strebl / ldap-auth Goto Github PK

Heya!

Started looking to set this up for AD Authentication on a work project via a Laravel install. So far can Authenticate and log in just fine.

However I have noticed that when pulling the Group Membership for a user it appears to be incorrect. Specifically every single group is missing the first 3 characters.

Pastebin Example

The above is a direct pull from a dd(Auth::user()); specifcally my personal account. I have just removed some Groups and changed the name to Test User for security. But if you notice, the first 3 letters of all groups are showing incorrectly.

"inistrators" => "inistrators" - Should be Administrators
"erprise Admins" => "erprise Admins" - Should be Enterprise Admins
"ain Users" => "ain Users" - Should be Domain Users

etc.

I'm going to switch the dependency to the new Adldap2/Adldap2 repository after it hits stable. It's the modern version of the original adldap/adldap.
It's even possible that the changes getting merged to the original repository.

Hello -

I'm running into a few problems that I'm having trouble overcoming, which is accessing the properties that are available to the Active Directory user, such as their full name, groups, etc.

As per the documentation that is provided, adding the fields value to the auth.php configuration file should make them accessible, but it appears it isn't working properly.

'fields' => ['displayname', 'givenname']

I added the above line, but when trying to access the logged in user's display name, it always returns null.

return dd(\Auth::user()->displayname); // returns null

Any help would be greatly appreciated. Thank you for your help!

I'm getting this after calling \Auth::validate(), when I have 'recursive_groups' => true,

if (\Auth::validate(['username' => $input['username'], 'password' => $input['password']])) {
    // Authentication passed...
    return redirect()->intended('home');
}

Thank you for this service. I have it setup and working fine with ldap, however I cannot figure out how to access the ldap userlist. Could you explain how I can grab it via one of my controllers?

According to the inline comments, it is suppose to have all the data in Auth::user(). However I have dd that out and couldn't see any userList and when I do Auth::user()->userList, I get null.

Honestly I just want the ability to check against the list of users in ldap and ensure my userlist is up-to-date. And if not, add any missing users.

Hello, I'm receiving the following error when trying to configure this package on the newest version of Laravel (5.1.1).

BindingResolutionException in Container.php line 744: Target [Illuminate\Contracts\Auth\Access\Gate] is not instantiable.

Any help would be greatly appreciated.

Hi strebl,

is there a proper reason why you are doing this?
https://github.com/strebl/ldap-auth/blob/master/src/LdapAuthUserProvider.php#L268
Just returning $groups would make more sense for me.

Best regards,
ChrOst

Hi,

Your fork is it working with Laravel 5.2/5.3 ?

Thanks

Will going to implement Laravel 5.1 support tomorrow.

This plugin only works on AC? Or works for OpenLDAP?

Hi!,

Why composer says: "Package strebl/adldap is abandoned, you should avoid using it. Use adldap2/adldap2 instead", after install.

Specs:

• Laravel 5.1
• Composer: "strebl/l5-ldap-auth": "2.1.*"

New to Github so not really sure where to post this, but I was getting this error when trying to log in with an account that didn't exist.

Changing to the following seemed to fix it.

return count($groups) > 1 ? substr($groups[1], '3') : null;

Please consider to switch to a new package: Adldap2/Adldap2-laravel.

@stevebauman does a fantastic job over there. He first rewrote Adldap and now he wrote an Laravel driver.

There are 3 major reasons to switch to Adldap2-laravel.

• @stevebauman is a great maintainer, answering questions way faster than me.
• Adldap2/Adldap2-laravel depends on the new and maintained Adldap2/Adldap2 package.
• @stevebauman has way more experience than I have.

Therefore I really recommend you to switch to this package.

Unfortunately I didn't test it so far. But as far as I see, the package does the same, but even better.

I won't stop maintaining this fork just yet, but I won't do anything big with it either.
Therefore I closed #8, because there is no need to have two packages doing the same if one is so much better 😄

I found that this part:

To set up your adLDAP for connections to your domain controller, create a file app/config/adldap.php
This will provide all the configuration values for your connection.

was incorrect. I had to add the config options to ConfigServiceProvider.php

Hi -
First thanks for your work on this. I've attempted to roll my own L5 ldap driver with varying degrees of success and this makes things much simpler.

I have a question regarding the 'remember token'. The LdapAuthUserProvider->retrieveByToken() method has a comment saying "this shouldn't bee needed as user / password is in ldap". However, I still feel there is a need to store a token in the database for when the user wants to automatically be logged in next time. Without storing it somewhere the user will not have the ability to 'remember me'. It seems this would be easy enough, but there may be a reason why it has not been implemented. I want to be sure I am using this the way it was intended and not recreate the wheel.

Any insights would be appreciated. Thanks again for your work on this.

I'm not an LDAP guy, so maybe this is only for us, but in LdapAuthUserProvider.php:269 says

                    if (substr($splitGroup, 0, 3) !== 'DC=') {
                        $grps[substr($splitGroup, '3')] = substr($splitGroup, '3');
                    }

Our groups return without the "DC=", so my groups array in Laravel looks like:

"groups": {
    "ain Users": "ain Users",  // should be "Domain Users"
    "rs": "rs"  // should be "Users"
}

If the purpose is to replace out the strings that start with DC=, then it seems to me like it should be:

                    if (substr($splitGroup, 0, 3) !== 'DC=') {
                        $grps[$splitGroup] = $splitGroup;
                    } else {
                        $grps[substr($splitGroup, '3')] = substr($splitGroup, '3');
                    }

Unless, again, this is just a quirk with our IT dept's set up.

Thanks.

Hi,
thanks for your work!
I failed with changing the username_field (my database attribute is different).

In the retrieveByCredentials function you are using
$credentials[$this->getUsernameField()]
which is correct.
In validateCredentials you are using hardcoded username
authenticate($credentials['username'], $credentials['password'])

BR

I get this error: ErrorException in LdapAuthUserProvider.php line 117: Undefined index: fieldname

my files

config/auth.php

<?php
return [
        'driver' => 'ldap',
        'model' => App\User::class,
        'table' => 'users',

        'fields' => [
    'username' => 'samaccountname',
    'name' => 'displayName',
    'firstname' => 'givenName',
    'lastname' => 'sn',
    'groups' => 'memberOf',
],


    'password' => [
        'email' => 'emails.password',
        'table' => 'password_resets',
        'expire' => 60,
    ],

];

config/adlap.php

return [
    'account_suffix' => "@inge.local",
    'domain_controllers' => array("172.25.1.50", "172.25.1.51"), 
    'base_dn' => 'DC=ingeo,DC=local',
];

//form login
<form class="form-horizontal" role="form" method="POST" action="{{ url('/auth/login') }}">
<input type="email" class="form-control" name="email" value="{{ old('email') }}">
<input type="password" class="form-control" name="password">
<button type="submit" class="btn btn-primary">Iniciar Sesión</button>
</form>

/routes.php
Route::get('auth/login', 'Auth\AuthController@getLogin');
Route::post('auth/login', ['as' =>'auth/login', 'uses' => 'Auth\AuthController@postLogin']);

//AuthController.php

<?php

namespace App\Http\Controllers\Auth;

use App\User;
use Validator;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => 'getLogout']);
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|confirmed|min:6',
        ]);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }
}

I do wrong?

This is not so much an issue as much as trying to reach out to get information. I am currently using this package on my site but I need to add a failover section, where if the user does not exist in the LDAP to check a mysql database for the login information. Can someone point me in the right direction.