController::indexAction","_route":"home.index"},"request_uri":"http://ancdev.admin.aptalaska.net/~dmorphis/Portal/web/app_dev.php/"} []
[2015-12-18 13:55:28] security.DEBUG: Read existing security token from the session. {"key":"_security_restricted_area"} []
[2015-12-18 13:55:28] security.DEBUG: User was reloaded from a user provider. {"username":"dan.smartrg","provider":"Symfony\\Component\\Security\\Core\\User\\LdapUserProvider"} []
[2015-12-18 13:56:15] php.DEBUG: ldap_bind(): Unable to bind to server: Server is unwilling to perform {"type":2,"file":"/home/dmorphis/public_html/Portal/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":73,"level":28928} []
[2015-12-18 13:56:15] app.ERROR: Bad credentials. [{"file":"/home/dmorphis/public_html/Portal/app/cache/dev/classes.php","line":2697,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvide <truncated>
[2015-12-18 13:56:15] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point.
回答1:
Finally I found what was the problem.
You have to chain the UserProvider
:
chain_provider:
chain:
providers: [in_memory, app_users]
in_memory:
memory: ~
app_users:
ldap:
.....</i>
回答2:
I had same problem. In my case it was wrong configuration of framework.session.handler_id
– I had to change it from native file handler to null which is default PHP session handler.
回答3:
I had almost exactly the same problem. After intense debugging, I came to the line:
in \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken::__construct
:
parent::setAuthenticated(count($roles) > 0);
This was a problem, because I diagnosed, that UsernamePasswordToken was coming unauthenticated from session storage to begin with. This was caused by no roles assigned due to my custom overriding of default services.
Normally, LDAP will be called only once on login and no password should be stored in session. Only authenticated = true
in serialized token.
Are you sure you are getting unserialised authenticated token?
回答4:
In Symfony 3.1, the LdapClient component was deprecated. So I wanted to update the solution. This solution should also work for Symfony 2.8/2.9 apps.
#security.yml
security:
firewalls:
restricted_area:
provider: app_users
form_login_ldap:
service: ldap.auth
dn_string: "%dn_string%"
providers:
app_users:
ldap:
service: ldap.auth
base_dn: "dc=domain,dc=net"
search_dn: "cn=Manager,DC=domain,DC=net"
search_password: secretPassword
filter: "(&(aptAccountEnabled=1)(ObjectClass=aptAccount)({uid_key}={username}))"
default_roles: ROLE_USER
uid_key: uid
#services.yml
services:
ldap.auth:
class: 'Symfony\Component\Ldap\Ldap'
factory:
- 'Symfony\Component\Ldap\Ldap'
- 'create'
arguments:
- 'ext_ldap' # adapter
-
host: database
options:
protocol_version: 3
来源:https://stackoverflow.com/questions/34365482/ldap-authentication-with-symfony-2-8