Restricting Login - Using a Group Membership

[emiliold-developer]

Environment:

• LDAP Server Type: ActiveDirectory
• LdapRecord-Laravel Major Version: v3
• PHP Version: 8.2

Describe the bug: I've followed the documentation about this subject but I can't get it to work. All the users in Active Directory can log in without restrictions. The restriction Using an Organizational Unit works fine. I wonder if there is something missing in the documentation.

[stevebauman]

Hi @emiliold-developer,

Can you post your implementation? What have you done so far?

[emiliold-developer]

Hi @stevebauman ,

I've followed the documentation. Refering to restriction I've made the next changes:

LoginRequest.php

... public function rules(): array { return [ //'email' => ['required', 'string', 'email'], 'username' => ['required', 'string'], 'password' => ['required', 'string'], ]; }

/**
 * Attempt to authenticate the request's credentials.
 *
 * @throws \Illuminate\Validation\ValidationException
 */
public function authenticate(): void
{
    $this->ensureIsNotRateLimited();

    $credentials = [
        'samaccountname' => $this->username,
        'password' => $this->password,
    ];

    if (! Auth::attempt($credentials, $this->filled('remember'))) {
        RateLimiter::hit($this->throttleKey());

        throw ValidationException::withMessages([
            'email' => trans('auth.failed'),
        ]);
    }

    RateLimiter::clear($this->throttleKey());
}

...

app/Ldap/Rules/OnlyHHRRUsers.php

namespace App\Ldap\Rules;

use Illuminate\Database\Eloquent\Model as Eloquent; use LdapRecord\Laravel\Auth\Rule; use LdapRecord\Models\Model as LdapRecord;

class OnlyRRHHUsers implements Rule { /**

• Check if the rule passes validation. / public function passes(LdapRecord $user, Eloquent $model = null): bool { return $user->groups()->recursive()->exists('Human Resources'); / return $user->groups()->exists( 'cn=Human Resources,ou=Departments,dc=comp,dc=local */);
  } }

Apparently there is no more files to modify. The validation is working fine without restrictions so ... Do I need to do anything else?

[stevebauman]

Hi @emiliold-developer,

Rules must be added to your config/auth.php file inside of your provider:

https://ldaprecord.com/docs/laravel/v3/auth/configuration#rules

// config/auth.php

'providers' => [
    // ...

    'ldap' => [
        'driver' => 'ldap',
        'model' => LdapRecord\Models\ActiveDirectory\User::class,
        'rules' => [
            App\Ldap\Rules\OnlyHHRRUsers::class, // <-- Added here.
        ],
    ],
],

I see it's not directly mentioned until the last step on the Restricting Login docs. I'll update it to ensure it's clear to add the rule into the configuration 👍

[stevebauman]

Also, not sure if it's a typo, but your class name and file name on the authentication rule are mismatched:

Class Name: OnlyRRHHUsers File Name: OnlyHHRRUsers.php

[emiliold-developer]

No... thats ok.. They have the same name. I made a mistake typing the text.

[emiliold-developer]

Hi again, I made a mistake typing the text but the error persists... it's not been solved. Please, don't close the issue yet

[stevebauman]

Hi @emiliold-developer,

Can you elaborate? I don't know what you're experiencing.

[emiliold-developer]

Hi again @stevebauman ,

Now the documentation is complete, so I was able to get it to work.

Thank you,