stevebauman
commented
7 years ago Hi @fatalh,
This is almost always a configuration issue. Can you post your config/adldap.php and config/adldap_auth.php file (with sensitive details removed)?
Closed fatalh closed 7 years ago
stevebauman
commented
7 years ago Hi @fatalh,
This is almost always a configuration issue. Can you post your config/adldap.php and config/adldap_auth.php file (with sensitive details removed)?
fatalh
commented
7 years ago Yes I can do it , but I think there are no sensitive details in config/adldap_auth.php
fatalh
commented
7 years ago `<?php
return [
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The LDAP connection to use for laravel authentication.
|
| You must specify connections in your `config/adldap.php` configuration file.
|
| This must be a string.
|
*/
'connection' => env('ADLDAP_CONNECTION', 'default'),
/*
|--------------------------------------------------------------------------
| Provider
|--------------------------------------------------------------------------
|
| The LDAP authentication provider to use depending
| if you require database synchronization.
|
| For synchronizing LDAP users to your local applications database, use the provider:
|
| Adldap\Laravel\Auth\DatabaseUserProvider::class
|
| Otherwise, if you just require LDAP authentication, use the provider:
|
| Adldap\Laravel\Auth\NoDatabaseUserProvider::class
|
*/
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
/*
|--------------------------------------------------------------------------
| Resolver
|--------------------------------------------------------------------------
|
| The resolver that locates users from your LDAP server.
|
| Custom resolvers must implement the following interface:
|
| Adldap\Laravel\Auth\ResolverInterface
|
*/
'resolver' => Adldap\Laravel\Auth\Resolver::class,
/*
|--------------------------------------------------------------------------
| Importer
|--------------------------------------------------------------------------
|
| The importer that imports LDAP users into your local database.
|
| Custom importers must implement the following interface:
|
| Adldap\Laravel\Auth\ImporterInterface
|
*/
'importer' => Adldap\Laravel\Auth\Importer::class,
/*
|--------------------------------------------------------------------------
| Rules
|--------------------------------------------------------------------------
|
| Rules allow you to control user authentication requests depending on scenarios.
|
| You can create your own rules and insert them here.
|
| All rules must extend from the following class:
|
| Adldap\Laravel\Validation\Rules\Rule
|
*/
'rules' => [
// Denys deleted users from authenticating.
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
// Allows only manually imported users to authenticate.
// Adldap\Laravel\Validation\Rules\OnlyImported::class,
],
/*
|--------------------------------------------------------------------------
| Scopes
|--------------------------------------------------------------------------
|
| Scopes allow you to restrict the LDAP query that locates
| users upon import and authentication.
|
| All scopes must implement the following interface:
|
| Adldap\Laravel\Scopes\ScopeInterface
|
*/
'scopes' => [
// Only allows users with a user principal name to authenticate.
Adldap\Laravel\Scopes\UpnScope::class,
],
'usernames' => [
/*
|--------------------------------------------------------------------------
| LDAP
|--------------------------------------------------------------------------
|
| This is the LDAP users attribute that you use to authenticate
| against your LDAP server. This is usually the users
|'sAMAccountName' / 'userprincipalname' attribute.
|
| If you'd like to use their username to login instead, insert `samaccountname`.
|
*/
'ldap' => 'samaccountname',
/*
|--------------------------------------------------------------------------
| Eloquent
|--------------------------------------------------------------------------
|
| This is the attribute that is used for locating
| and storing the LDAP username above.
|
| If you're using a `username` field instead, change this to `username`.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'eloquent' => 'username',
],
/*
|--------------------------------------------------------------------------
| Login Fallback
|--------------------------------------------------------------------------
|
| The login fallback option allows you to login as a user located on the
| local database if active directory authentication fails.
|
| Set this to true if you would like to enable it.
|
| This option must be true or false and is only
| applicable to the DatabaseUserProvider.
|
*/
'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),
/*
|--------------------------------------------------------------------------
| Password Sync
|--------------------------------------------------------------------------
|
| The password sync option allows you to automatically synchronize
| users AD passwords to your local database. These passwords are
| hashed natively by laravel using the bcrypt() method.
|
| Enabling this option would also allow users to login to their
| accounts using the password last used when an AD connection
| was present.
|
| If this option is disabled, the local user account is applied
| a random 16 character hashed password, and will lose access
| to this account upon loss of AD connectivity.
|
| This option must be true or false and is only applicable
| to the DatabaseUserProvider.
|
*/
'password_sync' => env('ADLDAP_PASSWORD_SYNC', true),
/*
|--------------------------------------------------------------------------
| Windows Auth Attribute
|--------------------------------------------------------------------------
|
| This array represents how a user is found when
| utilizing the Adldap Windows Auth Middleware.
|
| The key of the array represents the attribute that the user is located by.
|
| For example, if 'samaccountname' is the key, then your LDAP server is
| queried for a user with the 'samaccountname' equal to the value of
| $_SERVER['AUTH_USER'].
|
| If a user is found, they are imported (if using the DatabaseUserProvider)
| into your local database, then logged in.
|
| The value of the array represents the 'key' of the $_SERVER
| array to pull the users username from.
|
| For example, $_SERVER['AUTH_USER'].
|
| This must be an array with a key - value pair.
|
*/
'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],
/*
|--------------------------------------------------------------------------
| Sync Attributes
|--------------------------------------------------------------------------
|
| Attributes specified here will be added / replaced on the user model
| upon login, automatically synchronizing and keeping the attributes
| up to date.
|
| The array key represents the Laravel model key, and the value
| represents the users LDAP attribute.
|
| This option must be an array and is only applicable
| to the DatabaseUserProvider.
|
*/
'sync_attributes' => [
'email' => 'samaccountname',
'name' => 'cn',
],]; `
fatalh
commented
7 years ago `<?php
return [
/*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you must connect manually before running
| LDAP operations.
|
*/
'auto_connect' => true,
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
| \Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| Custom schema classes must implement \Adldap\Schemas\SchemaInterface
|
*/
'schema' => Adldap\Schemas\ActiveDirectory::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'connection_settings' => [
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in AD.
|
| This string is prepended to authenticating users usernames.
|
*/
'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in AD.
|
| This string is appended to authenticating users usernames.
|
*/
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', '******I'),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', '*******')),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your AD server.
|
*/
'port' => env('ADLDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('ADLDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
'base_dn' => env('ADLDAP_BASEDN', 'dc=*****,dc=**'),
/*
|--------------------------------------------------------------------------
| Administrator Account Suffix
|--------------------------------------------------------------------------
|
| This option allows you to set a different account suffix for your
| configured administrator account upon binding.
|
| If left empty, your `account_suffix` option will be used.
|
*/
'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''),
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your AD server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'admin_username' => env('ADLDAP_ADMIN_USERNAME', '********'),
'admin_password' => env('ADLDAP_ADMIN_PASSWORD', '********'),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => false,
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => false,
'use_tls' => false,
],
],
],]; `
fatalh
commented
7 years ago @stevebauman , I hope you did not forget me , please help me fix this issue
fatalh
commented
7 years ago Hi @stevebauman , I posted my config/adldap.php and config/adldap_auth.php , but you did not reply . Can you still help me ?
stevebauman
commented
7 years ago Hi @fatalh, apologies for the long response.
You're not syncing your username properly in your config:
'sync_attributes' => [
'email' => 'samaccountname',
'name' => 'cn',
],Should be:
'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',
],Thanks , I edited the code with : 'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',], But it does not work yet . Importing 166 users but 0 Synchronized. Could that be a problem with my database tables ?
stevebauman
commented
7 years ago Have you modified your user database table to use a username column instead of email?
This is mentioned in the quick start guide:
fatalh
commented
7 years ago I added a new column "username" in the database , so there are a table "name" and another table "username" , here are the migrations : `class CreateUsersTable extends Migration { /**
@return void */ public function up() { Schema::create('users', function (Blueprint $table) { $table->increments('id'); $table->string('name', 50); $table->string('direction', 50); $table->string('email', 100); $table->string('password'); $table->rememberToken(); $table->timestamps(); }); }
/**
class AddUsernameColumnToUsersTable extends Migration { /**
@return void */ public function up() { Schema::table('users', function (Blueprint $table) { $table->string('username', 100)->unique(); }); }
/**
stevebauman
commented
7 years ago You have a non-nullable fields in your schema, which would calls all imports to fail:
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name', 50);
$table->string('direction', 50); // This is non-nullable, user imports will fail.
$table->string('email', 100); // This is non-nullable, user imports will fail.
$table->string('password');
$table->rememberToken();
$table->timestamps();
});Also you have incorrect usage of your down() method in your username migration:
Schema::table('users', function (Blueprint $table) {
Schema::dropIfExists('username'); // Incorrect, this will try and drop a table named 'username'.
});Should be:
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('username');
});If your only using usernames and don't require an email field in your users table, you should be dropping the email oolumn and replacing it with a username column.
fatalh
commented
7 years ago Thanks you very much @stevebauman , I want to delete the users table , and then create a new with the necessary fields in order to correctly call the imports, is that a good idea ?
stevebauman
commented
7 years ago Yes definitely, just run the command php artisan migrate:rollback which will remove all your migrated tables, then edit the users table migration, and then run php artisan migrate.
Unfortunately I just don't have time to assist step by step installations. This is seems to be just a configuration issue. There are tons of these already resolved and closed which can be browsed to assist you further.
If you encounter any bugs however, please create another issue. Thanks!
fatalh
commented
7 years ago I finally did it ... Thanks you very much !!!
stevebauman
commented
7 years ago Great to hear you've resolved your issue, thanks for following up!
Description:
Successfully imported / synchronized 0 user(s).
Steps To Reproduce:
After some days of work, I can now loggin my app through the AD users , but the problem is I have to manually write the username of the AD User in my database ,then I can connect with that username. When I try to import the AD users in my database via : php artisan adldap:import , I have this : Successfully imported / synchronized 0 user(s). How can I import and synchronize all the users of the Active Directory in my database ?