ChadSikorra
commented
7 years ago That seems odd. At first glance I don't see how that could happen with the above config. Have you tried completely clearing your cache? Also, what version of Symfony?
Open nmoreaud opened 7 years ago
ChadSikorra
commented
7 years ago That seems odd. At first glance I don't see how that could happen with the above config. Have you tried completely clearing your cache? Also, what version of Symfony?
nmoreaud
commented
7 years ago Hello, I just cleared the cache and the sessions, but the problem remains. I use symfony 3.3.9 and ldaptools v0.24.0 and ldaptools-bundle 0.7.0. I will try to update
nmoreaud
commented
7 years ago I had the same problem with the latest version, even when I enable the ldap user provider on a firewall with a unused url pattern (ex : ^/url/never/used). The api basic authentication triggered the ldap connection. I resolved it by using a guard instead of the older authentication system (https://github.com/ldaptools/ldaptools-bundle/blob/master/Resources/doc/LDAP-Authentication-Provider.md#symfony-28-use-the-guard-component).
The final configuration looks like this :
security:
# http://symfony.com/doc/current/security.html#b-configuring-how-users-are-loaded
providers:
site:
id: AppBundle\Security\User\SiteUserProvider
ldap:
id: ldap_tools.security.user.ldap_user_provider
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
api:
provider: site
pattern: ^/api/
# les cookies c'est pas bon, on les désactive
stateless: true
anonymous: false
http_basic: ~
main:
anonymous: ~
provider: ldap
form_login:
login_path: login
check_path: login_check
use_forward: true
pattern: ^/
logout: ~
guard:
authenticators:
- ldap_tools.security.ldap_guard_authenticator
login:
pattern: ^/login$
anonymous: ~
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/cache, roles: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/api/, roles: ROLE_SITE }
- { path: ^/, roles: ROLE_USER }
encoders:
AppBundle\Security\User\SiteUser: plaintext
# This is the default user class returned from the LDAP provider below
LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUser: plaintext
role_hierarchy:
ROLE_EDITOR: ROLE_USER
ROLE_ADMIN: ROLE_EDITOR
I can close this ticket if you want, but this behavior may be present in other projects.
ChadSikorra
commented
7 years ago Interesting. There may be an issue with the ldap_tools_form auth provider. I will leave this open and take a look at it. It became very messy after a bunch of deprecations / constructor changes in Symfony, so I try to use the Guard whenever possible.
Hello,
I may have a wrong configuration, but can't see what it is. I have two firewalls, one for the website and the other for a rest API :
And a basic configuration :
When I make a request to the API (ex : /api/test), if the user is not found with the siteUserProvider, ldapTools tries to find it in the ldap repository. However, ldapTools is not configured to interact with the "api" firewall !