Sync multiple attibutes using an ldap attribute handler

[davidarebuwa]

• Laravel Version: 5.4.21
• Adldap2-Laravel Version: 3.0.2
• PHP Version: 5.6
• LDAP Type: ActiveDirectory

Description:

I have created a new group on an AD which consists of several groups which then contain users. I changed my limitation filter to the location of the newly created group but every time I reload the page it doesn't log in the user but rather remains on the same page which means the form does not submit.

My main aim is to be able to get the filter working and also to set the sync attributes to find the users name, email and also the subgroup they belong to under the main group.

Please help

Steps To Reproduce:

[davidarebuwa]

The limitation filter issue has been fixed was a syntax issue.

However still looking for how to set the sync attributes to find the users name, email and also the subgroup they belong to under the main group.

[stevebauman]

Hi @davidarebuwa, please take a look at the documentation for syncing attributes in Adldap2-Laravel v3.0:

https://github.com/Adldap2/Adldap2-Laravel/blob/v3.0/docs/auth/syncing.md

To sync any type of information not on your users table (such as relationships), you will definitely need to create an attribute handler.

[davidarebuwa]

My main aim is to get the displayname of a particular group that a user is a memberof

I tried using the handler and got an error saying:

QueryException in Connection.php line 647: SQLSTATE[42S22]: Column not found: 1054 Unknown column '0' in 'field list' (SQL: insert into users (username, password, 0, updated_at, created_at) values (my-username, $2y$10$QJa/tHvIxkzdeGcaZv2n8ejWQgLgbPzpN2slcJkwqSonKGcnbVKnm, , 2018-05-24 09:24:11, 2018-05-24 09:24:11))

Basically, it didn't insert the first group in the memberof and also the email as well.

The code in the handler is:

namespace App\Handlers;

use App\User as EloquentUser; use Adldap\Models\User as LdapUser;

class LdapAttributeHandler { /**

• Synchronizes ldap attributes to the specified model.
• @param LdapUser $ldapUser
• @param EloquentUser $eloquentUser

• @return void */ public function handle(LdapUser $ldapUser, EloquentUser $eloquentUser) { $eloquentUser->name = $ldapUser->getCommonName();

  $eloquentUser->email = $ldapUser->getAttribute('mail');

  //$eloquentUser->email= $ldapUser->getMail();

  $eloquentUser->team = $ldapUser->getFirstAttribute('memberof');

  // $eloquentUser->memberOf = json_encode($ldapUser->getMemberOf());

  //$groups = Adldap::search()->findByDn($ldapUser->getMemberOfNames());

  // $eloquentUser->memberOf = $groups[1]; } }

sync_atrributes only uses the handler class: App\Handlers\LdapAttributeHandler::class,

and my User model $fillable are: protected $fillable = [ 'name', 'email', 'password','team', ];

[davidarebuwa]

also my migration table for user is as follows: $table->increments('id'); $table->string('name'); $table->string('username')->unique(); $table->string('email')->unique(); $table->string('password'); $table->string('team'); $table->boolean('head')->default(0); $table->rememberToken(); $table->timestamps();

[stevebauman]

Hi @davidarebuwa, this line is causing the exception:

$eloquentUser->email = $ldapUser->getAttribute('mail');

All attributes from LDAP are returned as arrays (due to the mutli-value nature of LDAP).

You need to call getFirstAttribute() for any attribute that you want the first value of:

$eloquentUser->email = $ldapUser->getFirstAttribute('mail');

If the method returns null, that means your user does not have a mail attribute set on their LDAP record.

[davidarebuwa]

I tried it again just using the handler to find the name and the email and it still gave the same error:

public function handle(LdapUser $ldapUser, EloquentUser $eloquentUser) { $eloquentUser->name = $ldapUser->getCommonName();

    $eloquentUser->email= $ldapUser->getFirstAttribute('mail');

 //   $eloquentUser->team = $ldapUser->getFirstAttribute('memberof');

    //var_dump($eloquentUser);

  //  $eloquentUser->memberOf = json_encode($ldapUser->getMemberOf());

    //$groups = Adldap::search()->findByDn($ldapUser->getMemberOfNames());

   // $eloquentUser->memberOf = $groups[1];
}

[stevebauman]

Dump the variable and see what is being returned.

[davidarebuwa]

Problem fixed. When using the syntax:

App\Handlers\LdapAttributeHandler::class,

It failed to recognize the class and kept registering the team as 0, therefore causing the error

Had to call it this way instead:

'team' => 'App\Handlers\LdapAttributeHandler@team'

Also saw that cases #323 and #305 had the same issue as me as well.

[davidarebuwa]

Forgot to state that I created a method called team() in the handler rather than the method handle()

Also, I just have one more issue. The team is given in this format :

' CN=name,OU=ou,OU=Server Accounts,OU=Administration,DC=,DC=,DC=,DC=, '

I get the team name by doing:

$ldapUser->getFirstAttribute('memberof');

I would just like to get the display name of the group rather than array_explode the name out of the array. Is there an easier way to do this?