php - Authentification against Active Directory from symfony 5
问题描述
I am attempting to authenticate users at my company for Symfony5 apps using Active Directory. My current configuration is as follows (this was also successfully tested with Softerra Ldap test server so I can confirm the config is correct).
security:
providers:
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: 'OU=xxxxx,DC=dom1,DC=dom2,DC=com'
search_dn: 'CN=adminUser,OU=xxx,OU=xxxx,DC=dom1,DC=dom2,DC=com'
search_password: 'somePassword'
uid_key: sAMAccountName
filter: (sAMAccountName={username})
default_roles: ROLE_USER
#extra_fields: ['title']
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
security: true
anonymous: true
provider: my_ldap
form_login_ldap:
login_path: login
check_path: login
service: Symfony\Component\Ldap\Ldap
dn_string: 'sAMAccountName={username},DC=dom1,DC=dom2,DC=com'
default_target_path: AdminDashboard
access_control:
- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
#- { path: ^/, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/AdminDashboard, roles: ROLE_USER }
LDAP configuration
Symfony\Component\Ldap\Ldap:
arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
arguments:
- host: xxxxxx.dom1.dom2.com
port: xxx
#encryption: tls
options:
protocol_version: 3
referrals: false
I tried to bind this AD with native php and it's working fine
$ldap_host = "host";
// active directory DN (base location of ldap search)
$ldap_dn = 'OU=xxx,DC=dom1,DC=dom2,DC=com';
// domain, for purposes of constructing $user
$ldap_usr_dom = $user."@dom1.dom2.com";
$port="636";
//display error
error_reporting(0);
// connect to active directory
$ldap = ldap_connect($ldap_host);
// configure ldap params
ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap,LDAP_OPT_REFERRALS,0);
//serach
//$attr = array("memberof");
//$filter="(sAMAccountName=".$user.")";
$bind = @ldap_bind($ldap, $ldap_usr_dom, $password);
//var_dump($bind);die;
// existing usename
if ($bind) {
// valid
// check presence in groups
$filter="(&(objectCategory=person)(objectClass=user)(sAMAccountName=".$user."))";
//$filter="(&(objectCategory=person)(objectClass=user)(sAMAccountName=".$user."))";
$justthese = array("ou", "sn", "givenname", "mail","badpwdcount","lastlogon","employeeid","sAMAccountName","cn");
$result = ldap_search($ldap, $ldap_dn,$filter,$justthese) or exit("Unable to search LDAP server");
$info = ldap_get_entries($ldap, $result);
//var_dump($info);die;
$passwordRetryCount=$info[0]['badpwdcount'][0];
var_dump($info);die;
//if($info[0]['badpwdcount'][0]==0){
// var_dump($info[0]['badpwdcount']);die('test');
//}
if( $passwordRetryCount == 3 ) {
$messages[] = "Username or Password Incorrect - Login Failed.";
return false;
}
//var_dump( $info[0]['employeeid'][0]);die;
$con = DBConnection::getInstance(new DSN("kenuser"));
$con->openConnection();
$session = new Security_Session();
$session->start($info[0]['employeeid'][0]);
// var_dump($session->start($info[0]['employeeid'][0]));die;
//header("Location: /");
//var_dump($info[0]['employeeid'][0]);die;
ldap_unbind($ldap);
return $info;
}
}