directorytree / ldaprecord-discussions Goto Github PK

I am trying to change password but i get this exception
How to define unicodepwd in a ldap user model ?

LdapRecord\LdapRecordException {#1357
  #detailedError: LdapRecord\DetailedError {#1355
    #errorCode: 17
    #errorMessage: "Undefined attribute type"
    #diagnosticMessage: "unicodepwd: attribute type undefined"
  }
  #message: "ldap_modify_batch(): Batch Modify: Undefined attribute type"
  #code: 2
  #file: "/Users/Hazesoft/projects/delta/auth/vendor/directorytree/ldaprecord/src/LdapRecordException.php"
  #line: 26
  -previous: ErrorException {#1354
    #message: "ldap_modify_batch(): Batch Modify: Undefined attribute type"
    #code: 2
    #file: "/Users/Hazesoft/projects/delta/auth/vendor/directorytree/ldaprecord/src/Ldap.php"
    #line: 664
    #severity: E_WARNING

Hi, is there a way to add default roles, if newly imported users doesnt have them?

In my user controller i have
public function roles()
{
return $this->belongsToMany('App\Role')->withTimestamps();
}

i need to assign by default a role for example with id 8

In the Lumen documentation (https://ldaprecord.com/docs/laravel/lumen), in the section Installation the code snippet references the non-existent (legacy?) class LdapRecordServiceProvider, but it should be LdapServiceProvider.

I am trying to change the OU of a user that has been created previously, for this I use the inside () method. I do dump ($ user) and it shows that in: correct, but nothing happens in the active directory, that is, it maintains the same OU.
Can someone please help me with this.

// Create user within OU "OU_workers"
$user = (new User)->inside('ou=OU_workers,dc=local,dc=com');
$user->cn = 'John Doe';
$user->samaccountname = 'jdoe';
$user->unicodePwd = 'SecretPassword';
$user->userPrincipalName = '[email protected]';
$user->save();
$user->userAccountControl = 512;
$user->save();

    // move user to "OU_students"
    $user = User::findByOrFail('samaccountname', 'jdoe');
    $ou = OrganizationalUnit::findByOrFail('ou', 'OU_students');
    $user->inside('ou=OU_students,dc=local,dc=com');
    $user->save();

in the active directory the user maintains the same OU. Why?

I have followed the instructions to the letter for ldaprecord in the authentication section using Laravel UI (deprecated).
https://ldaprecord.com/docs/laravel/auth/laravel-ui/

I am using Laravel 7x.

I am using username, not email for authentication.

At first I was getting an error about a model index not being present. So I revised the providers section of auth.php to this
` 'providers' => [
'ldap' => [
'driver' => 'ldap',
'model' => LdapRecord\Models\ActiveDirectory\User::class,

        'database' => [
            'model' => App\Ldap\User::class,
            'sync_attributes' => [
                'name' => 'cn',
                'username' => 'samaccountname',
                'email' => 'mail',
            ],
        ],
    ],

    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ],`

My LoginController has the following:
`use Illuminate\Http\Request;

public function username()
{
return 'username';
}

protected function credentials(Request $request)
{
    return [
        'samaccountname' => $request->username,
        'password' => $request->password,
    ];
}`

Like I said, I followed the instructions correctly up to before the "Fallback Authentication". No matter what I do I continue to get "These credentials do not match our records."

When I run the test (php artisan ldap:test) I get a successful connection. I know the credentials I am using are correct. I am at a loss on what I need to do.

Please help.

Cy

I don't see it anywhere in the docs, but is LdapRecord-Laravel compatible with Lumen? As Lumen doesn't have php artisan vendor:ppublish I am unsure of how to complete some steps of the install process.

Hello,
We used to connect do OpenLdap without Username and Password.
It's like a readonly use, to check if the user logged exists and get extra infos.
How to make it work on LdapRecord? On Adldap2 works.
Thanks

Hi,
after switching from adldap2-laravel to ldaprecord-laravel on the working project we can't log in anymore.
We are importing users from AD;

'ldap' => [
'driver' => 'ldap',
'model' => LdapRecord\Models\ActiveDirectory\User::class,
'rules' => [],
'database' => [
'model' => App\User::class,
'sync_passwords' => true,
'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',
'email' => 'mail',
'telephone' => 'telephonenumber',
'position' => 'physicaldeliveryofficename',
'thumbnailphoto' => 'thumbnailphoto'
],
'sync_existing' => [
'email' => 'mail',
],
'password_column' => 'password',
],
]

Everything is synced and OK after synchronization but we can't log in.

Controller:

public function login() {
if (Auth::attempt(['username' => request('username'), 'password' => request('password')])) {
$user = Auth::user();
$success['token'] = $user->createToken('MyApp')->accessToken;
return response()->json(['success' => $success], $this->successStatus);
} else {
return response()->json(['error'=>'Unauthorised'], 401);
}
}

The method returns else value

on dd request('username') and request('password') returns values from post but Auth::attempt(['username' => request('username'), 'password' => request('password')]) returns false

Please help

Hello
I use laravel5.8 on windows10, php7.4
and make (extension=ldap) enabled
added end installed LdapRecord utility , It is in the folder /vendor /diretorytree (ldaprecord)

issues within purplish i use:
php artisan vendor:publish --provider="LdapRecord\Laravel\LdapServiceProvider"
and get:
Publishing complete.
but ldap.php file not exist under config directory (Not generated)
When the order (php artisan make:ldap-model User) is executed
I get the message:

Command "make:ldap-model" is not defined.

Did you mean one of these?
make:auth
make:channel
make:command
make:controller
make:event
make: .......
Is there a solution, how? thanks....

Is there an easier way o retrieve all groups from AD (including OU-s and CN-s).

I know there is a
Adldap::search()->ous()->get() and Adldap::search()->groups()->get()

that above was from adldap2

looking for something easier

Hi,

I am facing an issue with restricted users or group access using Laravel, i can allow juste one user by doing this : LDAP_BASE_DN="uid=gauss,dc=example,dc=com" (please check picture)

My questions is:
1 - how to do so allowing two or three users only ?
2 - how to allow only one group like (ou=mathematicians) when using OpenLdap https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/ for example ?
3 - do we manage my issues in simply working only with .env file ?

Best regards.

$user = User::findBy('mail', '[email protected]');

if (!$user->delete()) {
return false;
} else
return true;

returns this:
Call to a member function delete () on null.

Hello Steve,

I'm doing a project where I have a part which somekind overlaps with Watchdog.
Where Watchdog is more checking for changes, my project is more focusing on compliance.

I parse every night all account through some Check Classes.
Where these classes are devided in three types:

• compliance checks
• compliance checks with actions
• user mails

compliance checks:
These are checks, like :

• accounts for externals must expire
• disabled account must be offboarded
• Display Name must match CN
• Depeding on Type the Display Name needs some tagging
  ...

All isses are logged to a DB
compliance checks with actions are like:

• disable expired accounts
• make sure own company name is only in internal accounts
• set expire date to max of 2 months of longer

user mails includes

• inform 14 / 7 and 3 days before PW expires
• inform 14 / 7 and 3 days before a user expires

I would also like to us Watchdog for some Auditing / change tracking, but I
think it seems not ready to use at the moment?!
I would not use really the watchdog to inform on changes, just more setup an api to get some change tracking gui on top.
As I do Vue, I can not reuse the Watchdog app parts.

My normal App will be extended by the option to change accounts and even to create accounts, as these will allow to create them in line to our standards.

I'm getting an error mentioning LDAP_OPT_PROTOCOL_VERSION

ErrorException
Use of undefined constant LDAP_OPT_PROTOCOL_VERSION - assumed 'LDAP_OPT_PROTOCOL_VERSION' (this will throw an Error in a future version of PHP)

Knowing this might throw an error, has there been a fix?

I know that LDAP is installed with my version of php, which is 7.3.0

Please help.

Hello its possble use ldap record with laravel & inertiajs?

ok, I'm trying to create a simple API with authetication with a LDAP server ldap.forumsys.com this is a test ldap server but I get this error

BadMethodCallException with message 'Method Illuminate\Auth\RequestGuard::attempt does not exist.'

I'm not sure if this is an passport error or a ldaprecord error.

I check my connection and its correct

docker exec -it api php artisan ldap:test
Testing LDAP connection [default]...
+------------+------------+----------+-------------------------+---------------+
| Connection | Successful | Username | Message                 | Response Time |
+------------+------------+----------+-------------------------+---------------+
| default    | ✔ Yes      |          | Successfully connected. | 271.31ms      |
+------------+------------+----------+-------------------------+---------------+

.env file

LDAP_LOGGING=true
LDAP_CONNECTION=default
LDAP_HOST=ldap.forumsys.com
LDAP_USERNAME=null
LDAP_PASSWORD=null
LDAP_PORT=389
LDAP_BASE_DN="DC=example,DC=com"
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false

config/auth.php

return [
    'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
            'hash' => false,
        ],
        'api' => [
            'driver' => 'passport',
            'provider' => 'ldap',
            'hash' => false,
        ],
    ],
    'providers' => [
        'ldap' => [
            'driver' => 'ldap',
            'model' => LdapRecord\Models\ActiveDirectory\User::class,
            'database' => [
                'model' => App\Models\User::class,
                'sync_passwords' => false,
                'sync_attributes' => [
                    'name' => 'cn',
                    'email' => 'mail',
                ],
            ],
        ],
        'users' => [
            'driver' => 'eloquent',
            'model' => App\Models\User::class,
        ],

    ],
]

App\Models\User I alredy implemented LdapRecord\Laravel\Auth\LdapAuthenticatable; and LdapRecord\Laravel\Auth\AuthenticatesWithLdap; as documentation says

<?php

namespace App\Models;

use Illuminate\Contracts\Auth\MustVerifyEmail;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Notifications\Notifiable;
use Illuminate\Database\Eloquent\SoftDeletes; //línea necesaria
use App\Http\Traits\LogTrait;
use Spatie\Permission\Traits\HasRoles;
use Laravel\Passport\HasApiTokens;
use LdapRecord\Models\Model;
use LdapRecord\Laravel\Auth\LdapAuthenticatable;
use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;
class User extends Authenticatable implements LdapAuthenticatable
{
    use HasFactory, Notifiable, 
    SoftDeletes,LogTrait,
    Authenticatable,HasRoles, HasApiTokens, 
    AuthenticatesWithLdap;

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'username',
        'email',
        'password',
        'modules',
        'bearer_token',
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        
        'password',
        'remember_token',
    ];

    /**
     * The attributes that should be cast to native types.
     *
     * @var array
     */
    protected $casts = [
        'email_verified_at' => 'datetime',
    ];

    protected $dates = ['deleted_at'];

    public function employee()
    {
        return $this->hasOne('App\Models\Employee');
    }
    public function ticket_historics()
    {
        return $this->hasMany('App\Models\TicketHistoric');
    }
    public function department()
    {
        return $this->hasOne('App\Models\Department');
    }
}

So when I try to authenticate with a User I get this error. Is this a right way to use ldap in API mode?

Auth::attempt(['email' => 'tesla', 'password' => 'password'])
BadMethodCallException with message 'Method Illuminate\Auth\RequestGuard::attempt does not exist.'

is there a way to write tests using DirectoryEmulator::setup('default'); without having laravel framework

Error : Call to undefined function LdapRecord\Laravel\Testing\app()
 C:\localwww\vendor\directorytree\ldaprecord-laravel\src\Testing\DirectoryEmulator.php:25
 C:\localwww\vendor\illuminate\support\helpers.php:433
 C:\localwww\vendor\directorytree\ldaprecord-laravel\src\Testing\DirectoryEmulator.php:26
 C:\localwww\tests\StatusPage\CreateAdGroup\Service\CreateAdGroupLdapServiceTest.php:27

trying to write some tests for:
https://stackoverflow.com/questions/64597786/php-unit-for-ldaprecord