search

DirectoryTree / LdapRecord-Discussions

A place to ask questions, get help, or share what you've built with LdapRecord.
4 stars 1 forks source link

Switch from adldap2-laravel to ldaprecord-laravel auth issue #10

Closed dbiljak closed 4 years ago

dbiljak commented 4 years ago

Hi, after switching from adldap2-laravel to ldaprecord-laravel on the working project we can't log in anymore. We are importing users from AD;

'ldap' => [ 'driver' => 'ldap', 'model' => LdapRecord\Models\ActiveDirectory\User::class, 'rules' => [], 'database' => [ 'model' => App\User::class, 'sync_passwords' => true, 'sync_attributes' => [ 'username' => 'samaccountname', 'name' => 'cn', 'email' => 'mail', 'telephone' => 'telephonenumber', 'position' => 'physicaldeliveryofficename', 'thumbnailphoto' => 'thumbnailphoto' ], 'sync_existing' => [ 'email' => 'mail', ], 'password_column' => 'password', ], ]

Everything is synced and OK after synchronization but we can't log in.

Controller:

public function login() { if (Auth::attempt(['username' => request('username'), 'password' => request('password')])) { $user = Auth::user(); $success['token'] = $user->createToken('MyApp')->accessToken; return response()->json(['success' => $success], $this->successStatus); } else { return response()->json(['error'=>'Unauthorised'], 401); } }

The method returns else value

on dd request('username') and request('password') returns values from post but Auth::attempt(['username' => request('username'), 'password' => request('password')]) returns false

Please help

stevebauman commented 4 years ago

Hi @dbiljak,

You're very close -- when you pass in the users credentials into the Auth::attempt() method, you must set the key that you would like to locate users by for the username:

https://ldaprecord.com/docs/laravel/auth/quickstart/#database-controller-setup

public function login()
{
    $credentials = [
        'samaccountname' => request('username'),
        'password' => request('password'),
    ];

    if (Auth::attempt($credentials)) {
        $user = Auth::user();

        $success['token'] = $user->createToken('MyApp')->accessToken;

        return response()->json(['success' => $success], $this->successStatus);
    } else {
        return response()->json(['error'=>'Unauthorised'], 401);
    }
}

Closing this, as this should resolve your issue, but let me know if you encounter anything else 👍

dbiljak commented 4 years ago

Auth::attempt($credentials) returns

"SQLSTATE[42S22]: Column not found: 1054 Unknown column 'samaccountname' in 'where clause' (SQL: select * from users where samaccountname = XXX limit 1)"

It searches my local DB, and I use username instead of samaccountname. But if I change it I get Unauthorised again

stevebauman commented 4 years ago

Hi @dbiljak,

It looks like you haven't set your ldap authentication guard as your default. Do you still have an eloquent guard configured?

If you had your default authentication guard set to a provider using the ldap authentication driver, then this exception would not occur. Let me know!

dbiljak commented 4 years ago

Everything is as in documentation:

'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'passport',
            'provider' => 'ldap'
        ],
    ],

    'providers' => [
        'users' => [
            'driver' => 'eloquent',
            'model' => App\User::class,
        ],

        'ldap' => [
            'driver' => 'ldap',
            'model' => LdapRecord\Models\ActiveDirectory\User::class,
            'rules' => [],
            'database' => [
                'model' => App\User::class,
                'sync_passwords' => true,
                'sync_attributes' => [
                    'username' => 'samaccountname',
                    'name' => 'cn',
stevebauman commented 4 years ago

You haven’t changed your web guards provider to ldap.

The passport driver is not compatible with the ldap provider.

dbiljak commented 4 years ago

What is the best way for api login then?

stevebauman commented 4 years ago

You would have to build it yourself unfortunately.

Problem is — there is no way to store / save API keys in LDAP entries, so you cannot retrieve users by them.

dbiljak commented 4 years ago

y I guessed that

I am implementing this now: https://ldaprecord.com/docs/authentication/#other-attributes

There is an error: $user['distinguishedname'] returns array not a string.

Thnx for ur help

stevebauman commented 4 years ago

Every attribute is returned as an array in LDAP, so you must access it via the first array key:

$user['distinguishedname'][0]