syardumi/my-eloquent-ldap

A Laravel package that first tries to log the user against the internal database if that fails, it tries against the configured LDAP/AD server.

my-eloquent-ldap

, _(*1)

A Laravel package that first tries to log the user against the internal database, if that fails, it tries against the configured LDAP/AD server. Optionally it will create a local user record on first login of an LDAP user, as well as grant that user permissions to local groups that have matching names of the LDAP groups that the user is a member of., _(*2)

Install

Via Composer, _(*3)

``` bash $ composer require syardumi/my-eloquent-ldap, <sub>(*4)</sub>

## Publish assets

To publish the assets, config file and migration scripts, run this command:

``` bash
$ php artisan vendor:publish --provider="Syardumi\EloquentLDAP\Providers\EloquentLDAPServiceProvider"

This will publish a config file and a migration file., <sub>(*5)</sub>

Migration

The migration script will add a new column 'auth_type' to the schema of the 'users' table, and one column 'resync_on_login' to the 'groups' table. You should already have both tables, but if you do not or if you want to use different tables for those purposes, the migration to create those tables is provided as an example, but commented out. You will want to review the migration script and adjust according to your scenario., <sub>(*6)</sub>

Once ready, run the migration script with this command:, <sub>(*7)</sub>

``` bash $ php artisan migrate, <sub>(*8)</sub>

## Configure

The recommended way to configure this package is by defining the following 
variables in you '.env' file and adjusting the values there. For a 
detailed explanation of each setting, refer to the config file 
that you published above.

LDAP_ENABLED=false LDAP_CREATE_ACCOUNTS=true LDAP_REPLICATE_GROUP_MEMBERSHIP=true LDAP_RESYNC_ON_LOGIN=true LDAP_GROUP_MODEL=App\Models\Group LDAP_LABEL_INTERNAL=internal LDAP_LABEL_LDAP=ldap LDAP_ACCOUNT_SUFFIX=@company.com LDAP_BASE_DN=DC=department,DC=company,DC=com LDAP_SERVER=ldapsrv01.company.com LDAP_PORT=389 LDAP_USER_NAME=ldap_reader LDAP_PASSWORD=PaSsWoRd LDAP_RETURN_REAL_PRIMARY_GROUP=true LDAP_SECURED=false LDAP_SECURED_PORT=636 LDAP_RECURSIVE_GROUPS=true LDAP_SSO=false LDAP_USERNAME_FIELD=samaccountname LDAP_EMAIL_FIELD=userprincipalname LDAP_FIRST_NAME_FIELD=givenname LDAP_LAST_NAME_FIELD=sn LDAP_USER_FILTER=(&(objectcategory=person)(samaccountname=%username)) ```, <sub>(*9)</sub>

Usage

The 'users' table/model must have the following columns/attributes named 'username', 'first_name', 'last_name' and 'email'. The migration script provided with this package has an example of how to create such a table but it is commented out., <sub>(*10)</sub>

The user model must have the 'auth-type' attribute added to its 'fillable' array to allow setting the column in the database., <sub>(*11)</sub>

Also your login view and 'AuthController' must accept a user name and password. They can accept other fields if you want, such as email, security token, etc... But the first time a new user tries to log in, since he will not be found in the local database, the package will need the user name to authenticate against the LDAP server., <sub>(*12)</sub>

Example

For a concrete example of this package used in an active project, see sroutier/laravel-5.1-enterprise-starter-kit. Note that in that project this package is used in combination with Zizaco/entrust to provide role based authorization, therefore there is no group model, but instead a role model., <sub>(*13)</sub>

Change log

Please see CHANGELOG for more information what has changed recently., <sub>(*14)</sub>

Contributing

Please see CONTRIBUTING for details., <sub>(*15)</sub>

Security

If you discover any security related issues, please email sroutier@gmail.com instead of using the issue tracker., <sub>(*16)</sub>

Credits

• Sebastien Routier
• All Contributors

License

The GNU General Public License Version 3 (GPLv3). Please see License File for more information., <sub>(*17)</sub>