Laravel 5 LDAP Authentication Laravel 5.2+
composer require santran/ldap-auth:dev-master
Modify your config/app.php
file and add the service provider to the providers array.
SanTran\LDAPAuth\LDAPAuthServiceProvider::class,
php artisan vendor:publish --tag="ldap_auth"
Now you're all set!
Setup LDAP Server config config/ldap_auth.php
.
return [
'suffix' => '@127.0.0.1',
/*
|--------------------------------------------------
| Domain Controllers
|--------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with a minimum of one).
|
*/
'domain_controller' => [
'127.0.0.1'
],
/*
|--------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd like
| to perform operations on. An example base DN would be DC=dns,DC=example,DC=local.
|
| If none defined, then it will try to find it automatically by querying your server.
| It's highly recommended to include it to limit queries executed per request.
|
*/
'base_dn' => 'DC=aitldap,DC=com',
/*
|--------------------------------------------------
| Group Distinguished Name
|--------------------------------------------------
|
| Permission login to this tool
|
*/
'group_dn' => 'CN=tms,OU=tools,DC=aitldap,DC=com',
/*
|--------------------------------------------------
| Search Filter
|--------------------------------------------------
|
| The filter option defines (you guessed it) on what filter to execute a query on.
| The default filter is "uid". For more information please check
| msdn.microsoft.com/En-US/library/aa746475.aspx
|
*/
'search_filter' => 'uid',
/*
|--------------------------------------------------
| Search Fields
|--------------------------------------------------
|
| The fields options defined what fields you want the be returned on a successful
| query result. Note: The distinguished name is always returned.
|
*/
'search_fields' => [
'cn',
'gidNumber',
'uid',
],
'read_user_record' => true,
'mapping_field' => "username",
/*
|--------------------------------------------------
| Backup Rebinding
|--------------------------------------------------
|
| This options indicates to use the host names sequentially. This package will try
| to connect to the first domain controller. If it's not reachable the next DC
| will be tried.
|
| If this option is set to false load balancing will be used instead for multiple DC.
|
*/
'backup_rebind' => true,
/*
|--------------------------------------------------
| SSL & TLS
|--------------------------------------------------
|
| One of these options are recommended if you have the ability to connect to your server
| securely. Ensure that only one option can be true. The other one must be false.
|
*/
'ssl' => false,
'tls' => false,
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your AD server, an administrator username and
| password is required to be able to query and run operations on
| your server(s). You can use any user account that has
| these permissions to prevent anonymous bindings.
|
*/
'admin_user' => 'Manager',
'admin_pass' => '12345678',
];
Update your config/auth.php
to use ldap as authentication and the LDAPUser Class.
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'ldap',
],
],
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\User::class,
],
'ldap' => [
'driver' => 'ldap',
'model' => \SanTran\LDAPAuth\LDAPUser::class,
],
]
If you have run php artisan vendor:publish --tag="ldap_auth"
you should see the
ldap_auth.php file in your config directory. Adjust the values as you need them.
if (auth()->attempt($request->only('username', 'password'))) {
//Passed
}
or
$user = Auth::guard()->getProvider()->retrieveByCredentials($request->only('username', 'password'));
if ($user && Auth::guard()
->getProvider()
->validateCredentials($user, $request->only('password')) && Auth::login($user)) {
//Passed
}
or
$ldap = config('ldap_auth');
$credentials = $request->only('username', 'password');
$auth = config('auth');
$model = $auth['providers']['ldap']['model'];
$connection = new \SanTran\LDAPAuth\LDAP($ldap);
$ldapp_auth = new \SanTran\LDAPAuth\LDAPAuthUserProvider($connection, $model);
$user_ldap = $ldapp_auth->retrieveByCredentials($credentials);
if ($ldapp_auth->validateCredentials($user_ldap, $credentials)) {
$user = User::where('username', '=', $credentials['username'])->first();
Auth::login($user, true);
//Passed
} else {
return redirect()->back()->withInput()->with('error', trans('message.failed'));
}