search

BorisMorel / LdapBundle

This bundle is autonomous ; He doesn't require "apache mod_ldap"
103 stars 92 forks source link

Username used for authentication instead of DN (in some cases) #127

Open thomaskonrad opened 10 years ago

thomaskonrad commented 10 years ago

Hi,

I'm trying to use LdapBundle for authenticating against an Active Directory LDAP server. I have got it working when the user logs in the first time with the guide on how to do this in combination with FOSUserBundle.

A link in the main README.md to Resources/Docs/ldap_with_custom_user_manager.md would be great, by the way. I only found this by searching for my issue on Google.

Now when a new user logs in the first time, it works great, because $this->ldapManager->exists($username) is called, which searches for the user on the LDAP server and populates the $ldapUser member variable in LdapManagerUser, which, when the auth() method of the same class is called leads to the authentication of the user with their Dn:

public function auth()
    {
        if (strlen($this->password) === 0) {
            return false;
        }

        if (null === $this->ldapUser) {
            return ($this->bindByUsername() && $this->doPass());
        }

        return ($this->doPass() && $this->bindByDn()); // This is called in my case!
    }

Now when the user is already persisted and loaded from the database, that $this->ldapManager->exists($username) is not called, so the $ldapUser member is not populated in the LdapManagerUser class, and the user is authenticated with their user name.

public function auth()
    {
        if (strlen($this->password) === 0) {
            return false;
        }

        if (null === $this->ldapUser) {
            return ($this->bindByUsername() && $this->doPass()); // This is called in case the user already exists and is loaded from the database!
        }

        return ($this->doPass() && $this->bindByDn());
    }

This is a problem, as in my setup, the user needs to be authenticated by their Dn always (shouldn't the user always be authenticated by the same field?). What is that if condition good for?

Can anybody help me out? Is that an error in the docs, in the implementation, or in my way of thinking?

Thanks Thomas

BorisMorel commented 9 years ago

You authenticate your users only from Ldap ? Your user's snapshot in the DB add some parameters but he is never used to auth ?