Closed inyoungk closed 5 years ago
Hi @inyoungk,
ex. if this user is not a admin(<-this was saved in database column) she/he can't logon in this site.
Yes you can definitely do this easily via rules.
Create a new rule, and validate that the authenticating user is an admin:
namespace App\Rules;
use Adldap\Laravel\Validation\Rules\Rule;
class OnlyAdministrators extends Rule
{
/**
* Determines if the user is allowed to authenticate.
*
* @return bool
*/
public function isValid()
{
return $this->model->admin === true;
}
}
Then, insert the rule in your ldap_auth.php
configuration file.
I use "password expired reset" middleware, so when i login with Activedirectory user My system show me password reset page. I want to not show this page for Active Directory User. how i can do this?
If you need to avoid this for ActiveDirectory users, I would add a database column to your users
table indicating which users are from ActiveDirectory.
For example, you could add an ldap
boolean column to your users
database table, then synchronize this column by adding it into your sync_attributes
config option located inside ldap_auth.php
:
Migration:
class AddLdapColumnToUsersTable extends Migration
{
public function up()
{
Schema::table('users', function (Blueprint $table) {
$table->boolean('ldap')->after('name')->default(false);
});
}
public function down()
{
Schema::table('users', function (Blueprint $table) {
$table->dropColumn('ldap');
});
}
}
Config:
'sync_attributes' => [
'email' => 'mail',
'name' => 'cn',
'ldap' => true,
],
Then, inside your password expired middleware, check if this attribute on your user is set to true
and return the $next($request)
.
public function handle($request, Closure $next)
{
if (optional($request->user())->ldap === true) {
return $next($request);
}
// ...
}
If you require any other assistance just give me a shout, thanks!
@stevebauman thank you! The answere you gave is perfect for me. My system is working on my purpose.
but for me "Rules" may not be necessary. Because I can use login method in loginController. I used this, and works well. :)
`namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Http\Request;
class LoginController extends Controller {
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function login(Request $request) {
$id = Auth::id();
//blah blah.. what i want.
// condition,, etc..
}
} `
Description:
Hi, I succeed get all users from Active Directory, and also Login!. but I have to add additional condition before login ended up. (ex. if this user is not a admin(<-this was saved in database column) she/he can't logon in this site.) Is there any way that i can do??
I use "password expired reset" middleware, so when i login with Activedirectory user My system show me password reset page. I want to not show this page for Active Directory User. how i can do this?