search

DirectoryTree / LdapRecord-Laravel

Multi-domain LDAP Authentication & Management for Laravel.
https://ldaprecord.com/docs/laravel/v3
MIT License
496 stars 52 forks source link

[Question] Password Synchronization during import #484

Closed alanTaiariol closed 1 year ago

alanTaiariol commented 1 year ago

Environment:

Describe the bug: The compare of the login request password with active directory user imported password fail, I think that this happens because the password hashed that was imported to my database is a random password maked by Str::ramdom. I check with tinker -> hash:check() and I get a false result.

In auth.php file I'm setting the provider's array like this

'ldap' => [ 'driver' => 'ldap', 'model' => LdapRecord\Models\ActiveDirectory\User::class, 'rules' => [], 'database' => [ 'model' => App\User::class, 'sync_passwords' => true, 'sync_attributes' => [ 'name' => 'cn', 'email' => 'mail', ], 'sync_existing' => [ 'email' => 'email', ], 'password_column' => 'password', ],

and I'm importing the user AD to my database like this:

`
use LdapRecord\Laravel\Import\UserSynchronizer as Synchronizer; $me = JWTAuth::user(); // agregar validacion contra db $option = Option::select("ad_scheme_attribute")->where('client_id', $me->entity_id)->firstOrFail();

        $scheme_attribute = $option->ad_scheme_attribute;
        $users_ad = UserLdap::whereHas($scheme_attribute);

        foreach ($request->get("users") as $u)
        {
            $a = json_decode($u, true);
            $users_ad = $users_ad->orWhere($scheme_attribute, '=', $u);
        }

        $users_ad = $users_ad->get();

        $synchronizer = new Synchronizer(User::class, $config = [
            'sync_attributes' => [
                'email' => $scheme_attribute,
                'name' => 'cn'
            ],
            'sync_passwords' => true
        ]);

        foreach ($users_ad as $u) {
            $saved = $synchronizer->run($u);
            $saved->entity_id = $me->entity_id;
            $saved->save();
        }`
stevebauman commented 1 year ago

Hi @alanTaiariol,

Password synchronization only occurs when an LDAP user successfully logs into your application.

It is not possible to retrieve a pure-text copy of the user's password from your LDAP server during import.

This is described in the documentation here:

https://ldaprecord.com/docs/laravel/v2/auth/database/importing/#password-synchronization

Screenshot 2022-11-10 at 3 23 11 PM

alanTaiariol commented 1 year ago

hi Steve, how I can synchronice to my database the user AD password when a user has a succesfully logged in my application?