Laravel mixed authentication(LDAP+Custom User Provider) how to impliment

[riyazpt]

I am using Laravel 5.4. There are two types of user in my system. Admin &User. Both have separate database tables .To authenticate ,I have implemented laravel multi auth with custom user provider(mD5) hashed password. Now a situation arose. Same login screen(routing ) for both 'user' and 'admin' . Procedure to Authenticate

1. Select user type.
2. If 'Admin' selected, go for Ldap authentication.
3. Authenticate with LDAP server .
4. If Ldap authetiction fails, go for laravel multi_ ath admin user provider.
5. If selected user type is 'user' go for multi auth user providerUser .

So far I have implemented Laravel multi auth system successfully .

Coming to LDAP part I have made following changes in config in .env file ADLDAP_CONNECTION=default ADLDAP_CONTROLLERS=abc.local ADLDAP_BASEDN=dc=abc,dc=local ADLDAP_USER_ATTRIBUTE=uid ADLDAP_USER_FORMAT=uid=%s,dc=abc,dc=local

Now in LoginController i have hard coded userdsn and password ,

protected function attemptLogin(Request $request)
    {

    $userdn="abc \\riyas";`

        $password="strongpassword@123";
       $mm= Adldap::auth()->attempt($userdn, $password);
}

which returns TRUE.

but when I try same parameters with form submit

protected function attemptLogin(Request $request) { $doamin="abc";

    $username = trim($request->input('username', null));
    $password = trim($request->input('password', null));
    $userdn = addslashes($doamin."\\".$username);
    $mm= Adldap::auth()->attempt($userdn, $password);

}

 with exact username & password it is not authenticating returns false .

[Albvadi]

Remove addslashes. You actually are scaping with the double backslash.

With addslashes, output: abc\\riyas. Without addslashes, output: abc\riyas.

[riyazpt]

It worked my configuration was wrong. Now I am using Nodatabaseprovider protected function attemptLogin(Request $request) {

       if(Adldap::auth()->attempt($userdn, $password, $bindAsUser = true)) {

        dd(Auth::user());//Returns Null
        dd(Adldap::search()->users()->find('riyas'));//Returns null

       return true;
   }
    else
    {
       return false;
    }
    }

with exact username & password it is authenticating returns true

I couldn't get exact user Auth::user();after authentication

[stevebauman]

Hi @riyazpt, you're not utilizing the adldap auth driver at all in your code shown above. You're actually just calling an ldap_bind() on your LDAP server with the Adldap::auth()->attempt() method.

You must setup the driver and call Laravel's default Auth::attempt() method. You shouldn't need to modify the LoginController that comes with Laravel out of the box.

[riyazpt]

Thank you Steve for your reply , As you said I was not using Driver for Laravel.But when I tried to configure with local User table as you mentioned I was able to login to system but when I tried to click logout it is not logging me out . As per your tutorial I configured auth.php 'providers' => [ 'users' => [

        'driver' => 'eloquent',
        'model' => App\ClientInfo::class,
    ],

     'admins' => [
        //'driver' => 'eloquent',
        'driver' => 'adldap', // Was 'eloquent'.
        'model' => App\User::class,
    ],

Here is my logout code

public function logout(Request $request)
    {

        $this->guard($request)->logout();

        $request->session()->invalidate();

        return redirect('/login');
    }

on clicking logout La-ravel is comparing or doing something with 'remember_token' field which in my case is not changing . So system is logged in status even though logged out . I checked User table, if I change the token value manually there system is logging out .I don't know how to proceed.