Need to stop ad login if user row does not exist in users table.

[mohsinmj1]

• Laravel Version: 5.6
• Adldap2-Laravel Version: 5.6
• PHP Version: 7.0
• LDAP Type: ActiveDirectory

Dear Sir,

i ve configured adldap2 with laravel 5.6. and its working fine. ldap user gets verified from AD, if verified and not exist in users. then a row is inserted to users table.

my requirements are on login attempt if user row does not exist in users table, user should not be verified, it should give msg invalid username or password. or any different msg i.e Access denied.

i tried to write custom login in login controller, with i.e Auth::attempt( it authenticates bus on change of view Auth::user() gets null

then i tried with Adldap::auth()->attempt( butt Auth::user() returns null

then after Adldap::auth()->attempt( return true i try login by Auth::loginUsingId(

then i again get the same behavior on view change returns null

in all this process i checked session by dd(Session::all()); and found nothing set in session regarding username name etc.

and last issue em facing is in users table rights group id field is not being shown in the result of Auth::user() .. i.e

"id" => "1" "name" => "Mohsin Javeed" "username" => "mohsin.javeed" "email" => "mohsin.javeed@bnu.edu.pk" "password" => "$2y$10$1XDnAkobHGWpbMKBEZpUTuO3Isu52ATwEvrv26FagzAqQqbVxjn/e" "remember_token" => "llh61DlFNEZgZshYyag2sCLSfrAo4u9Od4Sbo4yJgXmZhZTR9oT8WW7sumLI" "created_at" => "2018-08-06 14:24:25" "updated_at" => "2018-08-06 14:24:25"

i need group id field from users as well.

and on authentication i dont want to insert user row in users. i need user could be verified from AD is exists in users.

Steps To Reproduce:

[stevebauman]

Hi @mohsinmj1,

This feature is actually already built into Adldap2-Laravel. Un-comment this in your adldap_auth.php file:

https://github.com/Adldap2/Adldap2-Laravel/blob/0b9ffb1f06dc59694932db997adb408bdb976e85/src/Config/auth.php#L61-L65

Your rules array should look like:

'rules' => [
    // Denys deleted users from authenticating.

    Adldap\Laravel\Validation\Rules\DenyTrashed::class,

    // Allows only manually imported users to authenticate.

    Adldap\Laravel\Validation\Rules\OnlyImported::class,
],

The OnlyImported validation rule only allows the authentication of users who already exist in your database.

Closing this as this should be a resolution to your question, but if you still have issues comment back and I will assist further, thanks!

[mohsinmj1]

Dear Steve, Bundle of thanks for your support. yes that worked great. 1 problem left. i have groupid in table. so i also need to add one more field in Auth::user(), currently result is "id" => "24" "name" => "Mohsin Javeed" "username" => "mohsin.javeed" "email" => "mohsin.javeed@bnu.edu.pk" "password" => "$2y$10$G0BFNTuZcLXg/TM8N3MJyORRFcuILl6pUZ4Y4trTn3zIQ2yyf9Wsi" "remember_token" => "gtCdcrNsrk0iofOv3AyCQ4rgQP4ceBD8vwCEwHmd3Y1tTZzNZ3S2PWAgN0XD" "created_at" => "2018-08-15 17:50:53" "updated_at" => "2018-08-15 17:50:53"

as you can see groupid is missing in it. how can i add groupid field from users table in Auth:user() result ?? i have googled a lot. i found the solutions were to right own login function and add more field to an array or session to get on other pages. just for 1 problem i dont want to write custom login function in login controller. your help will be great support

[stevebauman]

Hi @mohsinmj1,

No problem, glad it's working for you!

First, you'll have to modify your database table or your migration file to create that field in your users database table:

public function up()
{
    Schema::create('users', function ($table) {
        // ...
        $table->string('groupid');
    });
}

Then, you'll have to modify your sync_attributes array located in your config/adldap_auth.php file:

'sync_attributes' => [
    'name' => 'cn',
    'email' => 'mail',
    'username' => 'samaccountname',
    'groupid' => '' // <-- The LDAP field you want to populate your 'groupid' with
]

Then, upon logging a user in, it will synchronize these attributes to your local database record of the user.

[mohsinmj1]

Dear Steve,

actually i already have a users table with user data. i dont need to sync them from AD, but password in case AD fails user could login with last password from db.

the issue is also that in db username filed name is ad_username, and a field by name username also exists and it contains user email.

i tried to do it with 'eloquent' => 'ad_username', // Changed from email

and in login controller public function username() { return config('adldap_auth.usernames.eloquent'); } so that what ever is field name is mentioned in adldap_auth.php at eloquent = field name could be used automatically in login controller. after these settings when i press login. it came back on login page again with no errors or warnings, so i was unable to trace any thing.

then i updated the users table fields name according to recommended scheema, it worked fine. it also gave me other extra fields i.e groupid, userimage etc. but the problem is this application is part of an existing application, which will work with the same db of existing/main application. i need to do changes in many pages of main application to update according to changes in table scheema. which is quite hectic job.

in my existing users table. username filed is containing users emails. and ad_username is containing AD username, to match with AD. if an ad_username doesnot exist in db, then that AD user can not login to system.

your guide in this regard will be highly appreciating.

can u plz guide me in this regard...

[mohsinmj1]

Dear Steve,

i have updated my sisusers table's columns in application and in db table as well. that was a big practice but now login system is working fine.

as i told you before my laravel portal is sub portal of a main portal. for a category of a users i need to redirect user from main portal to laravel portal. in that case we need to do auto login in laravel before opening the redirected page in laravel portal.

kindly guide me in this regard. i can pass AD username password with redirect url. do i need to redirect it on login rout?? or i have to write custom function to login redirected login??

your reply in this regard will be highly appreciated.

Best Regards,