Closed anukwgl closed 7 years ago
stevebauman
commented
7 years ago Hi @anukwgl,
What do you mean by My active directory is working perfect? Are you successfully connected to your LDAP server?
I need more information to work off of, such as what your using to authenticate users by (such as username or email), as well as your configuration.
anukwgl
commented
7 years ago I am authenticating by username, everything seems ok but when I gave my credentials it says doesn't match the records. Here is my config files: adldap.php
'connections' => [
'default' => ['auto_connect' => true, 'connection' => Adldap\Connections\Ldap::class, 'schema' => Adldap\Schemas\ActiveDirectory::class, 'connection_settings' => [ 'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''), 'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''), 'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', 'ipaddress'')), 'port' => env('ADLDAP_PORT', 389), 'timeout' => env('ADLDAP_TIMEOUT', 5), 'base_dn' => env('ADLDAP_BASEDN', 'dc=,dc='), 'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''), 'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'username'), 'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'Password'), 'follow_referrals' => false, 'use_ssl' => false, 'use_tls' => false,
anukwgl
commented
7 years ago Do I have to change anything else in my loginController:
public function username()
{
return 'username';
}Can you also post your config/adldap_auth.php file?
This issue is almost always configuration.
Have you read the quick start and installation guides?
stevebauman
commented
7 years ago Do I have to change anything else in my loginController:
No, but if you're using a username instead of email address, you need to modify more things, such as the login view and your users table migration. All of which are mentioned in the documentation...
anukwgl
commented
7 years ago 'connection' => env('ADLDAP_CONNECTION', 'default'), 'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class, 'resolver' => Adldap\Laravel\Auth\Resolver::class, 'importer' => Adldap\Laravel\Auth\Importer::class, 'rules' => [ Adldap\Laravel\Validation\Rules\DenyTrashed::class, 'scopes' => [ Adldap\Laravel\Scopes\UpnScope::class, ], 'usernames' => [ 'ldap' => 'samaccountname', 'eloquent' => 'username', 'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false), 'password_sync' => env('ADLDAP_PASSWORD_SYNC', true), 'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'], 'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',
],yes I followed the documentation and changed accordingly
stevebauman
commented
7 years ago For the account_suffix option in your config/adldap.php file, can you enter your domain suffix and try authenticating:
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', '@corp.acme.org'),Help me i even tried with 'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', '@corp.acme.org'), but it says credentials don't match record
stevebauman
commented
7 years ago You need to enter your actual domain suffix, not the one I've given you in the example.
Also what is this code you've shown above? Is this how you're trying to authenticate users? Or is it just an example?
anukwgl
commented
7 years ago adladp_auth.php
'connection' => env('ADLDAP_CONNECTION', 'default'),
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
'resolver' => Adldap\Laravel\Auth\Resolver::class,
'importer' => Adldap\Laravel\Auth\Importer::class,
'rules' => [
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
'scopes' => [
Adldap\Laravel\Scopes\UpnScope::class,
],
'usernames' => [
'ldap' => 'samaccountname',
'eloquent' => 'username',
],
'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),
'password_sync' => env('ADLDAP_PASSWORD_SYNC', true),
'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],
'sync_attributes' => [
'username' => 'samaccountname',
'name' => 'cn',
],adldap.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you must connect manually before running
| LDAP operations.
|
*/
'auto_connect' => true,
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
| \Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| Custom schema classes must implement \Adldap\Schemas\SchemaInterface
|
*/
'schema' => Adldap\Schemas\ActiveDirectory::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'connection_settings' => [
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in AD.
|
| This string is prepended to authenticating users usernames.
|
*/
'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', 'abc'),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in AD.
|
| This string is appended to authenticating users usernames.
|
*/
'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', '@abc.lmn'),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
//'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', 'ipaddress')),
//'domain_controllers' => array("ipaddress"),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your AD server.
|
*/
'port' => env('ADLDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('ADLDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
//'base_dn' => env('ADLDAP_BASEDN', 'dc=corp,dc=acme,dc=org'),
'base_dn' => env('ADLDAP_BASEDN', 'dc=abc,dc=lmn'),
/*
|--------------------------------------------------------------------------
| Administrator Account Suffix
|--------------------------------------------------------------------------
|
| This option allows you to set a different account suffix for your
| configured administrator account upon binding.
|
| If left empty, your `account_suffix` option will be used.
|
*/
'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''),
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your AD server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'admin_username' => env('ADLDAP_ADMIN_USERNAME', '*******'),
'admin_password' => env('ADLDAP_ADMIN_PASSWORD', '*******'),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => false,
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => false,
'use_tls' => false,
],
],
],
];How do I Check the error y this is not loggging in?
anukwgl
commented
7 years ago Can you help me everything is perfect but i could not connect.
Laravel Version: 5.4 Adldap2-Laravel Version: 3.0 PHP Version: 5.6
Description: My active directory is working perfect but when i tried to login it says These credential do not match the records.