Open matracine opened 8 years ago
Having also a protected method to retrieve the defaults options would be great. This would permit to set the default search filter in the class.
If there are multiple standard ways (I assume memerof and posixGroup are standard schemes) wouldn't it be better to have a RoleResolverInterface and custom implementations that can be used? I suppose in more complex scenarios additional LDAP queries might be necessary too, right?
I think you're right. I'm a pretty newby in Silex/Symfony developpement so I didn't know this interface. I will take a look at it. I'm an old school developper so derivation is more natural for me ;)
Again I think you're right, but just for fun, I've pushed a branch new_methods in my repo. It's quite simple and works perfectly. https://github.com/matracine/ldap-auth-service-provider/tree/new_methods/src/Security/Core/User
Looks reasonable. The interface doesn't exist - its something I made up, but by doing that all that is required would be to pass in a custom implementation in the config rather than extending code.
Say,
interface RoleResolverInterface {
public function getRoles(array $data);
}
and then there would be another config option:
'roleResolver' => ' 'Radebatz\\Silex\\LdapAuth\\Security\\Core\\User\\LdapMemberOfRoleResolver',
and the user provider would do:
$roleResolverClass = $this->options['roleResolver'];
$roleResolver = new $roleResolverClass();
$roles = $roleResolver->getRoles($userData);
The advantange, IMO, is that it would even allow to use multiple resolver (chain them) and other custom processing.
Let me think a little more about, tho...
Hello, After thinkng and testing around, I think you're right about the RoleResolver. But I think also that it is necessary to have specialized LDap(Posix|whatElse)?User, Ldap(Posix|whatElse)?Group, Ldap(Posix|whatElse)?UserProvider, and Ldap(Posix|whatElse)?RoleResolver that mask the inner structure of the ldap and could be overriden easily. For that, in the contructors, a getDefaultOptions() call is necessary to overide options in specialized classes.
With my open Ldap schema, group mapping is not done with the "memberof" attribute in the user object. The mapping is done like that :