svajiraya/ldap-bundle

LDAP Bundle for Symfony 3 (backward compatible)

Wednesday, August 23, 2017
by svajiraya
Repository
3 Watchers
0 Stars
169 Installations

PHP
0 Dependents
0 Suggesters
102 Forks
0 Open issues
16 Versions
15 % Grown

The README.md

Support

Dropping support for symfony versions < 3.0. Recent patches might not be compatible with versions lower than 3.0 since some of the core methods were deprecated and removed from this package., _(*1)

LdapBundle

LdapBundle provides LDAP authentication without using Apache's mod_ldap. The bundle instead relies on PHP's LDAP extension along with a form to authenticate users. LdapBundle can also be used for authorization by retrieving the user's roles defined in LDAP., _(*2)

Credits

This Bundle was originally created by BorisMorel. Since this bundle is used frequently in almost all our projects, and since the original bundle was not being maintained by anyone we have tried to add our own mods to the project. Anyone is free to use this bundle and modify it as they please. I will try to keep this bundle upto date, but with my busy schedule that may not the case all the time. if you do manage to update the project, please submit a pull request and I would be happy to examine and merge it., _(*3)

Install

Download with composer
Enable the Bundle
Configure LdapBundle in security.yml
Import LdapBundle routing
Implement Logout
Use chain provider
Subscribe to PRE_BIND event
Subscribe to POST_BIND event

Get the Bundle

Composer

Add LdapBundle in your project's composer.json, _(*4)

{
    "require": {
        "svajiraya/ldap-bundle": "dev-master"
    }
}

or, _(*5)

``` shell, _(*6)

composer require svajiraya/ldap-bundle, _(*7)


### Enable the Bundle

``` php
<?php
// app/AppKernel.php

public function registerBundles()
{
    $bundles = array(
        // ...
        new IMAG\LdapBundle\IMAGLdapBundle(),
    );
}

Configure security.yml

Note:, _(*8)

An example security.yml file is located within the bundle at ./Resources/Docs/security.yml, _(*9)

``` yaml, _(*10)

./IMAG/LdapBundle/Resources/config/security.yml

security: firewalls: restricted_area: pattern: ^/ anonymous: ~ provider: ldap imag_ldap: ~ # alternative configuration # imag_ldap: # login_path: /ninja/login logout: path: /logout target: /, _(*11)

providers: ldap: id: imag_ldap.security.user.provider, _(*12)

encoders: IMAG\LdapBundle\User\LdapUser: plaintext, _(*13)

access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/, roles: IS_AUTHENTICATED_FULLY }, _(*14)

imag_ldap: client: host: your.host.foo port: 389, _(*15)

version: 3 # Optional

username: foo # Optional

password: bar # Optional

network_timeout: 10 # Optional

referrals_enabled: true # Optional

bind_username_before: true # Optional

skip_roles: false # Optional

user: base_dn: ou=people,dc=host,dc=foo, _(*16)

filter: (&(foo=bar)(ObjectClass=Person)) #Optional

name_attribute: uid

role: base_dn: ou=group, dc=host, dc=foo, _(*17)

filter: (ou=group) #Optional

name_attribute: cn
user_attribute: member
user_id: [ dn or username ]

user_class: IMAG\LdapBundle\User\LdapUser # Optional


**You should configure the parameters under the `imag_ldap` section to match your environment.**

**Note:**

> The optional parameters have default values if not set.
> You can disable default values by setting a parameter to NULL.

``` yaml
# app/config/security.yml
imag_ldap:
  # ...
  role:
    # ...
    filter: NULL

Import routing

``` yaml, _(*18)

app/config/routing.yml

imag_ldap: resource: "@IMAGLdapBundle/Resources/config/routing.yml", _(*19)


### Implement Logout

Just create a link with a logout target.

``` html
<a href="{{ path('logout') }}">Logout</a>

Note:, _(*20)

You can refer to the official Symfony documentation : http://symfony.com/doc/current/book/security.html#logging-out, _(*21)

Chain provider

You can also chain the login form with other providers, such as database_provider, in_memory provider, etc., _(*22)

``` yml, _(*23)

app/config/security.yml

security: firewalls: secured_area: pattern: ^/ anonymous: ~ imag_ldap: provider: multiples logout: path: logout providers: multiples: chain: providers: [ldap, db]
ldap: id: imag_ldap.security.user.provider db: entity: { class: FQDN\User }, _(*24)


**Note:**
> If you have set the config option `bind_username_before: true` you must chain the providers with the ldap provider in the last position.

``` yml
# app/config/security.yml

providers: [db, ldap]

The PRE_BIND is fired before the user is authenticated via LDAP. Here you can write a listener to perform your own logic before the user is bound/authenticated to LDAP. For example, to add your own roles or do other authentication/authorization checks with your application., _(*25)

If you want to break the authentication process within your listener, throw an Exception., _(*26)

Example listener: ``` xml , _(*27)


Example:
```php
<?php

namespace Acme\HelloBundle\EventListener;

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use IMAG\LdapBundle\Event\LdapUserEvent;

/**
 * Performs logic before the user is found to LDAP
 */
class LdapSecuritySubscriber implements EventSubscriberInterface
{
    public static function getSubscribedEvents()
    {
        return array(
            \IMAG\LdapBundle\Event\LdapEvents::PRE_BIND => 'onPreBind',
        );
    }

    /**
     * Modifies the User before binding data from LDAP
     *
     * @param \IMAG\LdapBundle\Event\LdapUserEvent $event
     */
    public function onPreBind(LdapUserEvent $event)
    {
        $user = $event->getUser();
        $config = $this->appContext->getConfig();

        $ldapConf = $config['ldap'];

        if (!in_array($user->getUsername(), $ldapConf['allowed'])) {
            throw new \Exception(sprintf('LDAP user %s not allowed', $user->getUsername()));
        }

        $user->addRole('ROLE_LDAP');
        $event->setUser($user);
    }
}

The POST_BIND is fired after the user is authenticated via LDAP. You can use it in exactly the same manner as PRE_BIND., _(*28)

Note:, _(*29)

However each time a page is refreshed, Symfony call the refreshUser method in the provider that is used and doesn't trigger these events (PRE_BIND and POST_BIND). If you want to override user (for example like credentials, roles ...), you must create a new provider and override this method., _(*30)

The Versions

23/08 2017

dev-master

9999999-dev http://github.com/svajiraya/LdapBundle

LDAP Bundle for Symfony 3 (backward compatible)

library ldap-bundle

LDAP Bundle for Symfony 3 (backward compatible)

svajiraya/ldap-bundle

The README.md

Support

LdapBundle

Credits

Install

Get the Bundle

Composer

Configure security.yml

./IMAG/LdapBundle/Resources/config/security.yml

version: 3 # Optional

username: foo # Optional

password: bar # Optional

network_timeout: 10 # Optional

referrals_enabled: true # Optional

bind_username_before: true # Optional

skip_roles: false # Optional

filter: (&(foo=bar)(ObjectClass=Person)) #Optional

filter: (ou=group) #Optional

user_class: IMAG\LdapBundle\User\LdapUser # Optional

Import routing

app/config/routing.yml

Chain provider

app/config/security.yml

Subscribe to PRE_BIND event

Subscribe to POST_BIND event

The Versions

dev-master

The Requires

by Subramanya Vajiraya

v2.4.7

The Requires

by Subramanya Vajiraya

v2.4.6

The Requires

by Subramanya Vajiraya

v2.4.5

The Requires

by Subramanya Vajiraya

v2.4.4

The Requires

by Subramanya Vajiraya

v2.4.3

The Requires

by Subramanya Vajiraya

v2.4.2

The Requires

by Subramanya Vajiraya

v2.4.1

The Requires

by Subramanya Vajiraya

v2.4.0

The Requires

by Subramanya Vajiraya

v2.3.1

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.6

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.5

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.4

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary