问题
I am trying to authenticate users through ldap (window active directory) with Symfony 3.2 configured the service and security as per the documents
But I am getting the error:
php.DEBUG: Warning: ldap_bind(): Unable to bind to server: Invalid credentials {"exception":"[object] (Symfony\Component\Debug\Exception\SilencedErrorContext: {\"severity\":2,\"file\":\"/var/www/html/workflow/vendor/symfony/symfony/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php\",\"line\":54})"} []
Tried many changes in the parameters like adding the domain{username} or copying the cn string completely from ldap search softerra.
security.yml:
security:
providers:
my_ldap:
ldap:
service: ldap
base_dn: dc=example,dc=example
search_dn: "cn=user.name,DC=example,DC=example"
search_password: PassWord
default_roles: ROLE_ADMIN
uid_key: sAMAccountName
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
# an`enter code here`onymous: ~`enter code here`
http_basic_ldap:
service: ldap
dn_string: 'uid={username},dc=example,dc=example'
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, roles: ROLE_ADMIN }
service.yml:
services:
ldap:
class: Symfony\Component\Ldap\LdapClient
arguments:
- ip # host
- portenter code here # port
- 3 # version
- false # SSL
- false # TLS
native php:
<?php
$name = 'username@domain.local';
$pass = 'password';
$adServer = 'ldap://xxx.xxx.xxx.xxx:1234/';
$basedn="OU=Users,OU=Office,OU=xxx,DC=xxx,DC=xxx"
$filter="(&(!(ou=NoSync))(department=*)(sn=*))";
$attributes=array("displayname", "mail", "company", "department", "physicaldeliveryofficename", "memberOf","givenname","sn","manager",
"mobile", "ipphone", "telephoneNumber", "facsimiletelephonenumber", "streetaddress", "l", "st","userprincipalname",
"postalcode", "c", "title", "samaccountname", "useraccountcontrol");
$cnx = ldap_connect($adServer) or die("Could not connect to LDAP server.");
ldap_bind($cnx, $name, $pass);
ldap_set_option($cnx, LDAP_OPT_SIZELIMIT,10000);
ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Could not set ldap protocol");;
ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0) or die ("Could not set option referrals");
ldap_control_paged_result($cnx, 1000) or die ("Could not set option page limit");
$pageSize = 900;
$total='';
$cookie = '';
$arr_rec=[];
$arr_rec_update=[];
do {
$total = $pageSize + $total;
ldap_control_paged_result($cnx, $pageSize, true, $cookie);
$result = ldap_search($cnx,$basedn,$filter,$attributes);
$entries = ldap_get_entries($cnx, $result);
?>
回答1:
1st, declaring the ldap service as you did is deprecated, for Symfony 3.2 you should declare it using the ldap class:
app/config/services.yml:
services:
ldap:
class: Symfony\Component\Ldap\Ldap
factory: [ 'Symfony\Component\Ldap\Ldap', 'create']
arguments:
- ext_ldap
- host: ip
- port: 1234
- version: 3
- ssl: false
- tls: false
Regarding the PHP script you provided, your configuration should look like this:
app/config/security.yml:
security:
providers:
my_ldap:
ldap:
service: ldap
base_dn: 'OU=Users,OU=Office,OU=xxx,DC=xxx,DC=xxx'
search_dn: 'username@domain.local'
search_password: 'password'
default_roles: 'ROLE_ADMIN'
firewalls:
main:
pattern: ^/
anonymous: ~
http_basic_ldap:
service: ldap
dn_string: '{username}'
#dn_string: 'domain\{username}' # or try including your domain prefix
来源:https://stackoverflow.com/questions/43320661/symfony-3-2-ldap-authentication-issue