search

Adldap2 / Adldap2-Laravel

LDAP Authentication & Management for Laravel
MIT License
911 stars 184 forks source link

Syncronisation Issue #843

Closed Groganj89 closed 4 years ago

Groganj89 commented 4 years ago

Description:

Hi Steve

I am wondering if you can share some wisdom and perhaps help me out bud :) Basically, I started again with my adldap2-laravel as I now have more time to get it right and implement it into our app.

So The login part is not as important as I thought it was to be honest but I am having issues syncing. It finds all my people in my AD but it will not import, it states: Successfully imported / synchronized 0 user(s).

As far as I can tell I am not getting any error messages or anything, and I have set up my ldap, ldap_auth, and auth.php up correctly as far as I can see.

Please note this is a special circumstance as I am wanting to import it into a 'Peoples' table, to which I have set this up in my migrations table.

Please see my ldap.php, ldap_auth.php and auth.php files.

Steps To Reproduce:

LDAP.php

`<?php

return [

'logging' => true,

'connections' => [

    'default' => [

        'auto_connect' => env('LDAP_AUTO_CONNECT', true),

        'connection' => Adldap\Connections\Ldap::class,

        'settings' => [

            'schema' => Adldap\Schemas\ActiveDirectory::class,

            // 'account_prefix' => env('LDAP_ACCOUNT_PREFIX', ''),

            // 'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', ''),

           'hosts' => [`

           env('LDAP_HOSTS'), // explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),

            ],

            'port' => env('LDAP_PORT', 389),

            'timeout' => env('LDAP_TIMEOUT', 5),

            'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),

            'username' => env('LDAP_USERNAME'),
            'password' => env('LDAP_PASSWORD'),

            'follow_referrals' => false,

            'use_ssl' => false,
            'use_tls' => true,

        ],

    ],

],

];'`

`LDAP_AUTH.php

`<?php

return [

'connection' => env('LDAP_CONNECTION', 'default'),

'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,

'model' => App\User::class,

'rules' => [

    // Denys deleted users from authenticating.

    Adldap\Laravel\Validation\Rules\DenyTrashed::class,

    // Allows only manually imported users to authenticate.

    // Adldap\Laravel\Validation\Rules\OnlyImported::class,

],

'scopes' => [

    // Only allows users with a user principal name to authenticate.
    // Suitable when using ActiveDirectory.
    // Adldap\Laravel\Scopes\UpnScope::class,

    // Only allows users with a uid to authenticate.
    // Suitable when using OpenLDAP.
    // Adldap\Laravel\Scopes\UidScope::class,

],

'identifiers' => [

    'ldap' => [

        'locate_users_by' => 'userPrincipalName',
        'bind_users_by' => 'distinguishedname',

    ],

    'database' => [

        'guid_column' => 'objectguid',
        'username_column' => 'sAMAccountName',
        'email_column' => 'userPrincipalName',
        'name_column' => 'cn',
        'first_name_column' => 'givenName',
        'last_name_column' => 'sn',

     ],

   // 'windows' => [

        // 'locate_users_by' => 'sAMAccountName',
        // 'server_key' => 'AUTH_USER',

  //  ],

],

'passwords' => [

    'sync' => env('LDAP_PASSWORD_SYNC', false),
    'column' => 'password',

],

'login_fallback' => false,

'sync_attributes' => [

    'username' => 'sAMAccountName',

    'email' => 'userPrincipalName',

    'name' => 'cn',

    'firstname' => 'givenName',

    'lastname' => 'sn',

],

'logging' => [

    'enabled' => true,

    'events' => [

        \Adldap\Laravel\Events\Importing::class                 => \Adldap\Laravel\Listeners\LogImport::class,
        \Adldap\Laravel\Events\Synchronized::class              => \Adldap\Laravel\Listeners\LogSynchronized::class,
        \Adldap\Laravel\Events\Synchronizing::class             => \Adldap\Laravel\Listeners\LogSynchronizing::class,
        \Adldap\Laravel\Events\Authenticated::class             => \Adldap\Laravel\Listeners\LogAuthenticated::class,
        \Adldap\Laravel\Events\Authenticating::class            => \Adldap\Laravel\Listeners\LogAuthentication::class,
        \Adldap\Laravel\Events\AuthenticationFailed::class      => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
        \Adldap\Laravel\Events\AuthenticationRejected::class    => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
        \Adldap\Laravel\Events\AuthenticationSuccessful::class  => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
        \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
        \Adldap\Laravel\Events\AuthenticatedWithWindows::class  => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
        \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,

    ],
],

];`

auth.php

`<?php

return [

/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/

'defaults' => [
    'guard' => 'web',
    'passwords' => 'users',
],

/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
        'hash' => false,
    ],
],

/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/

'providers' => [
    'users' => [
        'driver' => 'ldap',  //was 'eloquent'
        'model' => App\User::class,
    ],

    // 'users' => [
    //     'driver' => 'database',
    //     'table' => 'users',
    // ],
],

/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/

'passwords' => [
    'users' => [
        'provider' => 'users',
        'table' => 'password_resets',
        'expire' => 60,
    ],
],

];`

Thank you in advance :)

Groganj89 commented 4 years ago

Hey all, just wondering if anyone has managed to have a look at my issue? :)

Groganj89 commented 4 years ago

Hey all, so just to test my code, I created a user's table with the correct columns and tried my import and finally it worked! but now I need to know how to force php artisan adldap:import to import to a different table with the same columns in. I have read somewhere that you can force it to use a different model but I'm not quite sure what contents need to be in the model in order to import into the other table.

Groganj89 commented 4 years ago

All sorted now, I was being thick and a more experience colleague sorted my issue and pointed out my error! job complete.

Thank you for this awesome module.