当前位置:theitroad>使用 LDAP 在 Laravel 中进行身份验证/登录而无需管理员连接?

使用 LDAP 在 Laravel 中进行身份验证/登录而无需管理员连接?

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/43382991/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-09-14 15:46:46  来源:igfitidea点击:

Authentication/login in Laravel using LDAP with no admin connection?

phplaravelauthenticationloginldap

提问by jotaelesalinas

I am trying to get Laravel 5.4 to authenticate users using LDAP instead of the traditional database method.

我试图让 Laravel 5.4 使用 LDAP 而不是传统的数据库方法对用户进行身份验证。

There is a library for that already, Adldap2/Adldap2-Laravel. The problem is that this library:

已经有一个库,Adldap2/Adldap2-Laravel。问题是这个库:

  1. connects first the the LDAP server as an admin user
  2. then searches for the user that wants to log into my app
  3. checks that the password is correct
  4. stores the data associated to that user in the "local" Laravel database
  5. reconnects to the LDAP as the admin user
  1. 首先以管理员用户身份连接 LDAP 服务器
  2. 然后搜索想要登录我的应用程序的用户
  3. 检查密码是否正确
  4. 将与该用户关联的数据存储在“本地”Laravel 数据库中
  5. 以管理员用户身份重新连接到 LDAP

This doesn't work in my case, because there are no admins in the LDAP server that I ?w?a?n?t? ?have to connect to; only usernames allowed to use the app, with no roles.

这在我的情况下不起作用,因为 LDAP 服务器中没有管理员,我?w?a?n?t? ?必须连接到;只允许使用该应用程序的用户名,没有角色。

As seen in an already existing issue, I modified the LoginControllerclass with the follwoing code (for testing purposes I am trying to connect to the server provided in this web page: Online LDAP Test Server).

正如在一个已经存在的问题中所见,我LoginController使用以下代码修改了类(出于测试目的,我试图连接到此网页中提供的服务器:在线 LDAP 测试服务器)。

protected function attemptLogin(Request $request) {
    $conn_settings = config('adldap.connections')[config('adldap_auth.connection')]['connection_settings'];
    $credentials = $request->only(config('adldap_auth.usernames.eloquent'), 'password');

    $user_format = env('ADLDAP_USER_FORMAT', 'uid=%s,' . $conn_settings['base_dn']);
    $userdn = sprintf($user_format, $credentials[config('adldap_auth.usernames.eloquent')]);
    $pass = $credentials['password'];

    if(Adldap::auth()->attempt($userdn, $pass, $bindAsUser = true)) {
        return true;
    }

    return false;
}

The problem that I have now is that, once logged in with the correct credentials, I am sent back to the login form. When the credentials are wrong, I get the corresponding error message.

我现在遇到的问题是,一旦使用正确的凭据登录,我就会被送回登录表单。当凭据错误时,我会收到相应的错误消息。

My configuration files, just in case:

我的配置文件,以防万一:

.env:

.env:

ADLDAP_CONTROLLERS=ldap.forumsys.com 
ADLDAP_BASEDN=dc=example,dc=com
ADLDAP_USER_FORMAT=uid=%s,dc=example,dc=com

adldap_auth.php:

adldap_auth.php:

[
    'connection' => env('ADLDAP_CONNECTION', 'default'),
    'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
    'resolver' => Adldap\Laravel\Auth\Resolver::class,
    'importer' => Adldap\Laravel\Auth\Importer::class,
    'rules' => [
        Adldap\Laravel\Validation\Rules\DenyTrashed::class,
        // Adldap\Laravel\Validation\Rules\OnlyImported::class,
    ],
    'scopes' => [
        Adldap\Laravel\Scopes\UpnScope::class,
    ],
    'usernames' => [
        'ldap' => 'uid',
        'eloquent' => 'username',
    ],
    'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),
    'password_sync' => env('ADLDAP_PASSWORD_SYNC', true),
    'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],
    'sync_attributes' => [
        'username' => 'uid',
        'name' => 'cn',
    ],
];

adldap.php:

adldap.php:

return [
    'connections' => [
        'default' => [
            'auto_connect' => false,
            'connection' => Adldap\Connections\Ldap::class,
            'schema' => Adldap\Schemas\ActiveDirectory::class,
            'connection_settings' => [
                'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
                'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''),
                'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
                'port' => env('ADLDAP_PORT', 389),
                'timeout' => env('ADLDAP_TIMEOUT', 5),
                'base_dn' => env('ADLDAP_BASEDN', 'dc=corp,dc=acme,dc=org'),
                'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''),
                'admin_username' => env('ADLDAP_ADMIN_USERNAME', ''),
                'admin_password' => env('ADLDAP_ADMIN_PASSWORD', ''),
                'follow_referrals' => true,
                'use_ssl' => false,
                'use_tls' => false,
            ],
        ],
    ],
]

回答by jotaelesalinas

In case anyone stumbles upon this question, I found a way to achieve what I wanted. The step-by-step guide is here: Howto: adminless LDAP authentification in Laravel.

万一有人偶然发现这个问题,我找到了一种方法来实现我想要的。分步指南在这里:如何:Laravel 中的无管理员 LDAP 身份验证

Basically, before returning truein LoginController::attemptLogin(), the Guardhas to be used to save an App\Userin the database.

基本上,在返回之前trueLoginController::attemptLogin(),则Guard有可能被用来保存一个App\User在数据库中。

相关推荐

在 Laravel 中创建一个新页面

在 Laravel 中创建一个新页面

Laravel 5.4 - 注册后禁用自动登录

Laravel 5.4 - 注册后禁用自动登录

laravel 调用未定义的方法 Carbon\Carbon::getTimestamp()

laravel 调用未定义的方法 Carbon\Carbon::getTimestamp()

设置 Laravel 5.4 以使用 React

设置 Laravel 5.4 以使用 React

相关推荐
最近更新
标签