maks3w / fr3dldapbundle Goto Github PK

This bundle integrates LDAP Authentication with any user manager (Ex: FOSUserBundle)

PHP 100.00%

fr3dldapbundle's Introduction

FR3DLdapBundle

The FR3DLdapBundle adds support for provide and/or authenticate users with a LDAP Directory in Symfony2.

It's mainly developed thinking in unmanned corporate LDAP directories so you could retrieve users from LDAP and manage them using FOSUserBundle features (role management, guess users registration, etc).

Features include:

Features included:

Works with FOSUserBundle
Customizable and extensible
Unit tested

Note: This bundle cannot work as standalone at this moment and requires an User Manager (For ex: FOSUserBundle)

Versions and compatibilities:

develop contains the future major version. This version may contain new features and backward compatibility breaks.
master contains the current major version. This version contains fixes and may contain new features.

Documentation

The bulk of the documentation is stored in the Resources/doc/index.md file in this bundle:

Read the Documentation

Installation

All the installation instructions are located in documentation.

License

This bundle is under the MIT license. See the complete license in the bundle:

Resources/meta/LICENSE

Reporting an issue or a feature request

Issues and feature requests are tracked in the GitHub issue tracker.

When reporting a bug, it may be a good idea to reproduce it in a basic project built using the Symfony Standard Edition to allow developers of the bundle to reproduce the issue by simply cloning it and following some steps.

fr3dldapbundle's People

Contributors

Stargazers

Watchers

fr3dldapbundle's Issues

Problem when not setting DN on User Record...

@Maks3w, I can submit a PR, but I didn't want to do that first as I wasn't sure if it would be correct for LDAP. My setup of LDAP doesn't allow a bind with a simple user name. It requires the full dn to ldap_bind. Is this common across LDAP to require a full DN?

uid=jarvis.stubblefield,cn=users,dc=iostudiohq,dc=com

I have found in your code where you just use the user.name when the dn isn't stored in the db. I have a unique situation where some users can be created by form and some by ldap login. I need to ensure they always authenticate through LDAP and having the DN in the database or the base DN being set correctly in the code for this to work.

Again, I can do a PR if you would like.

Thanks!

Retrieve users from LDAP

Hi there,

I'm plugged with a MS Active Directory and I have to retrieve and list every user from this AD.
Is it possible with the bundle and how could I do this please ?
I did not find anything over the documentation to deal with this question.

Thanks by advance.

Second login attempt error INSERT INTO

Hello,

Here's the overview of the problem.

My first login attempt, the result is OK. I logout.
I login again, an error occurs.

An exception occurred while executing 'INSERT INTO fos_user().

[1/2] PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'username' for key 'UNIQ_957A647992FC23A8'

[2/2] DBALException: An exception occurred while executing 'INSERT INTO fos_user ()

SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'username' for key 'UNIQ_957A647992FC23A8'

Is it normal for it to do an SQL command of INSERT every time I login?

Running on Symfony 2.4.3, FR3DLdapBundle 2.0.x.

Thanks in advance.

Binding requires username in DN form

I'm using FR3DLdapBundle with FOSUserBundle.

Symfony 2.5.6
FOSUserBundle ~2.0@dev
FR3DLdapBundle ~2.0@dev

$ldapManager = $this->get('fr3d_ldap.ldap_manager');
print_r($ldapManager->findUserByUsername('[email protected]'));

But I catch one error.

Binding requires username in DN form
CRITICAL - Uncaught PHP Exception FR3D\LdapBundle\Driver\LdapDriverException: "An error occur with the search operation." at myproj\vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Driver\ZendLdapDriver.php line 55

I have done everything in the installation documents

# config.yml
fr3d_ldap:
    driver:
        host:                ldap.example.com
        port:                389
        username:            [email protected]
        password:            password
        bindRequiresDn:      true
        baseDn:              dc=ldap,dc=example,dc=com
        accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
    user:
        baseDn: dc=ldap,dc=example,dc=com
        filter: (&(ObjectClass=Person))
        attributes:
          - { ldap_attr: uid,  user_method: setUsername }

Configuration exception

Hi,
I have installed the bundle with the following requirement in composer.json:

"fr3d/ldap-bundle": "2.0.*.dev"

and I obtain this error:

InvalidConfigurationException: Invalid configuration for path "fr3d_ldap": Notice: Undefined index: driver in /var/www/symfony/vendor/fr3d/ldap-bundle/FR3D/LdapBundle/DependencyInjection/Configuration.php line 71

My other dependencies are:
"require": {
"php": ">=5.3.3",
"symfony/symfony": "2.3.",
"doctrine/orm": ">=2.2.3,<2.4-dev",
"doctrine/doctrine-bundle": "1.2.",
"twig/extensions": "1.",
"symfony/assetic-bundle": "2.3.",
"symfony/swiftmailer-bundle": "2.3.",
"symfony/monolog-bundle": "2.3.",
"sensio/distribution-bundle": "2.3.",
"sensio/framework-extra-bundle": "2.3.",
"sensio/generator-bundle": "2.3.",
"incenteev/composer-parameter-handler": "~2.0",
"doctrine/mongodb-odm-bundle": "dev-master",
"twitter/bootstrap": "2.3.",
"jquery/jquery": "1.9.",
"whiteoctober/breadcrumbs-bundle": "dev-master",
"genemu/form-bundle": "2.2.",
"winzou/cache-bundle": "dev-master",
"friendsofsymfony/user-bundle": "dev-master",
"igorw/file-serve-bundle": "1.0.@dev",
"fr3d/ldap-bundle": "2.0..dev"
},

Add escape characters to queries

For security reasons is absolutly necessary escape some special characters from the user input.

See [OWASP-DV-006](https://www.owasp.org/index.php/Testing_for_LDAP_Injection_(OWASP-DV-006\))

Help recup all users in AD windows

Hello,

I would love all the users in active directory, but I cannot, I just manage to get back the users in an UO I use symfony version 2.16 and FR3DLDAP 1.6...

Thank you for helping me for this urgent request

Connect fails when useSsl is enabled for a host with a non-standard ldaps port

Per the documentation for ldap_connect(), the $port argument is ignored when the $hostname is a url.

So, given the following configuration

fr3d_ldap:
    client:
        host:     "some.ldap.host"
        port:     1636 #or anything other than the default 636
        useSsl:   true

Per Driver/LdapConnection.php, the resulting execution basically looks like this

ldap_connect('ldaps://some.ldap.host', 1636);

When it actually needs to look like this

ldap_connect('ldaps://some.ldap.host:1636');

You can work around this issue in the configuration like so

fr3d_ldap:
    client:
        host:     "some.ldap.host:1636"
        port:     ~
        useSsl:   true

But I think it would be preferable if the bundle abstracted this little detail away, and added the port to the host when useSsl is enabled. Something along the lines of:

    private function connect()
    {
        $host = $this->params['host'];
        if (isset($this->params['useSsl']) && (boolean) $this->params['useSsl']) {
            $host = sprintf('ldaps://%s:%s', $host, $this->params['port'] ?: '636');
        }
       // ...
    }

To the best of my knowledge, this effects all versions/branches.

Stable tag for 2.0.0

Hey,

Is it possible to release tag 2.0.0? I've been using the bundle for quite a while but I'm not happy having to use 2.0.*@dev in every project. My current situation is that I have a bundle with a dependency on this bundle, but due to having it in @dev, means I have to add not only my bundle, but also this project.

I have no idea if there will be any progress on this bundle soon, but after 8 months I would like to see a stable release ;)

Iltar

how to disable insert data into DB?

FR3DLdapBundle will insert data into DB, if ldap authentication successes, but no data in DB exists.
How can i disable it?
I have already an user table with many usernames and roles, and i don't want to insert more data into it throw LdapBundle.

Thanks in advance.

Failure on migration to Symfony2.3

I have been using this bundles for quite a while with SF2.1 and ldap-bundle1.6. When I tried migrating to SF2.3 and ldap2.0, I get an invalid DN syntax error:
ldap_driver.DEBUG: 0x22 (Invalid DN syntax).
I'm using the same config to access the server. Any insight would be much appreciated.

Problem with FR3DLdap 1.5 and Symfony 2.0

Hi all.

I have a problem when user doesn't type correctly his/her password. If this user is the same that is configured in config.yml, it works fine: it throws a BadCredentialsException exception, and the error message is "The presented password is invalid". However, when another different user try to login and type a wrong password, the error message is: "Warning: ldap_search(): Search: Operations error in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Driver/LdapConnection.php line 27". When both type the correct password, the login works fine.

I'm using FR3DLdap with FOSUser, and I don't know if this is a bug, or I don't have it configured properly.

The stack trace is:

******************************PROVIDER ES FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider
**********************************VA A HACER AUTHENTICATE
************************AUTHENTICATIONEXCEPTION exception 'Symfony\Component\Security\Core\Exception\BadCredentialsException' with message 'The presented password is invalid.' in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php:97

Stack trace:
#0 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php(74): FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider->checkAuthentication(Object(\Bundle\Bridge\UserBundle\Document\UsuarioMongo), Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#1 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php(64): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#2 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php(79): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#3 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php(139): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Object(Symfony\Component\HttpFoundation\Request))
#4 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php(64): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#5 [internal function]: Symfony\Component\Security\Http\Firewall->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#6 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventDispatcher.php(82): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#7 /.../vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(49): Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher->doDispatch(Array, 'kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#8 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/ContainerAwareEventDispatcher.php(145): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#9 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(98): Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#10 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(71): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
#11 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/HttpKernel.php(47): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#12 /.../app/bootstrap.php.cache(554): Symfony\Bundle\FrameworkBundle\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#13 /.../web/app_dev.php(17): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#14 {main}

************************LASTEXCEPCTION exception 'Symfony\Component\Security\Core\Exception\BadCredentialsException' with message 'The presented password is invalid.' in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php:97

Stack trace:
#0 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php(74): FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider->checkAuthentication(Object(\Bundle\Bridge\UserBundle\Document\UsuarioMongo), Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#1 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php(64): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#2 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php(79): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#3 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php(139): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Object(Symfony\Component\HttpFoundation\Request))
#4 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php(64): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#5 [internal function]: Symfony\Component\Security\Http\Firewall->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#6 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventDispatcher.php(82): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#7 /.../vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(49): Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher->doDispatch(Array, 'kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#8 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/ContainerAwareEventDispatcher.php(145): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#9 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(98): Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#10 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(71): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
#11 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/HttpKernel.php(47): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#12 /.../app/bootstrap.php.cache(554): Symfony\Bundle\FrameworkBundle\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#13 /.../web/app_dev.php(17): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#14 {main}

******************************PROVIDER ES Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider
**********************************VA A HACER AUTHENTICATE
************************AUTHENTICATIONEXCEPTION exception 'ErrorException' with message 'Warning: ldap_search(): Search: Operations error in /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Driver/LdapConnection.php line 27' in /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php:67

Stack trace:
#0 [internal function]: Symfony\Component\HttpKernel\Debug\ErrorHandler->handle(2, 'ldap_search(): ...', '/...', 27, Array)
#1 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Driver/LdapConnection.php(27): ldap_search(Resource id #991, 'ou=XXX...', '(&(mailnickname...', Array)
#2 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Ldap/LdapManager.php(44): FR3D\LdapBundle\Driver\LdapConnection->search('ou=XXX...', '(&(mailnickname...', Array)
#3 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Ldap/LdapManager.php(35): FR3D\LdapBundle\Ldap\LdapManager->findUserBy(Array)
#4 /.../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/User/LdapUserProvider.php(31): FR3D\LdapBundle\Ldap\LdapManager->findUserByUsername('YYY')
#5 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/ChainUserProvider.php(41): FR3D\LdapBundle\Security\User\LdapUserProvider->loadUserByUsername('YYY')
#6 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php(83): Symfony\Component\Security\Core\User\ChainUserProvider->loadUserByUsername('YYY')
#7 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php(67): Symfony\Component\Security\Core\Authentication\Provider\DaoAuthenticationProvider->retrieveUser('YYY', Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#8 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/AuthenticationProviderManager.php(64): Symfony\Component\Security\Core\Authentication\Provider\UserAuthenticationProvider->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#9 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php(79): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate(Object(Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken))
#10 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php(139): Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener->attemptAuthentication(Object(Symfony\Component\HttpFoundation\Request))
#11 /.../vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall.php(64): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->handle(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#12 [internal function]: Symfony\Component\Security\Http\Firewall->onKernelRequest(Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#13 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Debug/TraceableEventDispatcher.php(82): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#14 /.../vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(49): Symfony\Bundle\FrameworkBundle\Debug\TraceableEventDispatcher->doDispatch(Array, 'kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#15 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/ContainerAwareEventDispatcher.php(145): Symfony\Component\EventDispatcher\EventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#16 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(98): Symfony\Bundle\FrameworkBundle\ContainerAwareEventDispatcher->dispatch('kernel.request', Object(Symfony\Component\HttpKernel\Event\GetResponseEvent))
#17 /.../vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php(71): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1)
#18 /.../vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/HttpKernel.php(47): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#19 /.../app/bootstrap.php.cache(554): Symfony\Bundle\FrameworkBundle\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true)
#20 /.../web/app_dev.php(17): Symfony\Component\HttpKernel\Kernel->handle(Object(Symfony\Component\HttpFoundation\Request))
#21 {main}

So, the problem is in the numbers 5 and 6 of the last trace: DAO is calling at loadUserByUsername, this method try to do a ldap_search, but since the last ldap_bind was wrong, this function fail.

I solve the problem modifying the checkAuthentication function in LdapAuthenticationProvider.php, binding one more time the user of the config.yml to prevent this problem, but I don't know if this is the correct solution.

My config.yml is:

fos_user:

    db_driver: mongodb
    firewall_name: main
    user_class: XXX\Bundle\Bridge\UserBundle\Document\UsuarioMongo
    from_email:
        address: [email protected]
        sender_name: Acme
    encoder:
        algorithm: sha512
        encode_as_base64: false
        iterations: 10
    template:
        engine: twig

fr3d_ldap:
    client:
        host:         X.X.X.X
        port:         3268    
        version:        3    
        username:     ADMIN    
        password:     ADMIN    
        optReferrals: 0  # Optional
    user:
        baseDn: XXX
        filter: 
        attributes:          # Specify ldap attributes mapping [ldap attribute, user object method]
           - { ldap_attr: mailnickname,  user_method: setUsername } # Default

And my security.yml is:

security:

encoders:
    FOS\UserBundle\Model\UserInterface: sha512

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    chain_provider:
         providers: [fr3d_ldapbundle, fos_userbundle]        

    fos_userbundle:
        id: fos_user.user_manager

    fr3d_ldapbundle:
         id: fr3d_ldap.security.user.provider

firewalls:
    main:
      pattern:    ^/
      fr3d_ldap:  ~
      form_login:
          provider: chain_provider
          always_use_default_target_path: true
          default_target_path: /profile
          login_path:     /login
          check_path:     /login_check
      remember_me:
          key:      aSecretKey
          lifetime: 360000
          path:     /
          domain:   ~ # Defaults to the current domain from $_SERVER
          httponly: false
          secure:   false
          always_remember_me: true
      logout:     true
      anonymous:  true

factories:
  - "%kernel.root_dir%/../vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Resources/config/security_factories.xml"

access_control:
    - { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }

Thanks in advance.

Change with Symfony 2.2

With Symfony 2.2, the AuthenticationServiceException changes, we can't pass 4 parameters, but the only classic 3.
We must to pass the token manually :

Before in fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php, line 61 :
throw new AuthenticationServiceException($repositoryProblem->getMessage(), $token, 0, $repositoryProblem);
Now, with Symfony 2.2 :

$e = new AuthenticationServiceException($repositoryProblem->getMessage(), 0, $repositoryProblem);
$e->setToken($token);
throw $e;

Add support for unauthorized anonymous authentication

Hi all,

On a previous project, I needed to authenticate users through AD. But the server did not accept anonymous authentication and I could not let an user account in the configuration file. To solve this issue, I have changed the authentication logic.

New authentication logic:
1- Directly, checking user authentication with the bind method
2- if ok, retrieving and hydrating the user object
2bis- if nok, return false without any data searched

Would it be better to switch the retrieving phase and the checking authentication phase?

Symfony 2.2.11 - PHP extension is missing from your system

Hi, I´m trying to install the bundle with the following requirement in composer.json:

"require": {
    "php": ">=5.3.3",
    "symfony/symfony": "2.2.*",
    "doctrine/orm": "~2.2,>=2.2.3",
    "doctrine/doctrine-bundle": "1.2.*",
    "twig/extensions": "1.0.*",
    "symfony/assetic-bundle": "2.1.*",
    "symfony/swiftmailer-bundle": "2.2.*",
    "symfony/monolog-bundle": "2.2.*",
    "sensio/distribution-bundle": "2.2.*",
    "sensio/framework-extra-bundle": "2.2.*",
    "sensio/generator-bundle": "2.2.*",
    "jms/security-extra-bundle": "1.4.*",
    "jms/di-extra-bundle": "1.3.*",
    "friendsofsymfony/user-bundle": "*",
    "fr3d/ldap-bundle": "2.0.*.dev"

And I obtain this error:

Problem 1
-Installation request for fr3d/ldap-bundle 2.0.*.dev -> satisfiable by fr3d/ldap-bundle[2.0.x-dev].

fr3d/ldap-bundle 2.0.x-dev requires ext-ldap * -> the requested PHP extension ldap is missing from your system

I checked if the ext-ldap is configured correctly in php.ini and it´s ok:

extension=php_bz2.dll
extension=php_curl.dll
extension=php_mbstring.dll
extension=php_exif.dll
;extension=php_fileinfo.dll
extension=php_gd2.dll
extension=php_gettext.dll
;extension=php_gmp.dll
;extension=php_intl.dll
;extension=php_imap.dll
;extension=php_interbase.dll
;extension=php_ldap.dll
;extension=php_mssql.dll
;extension=php_mbstring.dll
;extension=php_exif.dll ; Must be after mbstring as it depends on it
extension=php_mysql.dll
extension=php_mysqli.dll
;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client
;extension=php_oci8_11g.dll ; Use with Oracle 11gR2 Instant Client

Support for latest Symfony version

Hi,

I see FR3DLdapBundle supports Symfony 2.0.*, I use the latest version (2.3.7) but I see I can't use FR3DLdapBundle. Can you please upgrade it to support the current Symfony version?

Thanks a lot for your great work ;)

iSam

Update user on every login?

Hi,

I use a LDAP directory as a central login system.
Your bundle seems to be the only one that could help me authenticate my users with LDAP, so I gave it a try.

It works pretty well, but, sadly, my users aren't updated every time the login.

It seems to me like my users are first loaded from LDAP, then saved in local database (without the password). Then, on second login, LDAP is still used, but only to retrieve the user's username, then FOSUserBundle takes over, and logs the user.

My problem is, for example, if I update a field on my LDAP server, I would like that field to be updated on the application, but that doesn't seems to be the case.

Is this the expected behaviour?

I tried something like that, but that doesn't work either:

$service = $this->get('fr3d_ldap.security.user.provider');
$em = $this->getDoctrine()->getManager();
$em->persist($service->refreshUser($this->getUser()));
$em->flush();

(Doctrine recognizes this as a new user and tries to INSERT it (throwing an Integrity constraint violation) instead of UPDATE-ing the user)

Couldn't find a "updateEverytime" on fr3d_ldap.user.attributes in config either

Configuration exception

Hi,
I have installed the bundle with the following requirement in composer.json:

"fr3d/ldap-bundle": "2.0.*.dev"

and I obtain this error:

InvalidConfigurationException: Invalid configuration for path "fr3d_ldap": Notice: Undefined index: driver in /var/www/symfony/vendor/fr3d/ldap-bundle/FR3D/LdapBundle/DependencyInjection/Configuration.php line 71

My other dependencies are:

"require": {
"php": ">=5.3.3",
"symfony/symfony": "2.3.",
"doctrine/orm": ">=2.2.3,<2.4-dev",
"doctrine/doctrine-bundle": "1.2.",
"twig/extensions": "1.",
"symfony/assetic-bundle": "2.3.",
"symfony/swiftmailer-bundle": "2.3.",
"symfony/monolog-bundle": "2.3.",
"sensio/distribution-bundle": "2.3.",
"sensio/framework-extra-bundle": "2.3.",
"sensio/generator-bundle": "2.3.",
"incenteev/composer-parameter-handler": "~2.0",
"doctrine/mongodb-odm-bundle": "dev-master",
"twitter/bootstrap": "2.3.",
"jquery/jquery": "1.9.",
"whiteoctober/breadcrumbs-bundle": "dev-master",
"genemu/form-bundle": "2.2.",
"winzou/cache-bundle": "dev-master",
"friendsofsymfony/user-bundle": "dev-master",
"igorw/file-serve-bundle": "1.0.@dev",
"fr3d/ldap-bundle": "2.0..dev"
},

MAIL SYMFONY

Bonjour a tous
Mon application symfony2 est sur debian
Mes utilisateurs s'y Logge a travers AD server 2003

Voila mon problème :
Dans l'application quand l'utilisateur valide un formulaire, je veux qu'un mail lui soit automatiquement envoyé par l'application.

Quelqu'un peut m'aider sur ce cas

Merci à vous!

Symfony 2.2 and Branch 2.0 User DN must be persisted

The following happens on SF 2.2, Branch 2.0 and PostgreSQL:

First time user logs in, all is fine, he is authenticated with LDAP and he added to the DB.
Second time, login fails. The problem is in fr3d/ldap-bundle/FR3D/LdapBundle/Driver/ZendLdapDriver.php

public function bind(UserInterface $user, $password)
{
    if ($user instanceof LdapUserInterface && $user->getDn()) {
        $bind_rdn = $user->getDn();
    } else {
        $bind_rdn = $user->getUsername();
    }

During first login,

if ($user instanceof LdapUserInterface && $user->getDn()) {

is true. During second login it is not true (getDn() is blank)

The problem can be solved by changing the user class from

/**
 * Ldap Object Distinguished Name
 * @var string $dn
 */
private $dn;

/**
 * Ldap Object Distinguished Name
 * @ORM\Column(type="string", length=128)
 * @var string $dn
 */
private $dn;

This wasn't the case before, but if this is now the case, the documentation needs to be updated to reflect the fact that the DN must be persisted...

Thanks

LdapManager private methods / properties makes it difficult to extend

I'm writing a findUsersby() (plural) method and wanted to extend the LdapManager class, but all the private properties and the private buildFilter() method makes it basically impossible to extend. Is there a reason these are private?

Add possibility for many LDAP domains

I am in a situation where I need to authenticate with many LDAP servers and be able to choose at least ONE of them.

Using your work I managed to extend and inject the different servers. I will gladly share, I have a blog post incubating about it.

But my question remains. I need to be able for the user to choose the LDAP server that they know to use.

More details:

Implementing FOSUserBundle
chain_provider list with a collection of providers from the bundle extending FR3DLdapBundle (fos_userbundle being first)
```
providers:
    chain_provider:
        providers: [ fos_userbundle, client_domain1, client_domain2, client_domain3 ]
```

Do you have any hints about how to do this?

My feature implementation work, but I know my client will ask that the domain selection to /actually work/.

Note:

I looked at overriding Security controller thing, and find it not clean.
I created a InteractiveLoginEvent listener and tried with OpenSkyRuntimeConfigBundle, but not sure how clean it is... and where to give that parameter bag.

So, I ended up using the advantage of the chain provider... I am missing something. and I'd like some pointers.

Thanks :)

Manageing User

Hi,
I think there should be a possibebility to manage the users in the ldap server. If a user in FosUserBundle is created, deleted or modified, something should reflect that in the ldap server.

I don't know how to do that exactly. Maybe one could write a new UserManager the extends the FosUserManager and forwards the method calls to the FosUserManager but additionally calls a ldapUserManager to update the data in the ldap server.

another possebility could be, to let the FosUsermanager throw events on UserChange, UserCreate, UserDelete and a ldapUsermanager could listen for that and update the ldap data.

Username is empty

Hello,

Thank you for your help here. I followed the instruction and installed this bundle, but I always got a exception that shows username is null. Do you have any idea about this error ?

NotNullConstraintViolationException: An exception occurred while executing 'INSERT INTO sfcompliance.user (username, username_canonical, email, email_canonical, enabled, salt, password, last_login, locked, expired, expires_at, confirmation_token, password_requested_at, roles, credentials_expired, credentials_expire_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' with params [null, null, null, null, 1, "dp0nfvfj92osc4cg8gs4g4sww0wsccw", "", "2015-01-07 21:23:34", 0, 0, null, null, null, "a:0:{}", 0, null]:

In the log, I found that

[2015-01-07 21:23:33] ldap_driver.DEBUG: ldap_search(dc=domain,dc=com, (&(sAMAccountName=shakastar)), sAMAccountName) [] []
[2015-01-07 21:23:33] security.INFO: User shakastar found on ldap [] []
[2015-01-07 21:23:33] ldap_driver.DEBUG: ldap_bind(cn=shakastar,ou=Users, ****) [] []
[2015-01-07 21:23:34] security.INFO: User "" has been authenticated successfully [] []

the username lost at this line (line 73). Do I get something wrong in the configuration ?

namespace Symfony\Component\Security\Core\Authentication;
......
class AuthenticationProviderManager implements AuthenticationManagerInterface
......
$result = $provider->authenticate($token);

There is security.yml

security:
    encoders:
        System\SecurityBundle\Entity\User: plaintext
    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        fr3d_ldapbundle:
            id: fr3d_ldap.security.user.provider

    firewalls:
        login_firewall:
           pattern:  ^/login$
           security: false

        secured_area:
            pattern:    ^/
            form_login:
                check_path: login_check
                login_path: login
                default_target_path: system_cover
            logout:
                path:   logout
                target: login
            fr3d_ldap: ~

    access_control:
        - { path: ^/login&, roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/, roles: ROLE_USER }

And there is config.yml

fr3d_ldap:
    driver:
        host: ldap.foo.com
        port: 10077 
        username: CN=ACC,dc=domain,dc=com
        password: PINNUM
    user:
        baseDn: dc=domain,dc=com 
        attributes: # Specify ldap attributes mapping [ldap attribute, user object method]
            - { ldap_attr: sAMAccountName, user_method: setUsername } # Default

Thank you for the advice !

Not using security_factories.xml included with FR3D Ldap

I'm implementing this bundle with Symfony2.0.x. I have included the factories definition in my security.yml and verified that the path is correct.

    factories:
        - "%kernel.root_dir%/../vendor/bundles/FR3D/LdapBundle/Resources/config/security_factories.xml"

However, it seems the core UserAuthenticationProvider is being used instead, and not checking the password against LDAP.

LdapManager hydrate()

hydrate() method calls two methods, setPassword and setEnabled, they are depending of the user entity implementation .

As workaround Hydrate() method could be customized as explained in the Cookbook

phpunit: module php-ldap isn't install

Hi,

When I use this bundle, in the browser everything goes fine. Except when I use it with PHPunit I am getting this error message: module php-ldap isn't install

If I remove the throw exception from FR3DLdapBundle.php then all my tests are fine. The strange thing is that when I create a file with:

 <?php
 var_dump(function_exists('ldap_connect'));
 ?>

And run it on the same server with PHP cli it returns a boolean true.

Where can I start investigating this problem?

Unrecognized options "factories" under "security"

Hello,

In the doc, You ask to write factories configuration in security.yml

# app/config/security.yml
  factories:
    - "%kernel.root_dir%/../vendor/bundles/FR3D/LdapBundle/Resources/config/security_factories.xml"

But this config is remove since 2.1, Is something else is required ?
could you update the doc ?

thx

Set the default branch to 2.0.x

Please set the default branch for this repository to 2.0.x . I think that is branch most people want to see when they land on your bundle's homepage.

bindRequiresDn true - namespace problem

Hi, when i switch bindRequiresDn on "true" in my config and try authorize new ldap user i get error in login_check:
Fatal error: Class 'FR3D\LdapBundle\Security\Authentication\Kernel' not found in /var/www/symfony/vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php on line 61

"symfony/symfony": "2.1.*",
"fr3d/ldap-bundle": "2.0.*@dev"

Wrong parameters for Exception on LdapAuthenticationProvider

I forgot to update my schema and got this error in Apache log:

PHP Fatal error: Wrong parameters for Exception([string $exception [, long $code [, Exception $previous = NULL]]]) in /var/www/project/vendor/fr3d/ldap-bundle/FR3D/LdapBundle/Security/Authentication/LdapAuthenticationProvider.php on line 61

Obviously users normally wouldn't run into this.

Thanks
Mogoman

ldap groups config example

There seems to be support to get the roles/groups from an AD. Could someone give a config.yml example?

Thanx!

User attributes not working

My authentication is working, but the user attributes are not populating. Wireshark only shows a bind, nothing else.

What am I missing?

    attributes:          # Specify ldap attributes mapping [ldap attribute, user object method]
       - { ldap_attr: uid,  user_method: setUsername } # Default
       - { ldap_attr: cn,   user_method: setName }     # Optional
       - { ldap_attr: mail, user_method: setEmail }

Help

Ive this message when i implement FR3D LDAP BUNDLE


Fatal error: Maximum function nesting level of '100' reached, aborting! in /home/public/Gest/vendor/symfony/src/Symfony/Bundle/TwigBundle/Loader/FilesystemLoader.php on line 98 Call Stack: 0.0880 326096 1. {main}() /home/public/Gest/web/app_dev.php:0 0.7464 1138092 2. Symfony\Component\HttpKernel\Kernel->handle() /home/public/Gest/web/app_dev.php:27 5.1900 15817640 3. Symfony\Bundle\FrameworkBundle\HttpKernel->handle() /home/public/Gest/app/bootstrap.php.cache:547 5.1901 15818548 4. Symfony\Component\HttpKernel\HttpKernel->handle() /home/public/Gest/app/cache/dev/classes.php:4879 5.1901 15818548 5. Symfony\Component\HttpKernel\HttpKernel->handleRaw() /home/public/Gest/app/cache/dev/classes.php:3875 5.6686 16533400 6. call_user_func_array() /home/public/Gest/app/cache/dev/classes.php:3905 5.6686 16533592 7. FOS\UserBundle\Controller\SecurityController->loginAction() /home/public/Gest/app/cache/dev/classes.php:0 5.7266 16908292 8. Symfony\Bundle\TwigBundle\TwigEngine->renderResponse() /home/public/Gest/vendor/bundles/FOS/UserBundle/Controller/SecurityController.php:49 5.7343 16911248 9. Symfony\Bundle\TwigBundle\TwigEngine->render() /home/public/Gest/vendor/symfony/src/Symfony/Bundle/TwigBundle/TwigEngine.php:113 5.7343 16911248 10. Symfony\Bundle\TwigBundle\TwigEngine->load() /home/public/Gest/vendor/symfony/src/Symfony/Bundle/TwigBundle/TwigEngine.php:59 5.7343 16911248 11. Twig_Environment->loadTemplate() /home/public/Gest/vendor/symfony/src/Symfony/Bundle/TwigBundle/TwigEngine.php:134 5.7461 16941108 12. __TwigTemplate_235e361014557a7275fb596721d1a3e9->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7461 16941536 13. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/23/5e/361014557a7275fb596721d1a3e9.php:10 5.7476 16957088 14. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7476 16957520 15. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7479 16959844 16. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7479 16960276 17. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7479 16960948 18. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7479 16961380 19. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7479 16962052 20. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7480 16962484 21. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7480 16963156 22. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7480 16963592 23. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7480 16964264 24. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7480 16964696 25. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7480 16965368 26. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7480 16965800 27. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7481 16966472 28. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7481 16966904 29. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7481 16967576 30. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7481 16968008 31. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7481 16968680 32. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7481 16969112 33. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7481 16969784 34. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7482 16970216 35. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7482 16970888 36. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7482 16971320 37. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7483 16971992 38. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7483 16972424 39. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7483 16973096 40. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7483 16973528 41. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7483 16974200 42. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7483 16974632 43. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7483 16975304 44. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7484 16975736 45. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7484 16976408 46. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7484 16976840 47. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7484 16977512 48. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7484 16977944 49. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7484 16978616 50. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7484 16979048 51. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7485 16979720 52. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7485 16980152 53. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7485 16980824 54. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7485 16981256 55. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7485 16981928 56. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7486 16982360 57. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7486 16983032 58. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7486 16983464 59. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7486 16984136 60. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7486 16984568 61. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7486 16985240 62. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7486 16985672 63. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7487 16986344 64. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7487 16986776 65. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7487 16987448 66. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7488 16987880 67. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7488 16988552 68. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7488 16988984 69. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7489 16989656 70. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7489 16990088 71. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7490 16990760 72. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7490 16991192 73. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7491 16991864 74. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7491 16992296 75. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7491 16992968 76. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7492 16993400 77. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7493 16994072 78. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7493 16994504 79. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7493 16995176 80. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7494 16995608 81. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7494 16996280 82. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7494 16996712 83. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7494 16997384 84. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7495 16997816 85. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7495 16998488 86. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7495 16998920 87. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7495 16999592 88. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7495 17000024 89. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7496 17000696 90. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7496 17001128 91. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7496 17001800 92. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7497 17002232 93. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7497 17002904 94. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7497 17003336 95. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7498 17004008 96. __TwigTemplate_b5c26313d83d885f2beba583c14ffa5b->__construct() /home/public/Gest/app/cache/dev/classes.php:6015 5.7498 17004440 97. Twig_Environment->loadTemplate() /home/public/Gest/app/cache/dev/twig/b5/c2/6313d83d885f2beba583c14ffa5b.php:10 5.7498 17004440 98. Twig_Environment->getTemplateClass() /home/public/Gest/app/cache/dev/classes.php:5998 5.7498 17004440 99. Twig_Loader_Filesystem->getCacheKey() /home/public/Gest/app/cache/dev/classes.php:5956

No chaining provider and no persisted entities - auth workflow locks LDAP account

Hello there,

First, sorry of my writing, I'll do my best.
I created an application which uses FR3DLdapBundle for authentication. The initial need it's to NOT persist the user in DB and reload him directly from LDAP database on each request (that's the bundle does). The goal it's to not duplicate the LDAP DB in a web app.
In that way, the documentation told me that you can disable the chaining provider with FOS to avoid persistance, so I did. I just override the LdapManager for return a personnal instance of User when the method createUser is called by the LdapManager.

namespace NameSpace\SecurityBundle\Security\User;
use FR3D\LdapBundle\Model\UserManagerInterface;
use NameSpace\SecurityBundle\Entity\User;

class UserManager implements UserManagerInterface {
    public function createUser() {
        return new User();
    }
}

Next, my issue. In the process of authentication (tell me if I get wrong), the user is searched in LDAP as : $user = $this->userProvider->loadUserByUsername($username); in LDAPAuthenticationProvider. The first time, no session token exists, then the User is created, hydrated and binded to LDAP to determine if ID are corrects.

if (!$this->ldapManager->bind($user, $presentedPassword)) {
     throw new BadCredentialsException('The presented password is invalid.');
}

It's ok for me. But when Symfony redirects, for instance, to home page after successfully authentication, the User is re-searched in LDAP, the token is re-created from UserAuthenticationProvider in method authenticate but while my entity is not persited, the password do not exist any longer and bind method will failed. In result, the account is locked in my LDAP DB, not good ! The method checkAuthtication there, $currentUser->getPassword() is null (I tried $token->getCredentials() as mentionned in other issue).

protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
{
        $currentUser = $token->getUser();
        if ($currentUser instanceof UserInterface) {
            if (!$this->ldapManager->bind($currentUser, $currentUser->getPassword())) {
                throw new BadCredentialsException('The credentials were changed from another session.');
            }
        } else { ... }
}

So what am I missing ?
Is there a way to keep credentials in session to revalid bind when User naviguate ? It seems, the bundle doest not cover this case ?

I tried many (many !) debug with var_dump in Symfony components, bundle to analyse the behavior. I could precise any point if needed (but not the solution : ))

Require LDAP check everytime the user login into the system

Hello guys,

First thanks for all the work you have made with this bundle, it is saving me a lot of work and your effort is awesome.

I have several symfony2 applications working with the ldap integration and I find a serious problem. If I remove an user from the LDAP database the user can still access without problems to all the symfony2 applications because the user has been created in the fos_user system, and it is neccesary remove it manually from all the applications.

Is there a way to require a ldap check everytime the user is trying to login in the application? maybe implement some config options to let the developer decide if the ldap check should be done in every login, or even in a "cookie/session" login if the user checked the remember me checkbox?

Thanks

Improve Documentation

Hi I started to use your Bundle a few Days ago and had alot of truble to make it work for my ldap server.
The Problem was a \ in the username. All users musst login with HOSTNAME\user. After alot of debuging i found the setting for accountCanonicalForm, accountDomainName and accountDomainNameShort.

It would be great if you could describe these settings in your documentation.

Here is my full config.yml ldap config (with changed ip and password):

fr3d_ldap:
    driver:
        host:         127.0.0.1
        port:         389
        username:     'HOSTNAME\backup'
        password:     passwd
        baseDn:       cn=Users,dc=hostname,dc=intern
        accountCanonicalForm: 3
        accountDomainName: HOSTNAME
        accountDomainNameShort: HOSTNAME
    user:
        baseDn: cn=Users,dc=hostname,dc=intern
        filter: (ObjectClass=person)
        attributes:
            - { ldap_attr: samaccountname,  user_method: setUsername }
            - { ldap_attr: mail,  user_method: setEmail }

FR3DLdapBundle and Symfony 2.1

i try to use FR3DLdapBundle in Symfony 2.1, but there is no documentation to install it.
please help

Add support for unauthorized anonymous authentication

I have the same problem, the server does not allow anonymous connections, you could help me with this problem

Notice: Array to string conversion in C:\xampp\htdocs\CG\vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Driver\LdapConnection.php line 26

HI i have this probleme when i essay to connet

Notice: Array to string conversion in C:\xampp\htdocs\CG\vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Driver\LdapConnection.php line 26

Provide full examples for config when integrated with FOS?

I'm trying to configure this with FOSUserBundle, and it would be helpful if you had complete examples for app/config/security.yml, config.yml and the User class as it would be with FR3D and FOS fully integrated... (especially in firewalls)

Multiple LDAP servers?

Hi!,

thanks for your great work!, I want to ask you if it's possible to configure multiple hosts with your bundle?

The problem is because In my job there's 3 LDAP servers with different IPs, each has a different set of users but the attributes, DN, and everything else, and when a user tries to log-in I would like try the credentials in all hosts in sequence until a match (or none) is found.

Is this possible to do with the current state of this bundle?

Impact attributes modifications in ORM

Hello,

I noticed that when a mapped attribute is modified in the directory, the modification is not impacted by the ORM in the database not in the application. I think it is because a new user object is created at each login and is only persisted at the first login.

I solved (in a lousy way) by patching LdapManager.php in the bundle (it calls a private method so that I could not redefine it in the derived service :

    /*********************************
    * LOUSY PATCH
     * 
     * The line 
     *           $user = $this->userManager->createUser();
     * is the only one from the original code
     *  
     ********************************** */
    global $kernel;
    $user = $kernel->getContainer()->get('doctrine.orm.entity_manager')->getRepository('ApplicationSonataUserBundle:User')
            ->findOneByUsername($criteria['samaccountname']);
    if ($user == null) {
        $user = $this->userManager->createUser();
    }
    /*****************************************
     *END

Invalid username or password (Symfony 2.4.2)

Hi,

Trying to implement FR3DLdapBundle with Symfony 2.4.2 and FOSUserBundle.

When loging in, system routes back to /login and just returns that username or password is invalid.

Same if I configure wrong ldap host server and wrong username and password to connect to ldap, so it doesn't seem to take into account ldap binding.

Is there any log file I can read to see what happens?

On FR3DLdapBundle 1.6

Thank you

Repeated logins inserting duplicate records

I'm running on Symfony 2.2 along with the 2.0.x branch of the FR3DLdapBundle. Upon first login, everything works fine. Repeated logins, however, attempt to insert duplicate user records. For some reason, the authentication mechanism is not properly detecting that the user row already exists in my user table and is subsequently attempting to insert a new record. I have not been successful at trying to override or fix this behavior. Any suggestions would be appreciated.

Missing LDAP attributes cause PHP warnings

PHP notices/warnings are caused when an attribute is requested that is does not exist.

PHP Notice:  Undefined index: my_special_ldap_attr in Ldap/LdapManager.php on line 95
PHP Warning:  array_key_exists() expects parameter 2 to be array, null given in Ldap/LdapManager.php on line 98

Could be solved by throwing an exception when this is the case, or by adding an isset check.

fr3d_ldap: ~ in firewall

I can't find anything related to what this does. I have been searching in the code etc. but I can't find what ever this does. I'm trying to build a bundle that I can just push into a set of projects I have that all use the same ldap configuration. Problem: I don't know what this does and I can't find anything about it.

Problem php composer.phar update with Symfony2.1 and Ldap-fr3d 1.6

I try to update to FR3DLdapBundle. I follow instructions in docs like that :
it's my composer.json

{
    "name": "symfony/framework-standard-edition",
    "description": "The \"Symfony Standard Edition\" distribution",
    "autoload": {
        "psr-0": { "": "src/" }
    },
    "require": {
        "php": ">=5.3.3",
        "symfony/symfony": "2.1.*",
        "doctrine/orm": ">=2.2.3,<2.4-dev",
        "doctrine/doctrine-bundle": "1.1.*",
        "twig/extensions": "1.0.*@dev",
        "symfony/assetic-bundle": "2.1.*",
        "symfony/swiftmailer-bundle": "2.1.*",
        "symfony/monolog-bundle": "2.1.*",
        "sensio/distribution-bundle": "2.1.*",
        "sensio/framework-extra-bundle": "2.1.*",
        "sensio/generator-bundle": "2.1.*",
        "jms/security-extra-bundle": "1.2.*",
        "jms/di-extra-bundle": "1.1.*",
        "kriswallsmith/assetic": "1.1.*@dev",
        "winzou/console-bundle": "dev-master",
        "twig/extensions": "dev-master",
        "psliwa/pdf-bundle": "dev-master",
        "symfony/class-loader": "2.1.*@dev",
        "doctrine/doctrine-fixtures-bundle": "dev-master",
    "doctrine/data-fixtures": "dev-master",
        "os/excel-bundle": "dev-master",
        "friendsofsymfony/user-bundle": "~2.0@dev",
        "liuggio/excelbundle": ">=1.0.4",
        "imag/ldap-bundle": "dev-master",
        "opensky/ldap-bundle": "dev-master",
        "fr3d/ldap-bundle": "1.6.*"            },
    "scripts": {
        "post-install-cmd": [
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installAssets",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installRequirementsFile"
        ],
        "post-update-cmd": [
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::buildBootstrap",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::clearCache",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installAssets",
            "Sensio\\Bundle\\DistributionBundle\\Composer\\ScriptHandler::installRequirementsFile"
        ]
    },"minimum-stability": "dev",
    "extra": {
        "symfony-app-dir": "app",
        "symfony-web-dir": "web"
    }
}

When i update with command : php composer.phar update
I've an exception error like Problem 1 : "fr3d/ldap-bundle": "1.6." requires ext-ldap : * ; ext-ldap is missing from your system.
I don't understand this error because i use wamp server and i untick commentary for php_ldap in php.ini.
Maybe i forget to add "ext-ldap": "" in composer.json ? But ext-ldap isn't a package, i think. How to use it please ?

R. Marecat

Help

Hi,

I want recup all users in active directory, I just manage to get back the users in an UO I use symfony version 2.16 and FR3DLDAP 1.6...

Thank you for helping me for this urgent request

Installation issue with symfony 2.4.2

composer require fr3d/ldap-bundle:*
/composer.json has been updated
oading composer repositories with package information
pdating dependencies (including require-dev)
our requirements could not be resolved to an installable set of packages.

Problem 1

Conclusion: don't install fr3d/ldap-bundle 1.6.0
Conclusion: remove symfony/http-foundation v2.4.2
Installation request for fr3d/ldap-bundle * -> satisfiable by fr3d/ldap-bundle[1.5.2, 1.6.0].
Conclusion: don't install symfony/http-foundation v2.4.2
fr3d/ldap-bundle 1.5.2 requires symfony/dependency-injection 2.0.* -> satisfiable by symfony/symfony[2.0.7, v2.0.10, v2.0.11, v2.0.12, v2.0.13, v2.0.14, v2.0.15, v2.0.16, v2.0.17, v2.0.18, v2.0.
9, v2.0.20, v2.0.21, v2.0.22, v2.0.23, v2.0.24, v2.0.25, v2.0.9], symfony/dependency-injection[2.0.4, 2.0.5, 2.0.6, 2.0.7, v2.0.10, v2.0.12, v2.0.13, v2.0.14, v2.0.15, v2.0.16, v2.0.19, v2.0.20, v2.0
21, v2.0.22, v2.0.23, v2.0.24, v2.0.25, v2.0.9].
Can only install one of: symfony/symfony[2.0.7, v2.4.2].
Can only install one of: symfony/symfony[v2.0.10, v2.4.2].
Can only install one of: symfony/symfony[v2.0.11, v2.4.2].
Can only install one of: symfony/symfony[v2.0.12, v2.4.2].
Can only install one of: symfony/symfony[v2.0.13, v2.4.2].
Can only install one of: symfony/symfony[v2.0.14, v2.4.2].
Can only install one of: symfony/symfony[v2.0.15, v2.4.2].
Can only install one of: symfony/symfony[v2.0.16, v2.4.2].
Can only install one of: symfony/symfony[v2.0.17, v2.4.2].
Can only install one of: symfony/symfony[v2.0.18, v2.4.2].
Can only install one of: symfony/symfony[v2.0.19, v2.4.2].
Can only install one of: symfony/symfony[v2.0.20, v2.4.2].
Can only install one of: symfony/symfony[v2.0.21, v2.4.2].
Can only install one of: symfony/symfony[v2.0.22, v2.4.2].
Can only install one of: symfony/symfony[v2.0.23, v2.4.2].
Can only install one of: symfony/symfony[v2.0.24, v2.4.2].
Can only install one of: symfony/symfony[v2.0.25, v2.4.2].
Can only install one of: symfony/symfony[v2.0.9, v2.4.2].
don't install symfony/dependency-injection 2.0.4|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection 2.0.5|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection 2.0.6|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection 2.0.7|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.10|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.12|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.13|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.14|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.15|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.16|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.19|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.20|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.21|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.22|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.23|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.24|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.25|don't install symfony/symfony v2.4.2
don't install symfony/dependency-injection v2.0.9|don't install symfony/symfony v2.4.2
Installation request for symfony/http-foundation == 2.4.2.0 -> satisfiable by symfony/http-foundation[v2.4.2], symfony/symfony[v2.4.2].

nstallation failed, reverting ./composer.json to its original content.

maks3w / fr3dldapbundle Goto Github PK

fr3dldapbundle's Introduction

FR3DLdapBundle

Documentation

Installation

License

Reporting an issue or a feature request

fr3dldapbundle's People

Contributors

Stargazers

Watchers

Forkers

fr3dldapbundle's Issues

The stack trace is:

Recommend Projects

Recommend Topics

Recommend Org