search

Adldap2 / Adldap2-Laravel

LDAP Authentication & Management for Laravel
MIT License
910 stars 184 forks source link

AdLdap2 Active Directory connection #600

Closed stynky1 closed 5 years ago

stynky1 commented 5 years ago

Description:

Hello guys! I'm trying for the last 4 days to connect to my Active Directory with Adldap2. I have followed the Quick Start tutorial and also used Tinker for debugging but with no luck. I'm trying to use sAMAccountName.

In Tinker when creating connection, user authenticates, but when attempt() I recive False.

Can you help?

I know my username and password work because I'm using a different function with them to authenticate on the same AD but not in Laravel.

Steps To Reproduce:

my .env

ADLDAP_CONTROLLERS=company.com
ADLDAP_BASEDN=ou=Accounts,dc=company,dc=com
ADLDAP_ADMIN_ACCOUNT_PREFIX=region\
ADLDAP_ADMIN_USERNAME=username
ADLDAP_ADMIN_PASSWORD=password

adldap.php

<?php

return [
    'connections' => [
        'default' => [
            'auto_connect' => env('ADLDAP_AUTO_CONNECT', true),
            'connection' => Adldap\Connections\Ldap::class,
            'schema' => Adldap\Schemas\ActiveDirectory::class,
            'connection_settings' => [
                'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
                'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''),
                'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', '#######.####')),
                'port' => env('ADLDAP_PORT', 389),
                'timeout' => env('ADLDAP_TIMEOUT', 5),
                'base_dn' => env('ADLDAP_BASEDN', 'ou=Accounts,dc=######,dc=####'),
                'admin_account_prefix' => env('ADLDAP_ADMIN_ACCOUNT_PREFIX', ''),
                'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''),
                'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'username'),
                'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'password'),
                'follow_referrals' => false,
                'use_ssl' => env('ADLDAP_USE_SSL', false),
                'use_tls' => env('ADLDAP_USE_TLS', false),
            ],
        ],
    ],
];

adldap_auth.php


<?php

return [

    'connection' => env('ADLDAP_CONNECTION', 'default'),
    'provider' => Adldap\Laravel\Auth\NoDatabaseUserProvider::class,
    'rules' => [
        Adldap\Laravel\Validation\Rules\DenyTrashed::class,
    ],
    'scopes' => [
        Adldap\Laravel\Scopes\UpnScope::class,
    ],
    'usernames' => [
        'ldap' => [
            'discover' => 'sAMAccountName',
            'authenticate' => 'distinguishedname',
        ],
        'eloquent' => 'email',
        'windows' => [
            'discover' => 'samaccountname',
            'key' => 'AUTH_USER',
        ],
    ],
    'passwords' => [
        'sync' => env('ADLDAP_PASSWORD_SYNC', false),
        'column' => 'password',
    ],
    'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),
    'sync_attributes' => [
        'email' => 'userprincipalname',
        'name' => 'cn',
    ],
    'logging' => [
        'enabled' => true,
        'events' => [
            \Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
            \Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
            \Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
            \Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
            \Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
            \Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
            \Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
            \Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
            \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
            \Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
            \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,
        ],
    ],
];

added in config/app.php

'providers' =>[
....
        Adldap\Laravel\AdldapServiceProvider::class,
        Adldap\Laravel\AdldapAuthServiceProvider::class,
]

'aliases' => [
.....

        'Adldap' => Adldap\Laravel\Facades\Adldap::class,
]

in Auth/LoginController.php

 public function username()
    {
        return 'sAMAccountName';
    }

Login.blade.php

@extends('layouts.app')

@section('content')
<div class="container">
    <div class="row justify-content-center">
        <div class="col-md-8">
            <div class="card">
                <div class="card-header">{{ __('Login') }}</div>

                <div class="card-body">
                    <form method="POST" action="{{ route('login') }}">
                        @csrf

                        <div class="form-group row">
                            <label for="email" class="col-sm-4 col-form-label text-md-right">{{ __('E-Mail Address') }}</label>

                            <div class="col-md-6">
                                <input id="email" type="text" class="form-control{{ $errors->has('sAMAaccountName') ? ' is-invalid' : '' }}" name="sAMAaccountName" value="{{ old('sAMAaccountName') }}" required autofocus>

                                @if ($errors->has('sAMAaccountName'))
                                    <span class="invalid-feedback" role="alert">
                                        <strong>{{ $errors->first('sAMAaccountName') }}</strong>
                                    </span>
                                @endif
                            </div>
                        </div>

                        <div class="form-group row">
                            <label for="password" class="col-md-4 col-form-label text-md-right">{{ __('Password') }}</label>

                            <div class="col-md-6">
                                <input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" required>

                                @if ($errors->has('password'))
                                    <span class="invalid-feedback" role="alert">
                                        <strong>{{ $errors->first('password') }}</strong>
                                    </span>
                                @endif
                            </div>
                        </div>

                        <div class="form-group row">
                            <div class="col-md-6 offset-md-4">
                                <div class="form-check">
                                    <input class="form-check-input" type="checkbox" name="remember" id="remember" {{ old('remember') ? 'checked' : '' }}>

                                    <label class="form-check-label" for="remember">
                                        {{ __('Remember Me') }}
                                    </label>
                                </div>
                            </div>
                        </div>

                        <div class="form-group row mb-0">
                            <div class="col-md-8 offset-md-4">
                                <button type="submit" class="btn btn-primary">
                                    {{ __('Login') }}
                                </button>

                                <a class="btn btn-link" href="{{ route('password.request') }}">
                                    {{ __('Forgot Your Password?') }}
                                </a>
                            </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
@endsection

config/auth.php

'providers' => [
        'users' => [
            'driver' => 'adldap',
            'model' => App\User::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

migration Schema

public function up()
    {
        Schema::create('users', function (Blueprint $table) {
            $table->increments('id');
            $table->string('name');
            $table->string('sAMAccountName')->unique();
            $table->timestamp('email_verified_at')->nullable();
            $table->string('password');
            $table->rememberToken();
            $table->timestamps();
        });
    }
stevebauman commented 5 years ago

Hi @stynky1, apologies for the long reply.

Can you change your usernames.eloquent configuration option to sAMAccountName? This should match the username field you're using in your users database table schema.

Also, can you try removing ADLDAP_ADMIN_ACCOUNT_PREFIX from your ENV and instead set the ADLDAP_ADMIN_ACCOUNT_SUFFIX to company.com, then try authenticating again?

stynky1 commented 5 years ago

@stevebauman , hi,

Thanks for your response. I'll try tomorrow and let you know.

Stefan

stynky1 commented 5 years ago

@stevebauman , hi,

I've just tried it with the new ldap tutorial. It's not working. I receive the error that sAMAccountName is not defined in UserResolver.php. Im very sure that this is the correct way to use it because I'm logging in with another class with this parameter.

Let me know if you have other ideas.

stevebauman commented 5 years ago

Can you see if this is a possible casing issue with sAMAccountName? Lowercase your input fields in the HTML view as well as the eloquent configuration option and see if it still occurs.

Also can you post your LoginController.php file?

dany-micheal commented 5 years ago

can you check in your LoginController if the username is well formatting as the one you use to login, just dd($username);

stevebauman commented 5 years ago

Closing due to inactivity.