Closed fatalh closed 7 years ago
Hi @fatalh,
This is almost always a configuration issue. Can you post your config/adldap.php
and config/adldap_auth.php
file (with sensitive details removed)?
Yes I can do it , but I think there are no sensitive details in config/adldap_auth.php
`<?php
return [
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The LDAP connection to use for laravel authentication.
|
| You must specify connections in your `config/adldap.php` configuration file.
|
| This must be a string.
|
*/
'connection' => env('ADLDAP_CONNECTION', 'default'),
/*
|--------------------------------------------------------------------------
| Provider
|--------------------------------------------------------------------------
|
| The LDAP authentication provider to use depending
| if you require database synchronization.
|
| For synchronizing LDAP users to your local applications database, use the provider:
|
| Adldap\Laravel\Auth\DatabaseUserProvider::class
|
| Otherwise, if you just require LDAP authentication, use the provider:
|
| Adldap\Laravel\Auth\NoDatabaseUserProvider::class
|
*/
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
/*
|--------------------------------------------------------------------------
| Resolver
|--------------------------------------------------------------------------
|
| The resolver that locates users from your LDAP server.
|
| Custom resolvers must implement the following interface:
|
| Adldap\Laravel\Auth\ResolverInterface
|
*/
'resolver' => Adldap\Laravel\Auth\Resolver::class,
/*
|--------------------------------------------------------------------------
| Importer
|--------------------------------------------------------------------------
|
| The importer that imports LDAP users into your local database.
|
| Custom importers must implement the following interface:
|
| Adldap\Laravel\Auth\ImporterInterface
|
*/
'importer' => Adldap\Laravel\Auth\Importer::class,
/*
|--------------------------------------------------------------------------
| Rules
|--------------------------------------------------------------------------
|
| Rules allow you to control user authentication requests depending on scenarios.
|
| You can create your own rules and insert them here.
|
| All rules must extend from the following class:
|
| Adldap\Laravel\Validation\Rules\Rule
|
*/
'rules' => [
// Denys deleted users from authenticating.
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
// Allows only manually imported users to authenticate.
// Adldap\Laravel\Validation\Rules\OnlyImported::class,
],
/*
|--------------------------------------------------------------------------
| Scopes
|--------------------------------------------------------------------------
|
| Scopes allow you to restrict the LDAP query that locates
| users upon import and authentication.
|
| All scopes must implement the following interface:
|
| Adldap\Laravel\Scopes\ScopeInterface
|
*/
'scopes' => [
// Only allows users with a user principal name to authenticate.
Adldap\Laravel\Scopes\UpnScope::class,
],
'usernames' => [
/*
|--------------------------------------------------------------------------
| LDAP
|--------------------------------------------------------------------------
|
| This is the LDAP users attribute that you use to authenticate
| against your LDAP server. This is usually the users
|'sAMAccountName' / 'userprincipalname' attribute.
|
| If you'd like to use their username to login instead, insert `samaccountname`.
|
*/
'ldap' => 'samaccountname',
/*
|--------------------------------------------------------------------------
| Eloquent
|--------------------------------------------------------------------------
|
| This is the attribute that is used for locating
| and storing the LDAP username above.
|
| If you're using a `username` field instead, change this to `username`.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'eloquent' => 'username',
],
/*
|--------------------------------------------------------------------------
| Login Fallback
|--------------------------------------------------------------------------
|
| The login fallback option allows you to login as a user located on the
| local database if active directory authentication fails.
|
| Set this to true if you would like to enable it.
|
| This option must be true or false and is only
| applicable to the DatabaseUserProvider.
|
*/
'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),
/*
|--------------------------------------------------------------------------
| Password Sync
|--------------------------------------------------------------------------
|
| The password sync option allows you to automatically synchronize
| users AD passwords to your local database. These passwords are
| hashed natively by laravel using the bcrypt() method.
|
| Enabling this option would also allow users to login to their
| accounts using the password last used when an AD connection
| was present.
|
| If this option is disabled, the local user account is applied
| a random 16 character hashed password, and will lose access
| to this account upon loss of AD connectivity.
|
| This option must be true or false and is only applicable
| to the DatabaseUserProvider.
|
*/
'password_sync' => env('ADLDAP_PASSWORD_SYNC', true),
/*
|--------------------------------------------------------------------------
| Windows Auth Attribute
|--------------------------------------------------------------------------
|
| This array represents how a user is found when
| utilizing the Adldap Windows Auth Middleware.
|
| The key of the array represents the attribute that the user is located by.
|
| For example, if 'samaccountname' is the key, then your LDAP server is
| queried for a user with the 'samaccountname' equal to the value of
| $_SERVER['AUTH_USER'].
|
| If a user is found, they are imported (if using the DatabaseUserProvider)
| into your local database, then logged in.
|
| The value of the array represents the 'key' of the $_SERVER
| array to pull the users username from.
|
| For example, $_SERVER['AUTH_USER'].
|
| This must be an array with a key - value pair.
|
*/
'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],
/*
|--------------------------------------------------------------------------
| Sync Attributes
|--------------------------------------------------------------------------
|
| Attributes specified here will be added / replaced on the user model
| upon login, automatically synchronizing and keeping the attributes
| up to date.
|
| The array key represents the Laravel model key, and the value
| represents the users LDAP attribute.
|
| This option must be an array and is only applicable
| to the DatabaseUserProvider.
|
*/
'sync_attributes' => [
'email' => 'samaccountname',
'name' => 'cn',
],
]; `
`<?php
return [
/*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you must connect manually before running
| LDAP operations.
|
*/
'auto_connect' => true,
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
| \Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| Custom schema classes must implement \Adldap\Schemas\SchemaInterface
|
*/
'schema' => Adldap\Schemas\ActiveDirectory::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'connection_settings' => [
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in AD.
|
| This string is prepended to authenticating users usernames.
|
*/
'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in AD.
|
| This string is appended to authenticating users usernames.
|
*/
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', '******I'),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', '*******')),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your AD server.
|
*/
'port' => env('ADLDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('ADLDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
'base_dn' => env('ADLDAP_BASEDN', 'dc=*****,dc=**'),
/*
|--------------------------------------------------------------------------
| Administrator Account Suffix
|--------------------------------------------------------------------------
|
| This option allows you to set a different account suffix for your
| configured administrator account upon binding.
|
| If left empty, your `account_suffix` option will be used.
|
*/
'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''),
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your AD server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'admin_username' => env('ADLDAP_ADMIN_USERNAME', '********'),
'admin_password' => env('ADLDAP_ADMIN_PASSWORD', '********'),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => false,
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => false,
'use_tls' => false,
],
],
],
]; `
@stevebauman , I hope you did not forget me , please help me fix this issue
Hi @stevebauman , I posted my config/adldap.php and config/adldap_auth.php , but you did not reply . Can you still help me ?
Hi @fatalh, apologies for the long response.
You're not syncing your username properly in your config:
'sync_attributes' => [
'email' => 'samaccountname',
'name' => 'cn',
],
Should be:
'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',
],
Thanks , I edited the code with : 'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',
], But it does not work yet . Importing 166 users but 0 Synchronized. Could that be a problem with my database tables ?
Have you modified your user database table to use a username
column instead of email
?
This is mentioned in the quick start guide:
I added a new column "username" in the database , so there are a table "name" and another table "username" , here are the migrations : `class CreateUsersTable extends Migration { /**
@return void */ public function up() { Schema::create('users', function (Blueprint $table) { $table->increments('id'); $table->string('name', 50); $table->string('direction', 50); $table->string('email', 100); $table->string('password'); $table->rememberToken(); $table->timestamps(); }); }
/**
class AddUsernameColumnToUsersTable extends Migration { /**
@return void */ public function up() { Schema::table('users', function (Blueprint $table) { $table->string('username', 100)->unique(); }); }
/**
You have a non-nullable fields in your schema, which would calls all imports to fail:
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name', 50);
$table->string('direction', 50); // This is non-nullable, user imports will fail.
$table->string('email', 100); // This is non-nullable, user imports will fail.
$table->string('password');
$table->rememberToken();
$table->timestamps();
});
Also you have incorrect usage of your down()
method in your username migration:
Schema::table('users', function (Blueprint $table) {
Schema::dropIfExists('username'); // Incorrect, this will try and drop a table named 'username'.
});
Should be:
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('username');
});
If your only using usernames and don't require an email field in your users
table, you should be dropping the email
oolumn and replacing it with a username
column.
Thanks you very much @stevebauman , I want to delete the users table , and then create a new with the necessary fields in order to correctly call the imports, is that a good idea ?
Yes definitely, just run the command php artisan migrate:rollback
which will remove all your migrated tables, then edit the users
table migration, and then run php artisan migrate
.
Unfortunately I just don't have time to assist step by step installations. This is seems to be just a configuration issue. There are tons of these already resolved and closed which can be browsed to assist you further.
If you encounter any bugs however, please create another issue. Thanks!
I finally did it ... Thanks you very much !!!
Great to hear you've resolved your issue, thanks for following up!
Description:
Successfully imported / synchronized 0 user(s).
Steps To Reproduce:
After some days of work, I can now loggin my app through the AD users , but the problem is I have to manually write the username of the AD User in my database ,then I can connect with that username. When I try to import the AD users in my database via : php artisan adldap:import , I have this : Successfully imported / synchronized 0 user(s). How can I import and synchronize all the users of the Active Directory in my database ?