search

Adldap2 / Adldap2-Laravel

LDAP Authentication & Management for Laravel
MIT License
910 stars 184 forks source link

How to authenticate both OpenLDAP + Mysql #679

Open test98123456 opened 5 years ago

test98123456 commented 5 years ago

Description:

my user info stores in openldap and mysql ,now,I have finished authrization based on mysql, but how to configure laravel to support mysql and ldap,prefer your answer

Steps To Reproduce:

test98123456 commented 5 years ago

config/auth.php: 'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ],

should i modify driver?

test98123456 commented 5 years ago

now,i have add one guard and one provider, 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
    'adldap' => [
        'driver' => 'session',
        'provider' => 'myldap'
    ]
],

'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ], 'myldap' => [ 'driver' => 'ldap', 'model' => App\User::class, ],

so i try to auth like this

$c = ['username' => 'testuser', 'password' => '123456']; dd(Auth::guard('adldap')->attempt($c)); //return false

can u help me ?

sachaw commented 5 years ago

why exactly do you want LDAP and MySQL, usually, LDAP will sync any data you want to mysql, so it's only used for relevant calls and eloquent just uses mysql

test98123456 commented 5 years ago

why exactly do you want LDAP and MySQL, usually, LDAP will sync any data you want to mysql, so it's only used for relevant calls and eloquent just uses mysql

because my user data stores in ldap and mysql,i am also feel embarrassed ;)

sachaw commented 5 years ago

Which scenario explains your situation best: Different users exist in mysql and ldap. The same users exist in mysql and ldap.

test98123456 commented 5 years ago

@sachaw
Different users exist in mysql and ldap.

user a,b,c stores in mysql user 1,2,3 store in ldap exactly in login page i add user_type field ,which user stores in mysql choose user_type_1 and user stores in ldap choose user_type_2

test98123456 commented 5 years ago

now i use another solution to solve this problem,my login logic as follows:

public function doLogin(Request $r) { //users store in mysql if ($r->input('user_type') === "1") { //check user password if (Hash::check($r->input('password'), $u->password)) { $s = [ 'user_type' => 1, 'user' => $u, ....... ]; //write user info into session session(['logined' => $s]); return $this->redirectUrl('/home'); } //users store in ldap elseif ($r->input('user_type') === "2" { //check user password if (Adldap::auth()->attempt($r->input('username'),$r->input('password'))) { $u = Adldap::search()->where('uid', '=', $r->input('username'))->first(); dd($u) //return one Entry instance $s = [ 'user_type' => 2, 'user' => $u, ....... ]; //write user info into session session(['logined' => $s]); return $this->redirectUrl('/home'); } }

stevebauman commented 5 years ago

Hi @test98123456,

I would really suggest against the code you posted using the session() helper to track logged in users in your own custom manor and stick with Laravel’s built in authentication as you’re basically creating your own auth implementation.

To use different auth guards that you’ve configured in the config code you posted earlier, simply call:

Auth::guard(‘adldap’)->attempt($credentials);

// Or:

Auth::guard(‘web’)->attempt($credentials);
test98123456 commented 5 years ago

Hi @test98123456,

I would really suggest against the code you posted using the session() helper to track logged in users in your own custom manor and stick with Laravel’s built in authentication as you’re basically creating your own auth implementation.

To use different auth guards that you’ve configured in the config code you posted earlier, simply call:

Auth::guard(‘adldap’)->attempt($credentials);

// Or:

Auth::guard(‘web’)->attempt($credentials);

hi @stevebauman

thanks for your reply ,i did this because i can not distinguish between adldap authorized user intance and mysql authorized user instance,forgive me ,That's why I use session() method,si i add 'user_type' field in session()

I don't know how to do it right. because i am new laraveler,actually i am a new phper :)

Auth::guard(‘web’)->attempt($credentials); this method return true,and how can i discriminate this logined user ,is a mysql user ,or ldap user?

Auth::guard(‘adldap’)->attempt($credentials); this code retrun false,and Now I'm trying to fix it and find out where the configuration is wrong. ,If the above code returns true, I will have the same problem as above.so Can you provide me some sample code?

ThomHurks commented 5 years ago

Doesn't this automatically work if you configure both ADLDAP2 and conventional Laravel authentication correctly and then use LDAP_LOGIN_FALLBACK=true? If you use the DatabaseUserProvider and sync to the local database, then both LDAP and MySQL should work fine; if a user doesn't exist in LDAP, it falls back to the local DB.