LdapBundle

LdapBundle provides a Ldap authentication system without the apache mod_ldap. It uses php-ldap extension with a form to authenticate the users. LdapBundle also can be used for the authorization. It retrieves the Ldap users' roles., _(*1)

Contact

You can try to contact me on freenode irc ; channel #symfony-fr ; pseudo : aways, _(*2)

Install

Download LdapBundle
Configure the Autoloader
Enable the Bundle
Configure LdapBundle security.yml
Import LdapBundle security.yml
Import LdapBundle routing
Implement Logout
Subscribe to PRE_BIND event

Get the Bundle

Composer

Modify your composer.json on your project root, _(*3)

``` php // {root}/composer.json, _(*4)

{ [...], "require": { [...], "imag/ldap-bundle": "dev-master" } }, _(*5)


### Enable the Bundle

``` php
<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
    // ...
    new IMAG\LdapBundle\IMAGLdapBundle(),
    );
}

Configure security.yml

``` yaml, _(*6)

src/IMAG/LdapBundle/Resources/config/security.yml

security: firewalls: restricted_area: pattern: ^/ anonymous: ~ provider: ldap imag_ldap: ~ # alternative configuration # imag_ldap: # login_path: /ninja/login logout: path: /logout target: /, _(*7)

providers: ldap: id: imag_ldap.security.user.provider, _(*8)

encoders: IMAG\LdapBundle\User\LdapUser: plaintext, _(*9)

access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/, roles: IS_AUTHENTICATED_FULLY }, _(*10)

imag_ldap: client: host: your.host.foo port: 389, _(*11)

version: 3 # Optional

username: foo # Optional

password: bar # Optional

user: base_dn: ou=people,dc=host,dc=foo, _(*12)

filter: (&(foo=bar)(ObjectClass=Person)) #Optional

name_attribute: uid

role: base_dn: ou=group, dc=host, dc=foo, _(*13)

filter: (ou=group) #Optional

name_attribute: cn
user_attribute: member
user_id: [ dn or username ]


**You need to configure the parameters under the imag_ldap section.**

**Note:**

> If are not set, the optional parameters have default values.
> You can disable this ; Just set parameter to NULL.

``` yaml
imag_ldap:
  # ...
  role:
   # ...
   filter: NULL

Import security.yml

``` yaml, _(*14)

app/config/config.yml

imports: - { resource: ../../src/IMAG/LdapBundle/Resources/config/security.yml }, _(*15)


### Import routing

``` yaml
# app/config/routing.yml

imag_ldap:
  resource: "@IMAGLdapBundle/Resources/config/routing.yml"

Implement Logout

Just create a link with logout target., _(*16)

``` html logout, _(*17)


**Note:**
You can refer to the official Symfony documentation :
http://symfony.com/doc/2.0/book/security.html#logging-out

### Subscribe to PRE_BIND event

Now you can perform you own logic before the user is authenticated on Ldap.
If you want to break the authentication just return an Exception.

To subscribe:
``` xml
<tag name="kernel.event_listener" event="imag_ldap.security.authentication.pre_bind" method="onPreBind" />

Exemple: ``` php <?php use IMAG\LdapBundle\Event\LdapUserEvent,, _(*18)

public function onPreBind(LdapUserEvent $event) { $user = $event->getUser(); $config = $this->appContext->getConfig();, _(*19)

$ldapConf = $config['ldap'];

if (!in_array($user->getUsername(), $ldapConf['allowed'])) {
    throw new \Exception('Not allowed ldap user');
}

$user->addRole('ROLE_LDAP');

} ```, _(*20)