search

jotaelesalinas / laravel-adminless-ldap-auth

Authenticate users in Laravel against an adminless LDAP server
MIT License
210 stars 33 forks source link

Different ldap_auth.php #33

Closed matthewmerendo closed 4 years ago

matthewmerendo commented 4 years ago

I am using Laravel 6.0, not 5.7, but I'm having an issue with the ldap plugin, not Laravel core. (EDIT TO ADD: adldap2/adldap2-laravel 6.0 as well)

Your tutorial works fine until step 10, configuring config/ldap_auth.php. Your tutorial says:

`10. Configure the LDAP authentication in config/ldap_auth.php 'usernames' => [

'ldap' => [

    // replace this line:
    // 'discover' => 'userprincipalname',
    // with this one:
    'discover' => env('LDAP_USER_ATTRIBUTE', 'userprincipalname'),

    // replace this line:
    // 'authenticate' => 'distinguishedname',
    // with this one:
    'authenticate' => env('LDAP_USER_ATTRIBUTE', 'distinguishedname'),

],

// replace this line:
// 'eloquent' => 'email',
// with this one:
'eloquent' => 'username',

],`

but my ldap_auth.php has no 'usernames' key. The closest thing it has is:

`'identifiers' => [

    /*
    |--------------------------------------------------------------------------
    | LDAP
    |--------------------------------------------------------------------------
    |
    | Locate Users By:
    |
    |   This value is the users attribute you would like to locate LDAP
    |   users by in your directory.
    |
    |   For example, using the default configuration below, if you're
    |   authenticating users with an email address, your LDAP server
    |   will be queried for a user with the a `userprincipalname`
    |   equal to the entered email address.
    |
    | Bind Users By:
    |
    |   This value is the users attribute you would
    |   like to use to bind to your LDAP server.
    |
    |   For example, when a user is located by the above attribute,
    |   the users attribute you specify below will be used as
    |   the 'username' to bind to your LDAP server.
    |
    |   This is usually their distinguished name.
    |
    */

    'ldap' => [

        'locate_users_by' => 'userprincipalname',

        'bind_users_by' => 'distinguishedname',

    ],

`

Any thoughts?

jotaelesalinas commented 4 years ago

I updated the manual for Adldap-Laravel 6.0. I hope it helps.

matthewmerendo commented 4 years ago

Thanks! Now it works perfectly!

I do have one more question, though: Is there a way to restrict access by OU group?

(I've tried using the SCOPES feature of the adldap2-laravel package, but they don't seem to apply?

jotaelesalinas commented 4 years ago

For that, I would add an entry identifiers.ldap.restrict_users_by_ou_group to ldap_auth.php. Then, inside LoginController::attemptLogin(), I would check if this config option is set. If so, I would retrieve this field also from the LDAP server and check that the group is allowed. Hope it helps.