stevebauman
commented
8 years ago Can you post your config/auth.php file?
Closed ramsah closed 8 years ago
stevebauman
commented
8 years ago Can you post your config/auth.php file?
ramsah
commented
8 years ago Hi Steve, Thank you for replying. Please find the config/auth.php .
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'adldap',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'adldap' => [
'driver' => 'adldap',
'model' => App\User::class,
],
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'email' => 'auth.emails.password',
'table' => 'password_resets',
'expire' => 60,
],
],];
stevebauman
commented
8 years ago Hmmm, not seeing any issues, can you post your AuthController code please?
ramsah
commented
8 years ago Please find the AuthController.php as below:
<?php
namespace App\Http\Controllers\Auth;
use App\User; use Validator; use App\Http\Controllers\Controller; use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
| class AuthController extends Controller { /* | -------------------------------------------------------------------------- | Registration & Login Controller |
|---|---|---|
| This controller handles the registration of new users, as well as the | ||
| authentication of existing users. By default, this controller uses | ||
| a simple trait to add these behaviors. Why don't you explore it? | ||
*/use AuthenticatesAndRegistersUsers, ThrottlesLogins;
/**
* Where to redirect users after login / registration.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware($this->guestMiddleware(), ['except' => 'logout']);
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|min:6|confirmed',
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}}
stevebauman
commented
8 years ago Are you allowing users to login using their email or username?
Can you also post your config/adldap_auth.php file?
ramsah
commented
8 years ago I am llowing users to login with username. Also, I am using admin_username as the concatination of "DC=CompanyName" and username of AD then it is connecting otherwise giving wrong credential error and for Authenticating with Adldap::getProvider('default')->auth()->attempt($username='xxxx', $password='xxxxx') I also use the same thing. For example my company name is "Ayur" and my username is "test" then we use "Ayur\test" as admin_user then it connecting otherwise giving wrong credential error.
The config/adldap_auth.php is following: <?php
return [
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection to use for authentication.
|
| You must specify connections in your `config/adldap.php` configuration file.
|
*/
'connection' => 'default',
/*
|--------------------------------------------------------------------------
| Username Attribute
|--------------------------------------------------------------------------
|
| The username attribute is an array of the html input name and the LDAP
| attribute to discover the user by. The reason for this is to hide
| the attribute that you're using to login users.
|
| For example, if your input name is `username` and you'd like users
| to login by their `samaccountname` attribute, then keep the
| configuration below. However, if you'd like to login users
| by their emails, then change `samaccountname` to `mail`.
| and `username` to `email`.
|
*/
'username_attribute' => ['username' => 'samaccountname'],
/*
|--------------------------------------------------------------------------
| Limitation Filter
|--------------------------------------------------------------------------
|
| The limitation filter allows you to enter a raw filter to only allow
| specific users / groups / ous to authenticate.
|
| This should be a standard LDAP filter.
|
*/
'limitation_filter' => '',
/*
|--------------------------------------------------------------------------
| Login Fallback
|--------------------------------------------------------------------------
|
| The login fallback option allows you to login as a user located on the
| local database if active directory authentication fails.
|
| Set this to true if you would like to enable it.
|
*/
'login_fallback' => false,
/*
|--------------------------------------------------------------------------
| Password Key
|--------------------------------------------------------------------------
|
| The password key is the name of the input array key located inside
| the user input array given to the auth driver.
|
| Change this if you change your password fields input name.
|
*/
'password_key' => 'password',
/*
|--------------------------------------------------------------------------
| Login Attribute
|--------------------------------------------------------------------------
|
| The login attribute is the name of the active directory user property
| that you use to log users in. For example, if your company uses
| email, then insert `mail`.
|
*/
'login_attribute' => 'samaccountname',
/*
|--------------------------------------------------------------------------
| Bind User to Model
|--------------------------------------------------------------------------
|
| The bind User to Model option allows you to access the Adldap user model
| instance on your laravel database model to be able run operations
| or retrieve extra attributes on the Adldap user model instance.
|
| If this option is true, you must insert the trait:
|
| `Adldap\Laravel\Traits\AdldapUserModelTrait`
|
| Onto your User model configured in `config/auth.php`.
|
| Then use `Auth::user()->adldapUser` to access.
|
*/
'bind_user_to_model' => false,
/*
|--------------------------------------------------------------------------
| Sync Attributes
|--------------------------------------------------------------------------
|
| Attributes specified here will be added / replaced on the user model
| upon login, automatically synchronizing and keeping the attributes
| up to date.
|
| The array key represents the Laravel model key, and the value
| represents the Active Directory attribute to set it to.
|
| The users email is already synchronized and does not need to be
| added to this array.
|
*/
'sync_attributes' => [
'name' => 'cn',
],
/*
|--------------------------------------------------------------------------
| Select Attributes
|--------------------------------------------------------------------------
|
| Attributes to select upon the user on authentication and binding.
|
| If no attributes are given inside the array, all attributes on the
| user are selected.
|
| ** Note ** : Keep in mind you must include attributes that you would
| like to synchronize, as well as your login attribute.
|
*/
'select_attributes' => [
],];
stevebauman
commented
8 years ago In your AuthController, you didn't specify the username string for authentication:
/**
* The username string to use for authentication.
*
* @var string
*/
protected $username = 'username';By default this is set to email. You also haven't changed your validator method to match:
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|max:255|unique:users', // Must switch to `username`
'password' => 'required|min:6|confirmed',
]);You also need to make sure you've changed your laravel migration to use username instead of email.
https://github.com/Adldap2/Adldap2-Laravel#username-attributes
ramsah
commented
8 years ago Hi Steve, I have changed as you discussed above.which are:
But still when I using $credentials = ['username' => 'xxxxxxxxx', 'password' => 'xxxxxxxx']; $ff =\Auth::attempt($credentials); var_dump($ff); Then It returns false. The above credential is a correct credential. By using this credential Adldap::getProvider('default')->auth()->attempt($username='xxxx', $password='xxxxx') is working.
stevebauman
commented
8 years ago Strange, is your configuration cached by chance? Try clearing it using php artisan cache:clear.
stevebauman
commented
8 years ago Closing due to inactivity.
Hello Friends, I am implementing Adldap2/Adldap2-Laravel package. when I use Adldap::getProvider('default')->auth()->attempt($username='xxxx', $password='xxxxx') then it returns true if user exists in Active directory(AD) but when I use Auth::attempt($credentials) with correct AD credentials then it returns false.
my config/adldap.php is following:
'connection_settings' => [
Please provide me a correct solution. Thanks.