search

DirectoryTree / LdapRecord-Laravel

Multi-domain LDAP Authentication & Management for Laravel.
https://ldaprecord.com/docs/laravel/v3
MIT License
483 stars 51 forks source link

database authentication not working when LDAP server not reachable #615

Closed SalmaANegm closed 7 months ago

SalmaANegm commented 7 months ago

I am using data base authentication. My local environment has no access to the LDAP server. I though it will use the password from database to login if no connection to the LDAP server. Unfortunately, that did not happen. It keeps returning incorrect credentials validation error. I do not know if this is a bug or I am missing something. It's working great on the server when I set the correct connection. But, wen I change the IP to incorrect one it's not using the locale credentials.

config/auth.php provider

'admins' => [
            'driver' => 'ldap',
            'model' => App\Ldap\Admin::class,
            'rules' => [],
            'scopes' => [],
            'database' => [
                'model' => App\Models\Admin::class,
                'sync_passwords' => true,
                'sync_attributes' => [
                    'name' => 'cn',
                    'email' => 'mail',
                ],
                'sync_existing' => [
                    'email' => 'mail',
                ],
            ],
    ]

Admin model:

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Backpack\CRUD\app\Models\Traits\CrudTrait;
use LdapRecord\Laravel\Auth\LdapAuthenticatable;
use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;
use Spatie\Permission\Traits\HasRoles;

class Admin extends Authenticatable implements LdapAuthenticatable
{
    use HasFactory;
    use CrudTrait, HasRoles;
    use AuthenticatesWithLdap;

    protected $fillable = [
        'username',
        'email',
        'password',
    ];
    protected $guard_name = 'admins';
}

Ldap Admin model:

<?php

namespace App\Ldap;

use LdapRecord\Models\Model;
use LdapRecord\Models\Concerns\CanAuthenticate;

class Admin extends Model
{
    use CanAuthenticate;

    /**
     * The object classes of the LDAP model.
     */
    public static array $objectClasses = ['person'];
    protected string $guidKey = 'objectguid';
}

php artisan ldap:test result: Testing LDAP connection [default]... +------------+------------+------------------------------------+----------------------------------------------------------------------------------------------------------------------+---------------+ | Connection | Successful | Username | Message | Response Time | +------------+------------+------------------------------------+----------------------------------------------------------------------------------------------------------------------+---------------+ | default | ✘ No | xxx.xxx@xxx.xxx | ldap_bind_ext(): Unable to bind to server: Can't contact LDAP server (-1). Error Code: [-1] Diagnostic Message: NULL | 5799.32ms | +------------+------------+------------------------------------+----------------------------------------------------------------------------------------------------------------------+---------------+

Iam using:

a second question please, how can I authenticate other registered non-LDAP users? documentation is saying that I can have this feature but I do not knoq how to implement it.

Thanks in advance,

stevebauman commented 7 months ago

Hi @SalmaANegm,

You will have to implement fallback authentication. The docs there will guide you how to configure it 👍