dev-master
9999999-devLDAP Authentication for Laravel 5.2 and above
MIT
The Requires
- laravel/framework ~5.2
- php >=5.5.9
laravel ldap active directory laravel auth laravel 5.4 laravel 5.2 laravel 5.3 ldap authentication laravel authentication
Wallogit.com
2017 © Pedro Peláez
library ldap-auth
LDAP Authentication for Laravel 5.2 and above
santran/ldap-auth
LDAP Authentication for Laravel 5.2 and above
- Tuesday, May 9, 2017
- by santran
- Repository
- 1 Watchers
- 1 Stars
- 41 Installations
- PHP
- 0 Dependents
- 0 Suggesters
- 0 Forks
- 0 Open issues
- 1 Versions
- 14 % Grown
The README.md
Laravel 5 LDAP Authentication Laravel 5.2+
, (*1)
Installation
Step 1: Install via composer
composer require santran/ldap-auth:dev-master
Step 2: Add the Service Provider
Modify your config/app.php file and add the service provider to the providers array., (*2)
SanTran\LDAPAuth\LDAPAuthServiceProvider::class,
Step 3: Publish the configuration file by running:
php artisan vendor:publish --tag="ldap_auth"
Now you're all set!, (*3)
Configuration
Step 1: Tweak the basic authentication
Setup LDAP Server config config/ldap_auth.php., (*4)
return [ 'suffix' => '@127.0.0.1', /* |-------------------------------------------------- | Domain Controllers |-------------------------------------------------- | | The domain controllers option is an array of servers located on your | network that serve Active Directory. You can insert as many servers or | as little as you'd like depending on your forest (with a minimum of one). | */ 'domain_controller' => [ '127.0.0.1' ], /* |-------------------------------------------------- | Base Distinguished Name |-------------------------------------------------- | | The base distinguished name is the base distinguished name you'd like | to perform operations on. An example base DN would be DC=dns,DC=example,DC=local. | | If none defined, then it will try to find it automatically by querying your server. | It's highly recommended to include it to limit queries executed per request. | */ 'base_dn' => 'DC=aitldap,DC=com', /* |-------------------------------------------------- | Group Distinguished Name |-------------------------------------------------- | | Permission login to this tool | */ 'group_dn' => 'CN=tms,OU=tools,DC=aitldap,DC=com', /* |-------------------------------------------------- | Search Filter |-------------------------------------------------- | | The filter option defines (you guessed it) on what filter to execute a query on. | The default filter is "uid". For more information please check | msdn.microsoft.com/En-US/library/aa746475.aspx | */ 'search_filter' => 'uid', /* |-------------------------------------------------- | Search Fields |-------------------------------------------------- | | The fields options defined what fields you want the be returned on a successful | query result. Note: The distinguished name is always returned. | */ 'search_fields' => [ 'cn', 'gidNumber', 'uid', ], 'read_user_record' => true, 'mapping_field' => "username", /* |-------------------------------------------------- | Backup Rebinding |-------------------------------------------------- | | This options indicates to use the host names sequentially. This package will try | to connect to the first domain controller. If it's not reachable the next DC | will be tried. | | If this option is set to false load balancing will be used instead for multiple DC. | */ 'backup_rebind' => true, /* |-------------------------------------------------- | SSL & TLS |-------------------------------------------------- | | One of these options are recommended if you have the ability to connect to your server | securely. Ensure that only one option can be true. The other one must be false. | */ 'ssl' => false, 'tls' => false, /* |-------------------------------------------------------------------------- | Administrator Username & Password |-------------------------------------------------------------------------- | | When connecting to your AD server, an administrator username and | password is required to be able to query and run operations on | your server(s). You can use any user account that has | these permissions to prevent anonymous bindings. | */ 'admin_user' => 'Manager', 'admin_pass' => '12345678', ];
Update your config/auth.php to use ldap as authentication and the LDAPUser Class., (*5)
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'ldap',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'ldap' => [
'driver' => 'ldap',
'model' => \SanTran\LDAPAuth\LDAPUser::class,
],
]
Step 2: Adjust the LDAP config to your needs
If you have run php artisan vendor:publish --tag="ldap_auth" you should see the
ldap_auth.php file in your config directory. Adjust the values as you need them., (*6)
Usage
Authentication
if (auth()->attempt($request->only('username', 'password'))) {
//Passed
}
or, (*7)
$user = Auth::guard()->getProvider()->retrieveByCredentials($request->only('username', 'password'));
if ($user && Auth::guard()
->getProvider()
->validateCredentials($user, $request->only('password')) && Auth::login($user)) {
//Passed
}
or, (*8)
$ldap = config('ldap_auth');
$credentials = $request->only('username', 'password');
$auth = config('auth');
$model = $auth['providers']['ldap']['model'];
$connection = new \SanTran\LDAPAuth\LDAP($ldap);
$ldapp_auth = new \SanTran\LDAPAuth\LDAPAuthUserProvider($connection, $model);
$user_ldap = $ldapp_auth->retrieveByCredentials($credentials);
if ($ldapp_auth->validateCredentials($user_ldap, $credentials)) {
$user = User::where('username', '=', $credentials['username'])->first();
Auth::login($user, true);
//Passed
} else {
return redirect()->back()->withInput()->with('error', trans('message.failed'));
}
The Versions
09/05
2017