User Group Authentication

Adldap2 / Adldap2-Laravel

LDAP Authentication & Management for Laravel

MIT License

911 stars 184 forks source link

User Group Authentication #74

Closed netopvh closed 8 years ago

netopvh commented 8 years ago

perform authentication only belong to a particular group. How could I do that?

The only user can authenticate to belong to the Administrators group in AD.

stevebauman commented 8 years ago

You can use the limitation filter feature:

https://github.com/Adldap2/Adldap2-Laravel#login-limitation-filter

You need to insert a standard LDAP query filter to only allow specific groups of users to authenticate.

For example, to only allow users that are in an administrator OU, use:

'limitation_filter' => '(ou=Administrators)',

netopvh commented 8 years ago

I'm not looking for organizational unit , but the group that the user is included . I saw that search by mail (mail = * )

Group would be ( * = group ) ?

stevebauman commented 8 years ago

'limitation_filter' => '(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)',

netopvh commented 8 years ago

Hello Steve sorry, more than I am with many questions , it is my first application with this package. You can pass an array of groups? ie more than one group ?

stevebauman commented 8 years ago

No need to apologize! I'm more than happy to help.

You can pass an array of groups? ie more than one group ?

Yes you can, you just need to pass the filter with both groups in it with the correct LDAP filter syntax:

(|(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)(memberof=CN=OtherGroup,OU=Users,DC=YourDomain,DC=com))

The above filter would mean that the user needs to be apart of YourGroup OR OtherGroup.

(&(memberof=CN=YourGroup,OU=Users,DC=YourDomain,DC=com)(memberof=CN=OtherGroup,OU=Users,DC=YourDomain,DC=com))

The above filter would mean that the user needs to be apart of YourGroup AND OtherGroup.

mikeloether commented 8 years ago

Steve, anyway to allow for nested groups? i.e.

User is a member of group CN=sales,DC=example,DC=com

CN=sales,DC=example,DC=com is a nested group within CN=AppAllowed,DC=example,DC=com

using the filter

(memberof=CN=AppAllowed,DC=example,DC=com)

Having troubles getting this to work.

Thanks

stevebauman commented 8 years ago

Steve, anyway to allow for nested groups?

This may work:

(memberof:1.2.840.113556.1.4.1941:=CN=AppAllowed,DC=example,DC=com)

https://confluence.atlassian.com/crowdkb/active-directory-user-filter-does-not-search-nested-groups-715130424.html

Please let me know if it does work so I can update the documentation for this use case :)

mikeloether commented 8 years ago

Steve,

That worked like a champ.

Thanks

stevebauman commented 8 years ago

@azmiik Great to hear, thanks for following up!

farhadsadat commented 7 years ago

Hello Steve, I am new with LDAP. I have 14 Department and 30 Branches in my system. How can I make a user group for multi authentication base on the ldap users.