Comments (13)
@Theaxiom it's not the duty of the identifier to create any records, this is totally out of the scope of this lib. Read this https://en.wikipedia.org/wiki/Separation_of_concerns to get an idea why. Also we intentionally did not include yet another dependency, we just want to get the user and the code we have does this well without adding a whole vendor lib.
However, if you want to create a whole LDAP plugin around that lib we would appreciate that. :)
from authentication.
PR is open. Sorry for the delay 😔
from authentication.
I too don't uave any experience with LDAP. Having adapter for it would be surely nice.
from authentication.
I'll ask the author of the plugin if he would like to contribute to this project. :)
from authentication.
I've slightly updated my old code I've started 1-2 month ago and pushed it to https://github.com/cakephp/authentication/tree/ldap-identifier
@ceeram and @cleptric use LDAP at work and said they can review and complete the work on this. Thanks guys. 👍
from authentication.
I was able login against a LDAP Server: http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
That said, I'm not happy at all with the current implementation.
The handling of the ldap result is pretty fragile. The config array is also getting pretty big.
We should also add a new OrmTrait
, which can handle the db lookup for the TokenIdentifier
and the LdapIdentifier
.
from authentication.
Hmm, on a second thought, I'm not quite sure if we want to lookup anything in the db while using the LdapIdentifier
. I have to adjust the return of the identify method and create an entity on the fly, then.
from authentication.
@cleptric as I understand LDAP it should provide all the info for the user already. You log in using LDAP, done. Sure you could link it with an account inside your local application but that is out of scope of the identifier - IMO. If somebody wants to do that he can link the accounts after login / registration or extend the identifier.
Also I've seen you're overriding $_defaultConfig. Please note that we're not using the MergeVarTrait that would merge the arrays of defined properties. So you're completely overriding the defaults.
We should also add a new OrmTrait, which can handle the db lookup for the TokenIdentifier and the LdapIdentifier.
This sounds like a two-stage process for me. Identify it by one system then against another. I'm not sure if we want this to be a core functionality of the implementation. I don't mind doing that, but then you'll hard code these identifiers against the Cake ORM. We could also allow the user to pass callbacks for before and after event like handling via config to modify things in the identifiers. I would like to hear more opinions on that that from the other developers. :)
from authentication.
@burzum LDAP doesn't provide you with any user data, if you're not searching for it. A ldap_bind is basically all is needed to authenticate a user against a LDAP server (I learned that yesterday 😉). If the bind is successful, you get true
else false
. So I dropped all the search code and the result juggling.
You're right about that an ORM lookup isn't necessary. If the LdapIdentifier
would do an ORM lookup, I just don't wanted to copy the code from the TokenIdentifier
. This was the idea behind adding a trait.
from authentication.
@cleptric it can contain data. See https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Directory_structure I think this case should be handled as well besides the ORM lookup.
We need to find a way to make the ORM lookup somehow optional and work with other ORMs as well. We've tried to keep this lib so far as open as possible to other implementations. I'm open for ideas on how to make this possible.
from authentication.
@burzum Sorry, I was pointing to php ldap_bind()
only returns bool, not LDAP in general 😄
from authentication.
That LDAP plugin, while it works, is definitely missing quite a lot. It doesn't even have the option of creating associated user rows upon successful login, etc. If I get the time, I would like to bring this into an identifier: https://github.com/ldaptools/ldaptools
I also love the syntax of this library: http://www.phpldaptools.com/
+1 it has tests and uses travis-ci: https://travis-ci.org/ldaptools/ldaptools/jobs/200512275
from authentication.
@burzum I understand what you are saying, and yes I do intend to create an LDAP plugin around that lib when and if I get the time. Right now I am using QueenCityCodeFactory, however it does raise some concerns but works in the meantime. :)
from authentication.
Related Issues (20)
- update docs links
- FAILURE_IDENTITY_NOT_FOUND HOT 1
- update src folder links
- update test folder links
- update links root folder
- Issue when using Authentication Plugin and DebugKit in Dev Environments HOT 4
- SessionAuthenticator `'identify' => true` config does not work HOT 16
- zend-diactoros require php ^7.1 -> your php version (8.1.10) HOT 3
- Impersonate issue with serialization for session
- Multiple table/model fields HOT 2
- `isLoggedIn()` in a Controller? HOT 2
- v3 docs need to be built/deployed HOT 3
- Reduce constraint for psr/http-message HOT 5
- allowUnauthenticated() for all actions HOT 3
- Feature request: Make Authentication service available via DI in the Middleware
- Impersonation for non-persistent authenticators HOT 23
- Session Identifier forces use of 'username' array key HOT 2
- LDAP identifier is not compatible with php 8.3 HOT 1
- LoginLink functionality HOT 4
- Use Authentication into Cell HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentication.