ccovey / ldap-auth Goto Github PK

In your readme you say that this package can be used with a model:

"You can still use a model with this implementation as well if you want. ldap-auth will take your fields from ldap and attach them to the model allowing you to access things such as roles / permissions from the model if the account is valid in Active Directory."

But would you perhaps be able to give a tutorial or instruction how to attach your Auth driver to a model? I'm having trouble trying to figure it out, thanks!!

This one had me puzzled for a couple of hours - everything seemed to be working fine, no errors were appearing but I kept getting bounced back to my login screen by the auth filter.

Turns out, the user name in LDAP (Active Directory) was in capitals, and the user name in my database table was lower case. As soon as I made them the same case, I could auth successfully.

Tested with both a SQLite and MySQL database, same result in both.

Great package so far, thanks!

But I have a problem. With the standard Auth Provider I can do something like tihs:

// app/models/User.php
public function exams()
{
    return $this->hasMany('Exam');
}

// app/routes.php
Route::get('/', function() {
    return Auth::user()->exams;
});

After I implemented your package I can't do that anymore:

ErrorException
Undefined index: exams
..vendor\ccovey\ldap-auth\src\Ccovey\LdapAuth\LdapUser.php

Am I doing something wrong or is that just not supported from your side?

I am using Sentry to manage permissions and it is my last stage in a multi stage auth. LDAP being my first.

What I needed to accomplish was to always check the AD groups and make sure they matched. I could not do this because if the user existed locally in the db, it would not return the ldap groups to compare.

I found I could bypass the returning of the user model on auth if i did not include the model in app/config/auth.php and then I could always check Active directory and compare groups.

It might be helpful to include this information in your documentation.

thanks,

Hi ccovey

Great job!

I need all groups of an user. But I don't get all groups. U use infoCollection() in your class, but this method ignores recursive_groups.

Do I have a chance to call adLDAPs groups() method myself?

Hi all, what the best way to retrieve the "department" attribute from each user?
I'm still trying to understand how to build queries in ldap.

In https://github.com/ccovey/ldap-auth/blob/master/src/Ccovey/LdapAuth/LdapAuthUserProvider.php#L77 you need to either call the exception with \ in the beginning, or add a use statement to the top.

Currently getting:

Class 'Ccovey\LdapAuth\InvalidArgumentException' not found

The installation section still instructs you to require an older version of ldap-auth, which requires a version of adldap/adldap which no longer exists.

When doing the update from Laravel 4.1.25 to 4.1.26 (2) new errors are generated:

1. Problem:

Symfony \ Component \ Debug \ Exception \ FatalErrorException
syntax error, unexpected 'extend' (T_STRING), expecting '{'

../vendor/ccovey/ldap-auth/src/Ccovey/LdapAuth/LdapUser.php

class LdapUser extend Model implements Auth\UserInterface 

replaced syntax to be:

class LdapUser extends Model implements Auth\UserInterface 

and now received a new error

2. Problem:

Class Ccovey\LdapAuth\LdapUser contains 3 abstract methods and must therefore be declared abstract or implement the remaining methods (Illuminate\Auth\UserInterface::getRememberToken, Illuminate\Auth\UserInterface::setRememberToken, Illuminate\Auth\UserInterface::getRememberTokenName) 

Any ideas on the fix of the new syntax?

Users get locked out in Active Directory after browsing protected routes.
The issue seems to be in this line: https://github.com/ccovey/ldap-auth/blob/master/src/Ccovey/LdapAuth/LdapAuthUserProvider.php#L49

In Laravel, retrieveById should not try to authenticate the user on every request after the user has been validated and granted access. It should make a query to check the user is still valid. Even if you decide to authenticate the user, you're only passing the username when $adldap->authenticate also expects a password. This is locking every account used to log into my app.

Hi,

this is very use full library. I can connect to AD, retrieve users information.
However I can't figure out what role and where the DB takes in this process?

I cannot authenticate user if there is one in my users table with the username I am trying to login e.g.

AD user
      'username' => 'somename'
      'displayname' => 'Some Name'
      'primarygroup' => 'Admins'
      'groups' => 
        array
          'IT' => 'IT'
          'Power Users' => 'Poer Users'
DB user
      'id' => 1 
      'username' => 'somename'
      'password_old' => 'i do not save passwords to DB '
Form fields
     'username' => 'somename'
     'password' => 'ad_password'

I assume that Auth is trying to authenticate to DB instead of AD. And I cannot follow the code to debug the steps of the library.

Thanks.

I have found a litte bug in the function getAuthIdentifier in the file LdapUser.php on Line 24

public function getAuthIdentifier()
{
   $username = (Config::has('auth.username_field')) ? Config::get('auth.username_field') : 'username';
    return $this->attributes[$username];
}

If you habe defined an 'fields' array (I did it in my Laravel 4 config/auth.php file), then you need to explicity set a field 'username' => 'samaccountname',. Otherwise the lookup will file and fire an Undefined index: username error.

The function mentioned above should be re-written to

public function getAuthIdentifier()
{
    //_'username'_ changed to _$this->attributes['username'] = 'username'_
    $username = (Config::has('auth.username_field')) ? Config::get('auth.username_field') : $this->attributes['username'] = 'username';
    return $this->attributes[$username];
}

With this litte modification, the authication works fine, even if no username field is defiend.

Got an error on fresh install today. on line 12 I changed extend to extends and viola!

I'm getting Call to undefined method Ccovey\LdapAuth\LdapAuthServiceProvider::attempt() and pretty much the same for any standard Auth:: method that I'm trying to use in my project. I've followed the readme when setting up the project, no errors are thrown as far as setup goes. Any help will be appreciated.

Hi
Pls close this issue if I'm asking something stupid, as I'm not sure if this is an issue or if I'm doing something wrong.

Just wanted to install the latest version. Therefore I've added "ccovey/ldap-auth": "dev-master", to the laravel main composer.json file. Unfortunately, it wasn't successful. Which is strange, because #16 should already have solved that problem.
Received the follwoing error message:

Problem 1
    - Installation request for ccovey/ldap-auth dev-master -> satisfiable by ccovey/ldap-auth[dev-master].
    - ccovey/ldap-auth dev-master requires adldap/adldap dev-master -> no matching package found.

So I have donwloaded and installed both of the packeges manualy. "ccovey/ldap-auth": "dev-master" and "adldap/adldap": "dev-master". This did work, expect one thing.
In the composer.json of this package there is an autoload section:

"autoload": {
        "classmap": [
            "src/migrations"
        ],
        "psr-0": {
            "Ccovey\\LdapAuth": "src/"
        }
    },

The stanard folders config / lang / migrations / views are missing in the current release. If I do add them manualy, everything is working as expected.

(Sorry for my bad English)

Getting this problem when the user exists in the user table.

here is the stack:

1. Illuminate\Database\Eloquent\MassAssignmentException
   …/­vendor/­laravel/­framework/­src/­Illuminate/­Database/­Eloquent/­Model.php344
2. Illuminate\Database\Eloquent\Model fill
   …/­vendor/­ccovey/­ldap-auth/­src/­Ccovey/­LdapAuth/­LdapAuthUserProvider.php213
3. Ccovey\LdapAuth\LdapAuthUserProvider addLdapToModel
   …/­vendor/­ccovey/­ldap-auth/­src/­Ccovey/­LdapAuth/­LdapAuthUserProvider.php121
4. Ccovey\LdapAuth\LdapAuthUserProvider retrieveByCredentials
   …/­vendor/­laravel/­framework/­src/­Illuminate/­Auth/­Guard.php337
5. Illuminate\Auth\Guard attempt
   <#unknown>0

In "LdapAuthUserProvider.php", method "validateCredentials()", the key "username" is used instead of the method "getUsernameField()":

public function validateCredentials(UserInterface $user, array $credentials)
{
    return $this->ad->authenticate($credentials['username'], $credentials['password']);
}

But the field name can be modify in config file via "username_field" if it is not "username" in the users table (it's my case). So, it would be better to do it like this:

return $this->ad->authenticate($credentials[$this->getUsernameField()], $credentials['password']);

Just a reminder about our conversation on irc. It appears this line: https://github.com/ccovey/ldap-auth/blob/master/src/Ccovey/LdapAuth/LdapAuthUserProvider.php#L155 merges the local model with the AD data with the local data taking priority. I (we) believe this is the wrong way around.

I've gone ahead and followed all install instructions on https://github.com/ccovey/ldap-auth to try and get LDAP authentication with Laravel 4.1.

adldap.php

return array(
'account_suffix' => "@xxxxxxx.xxx.xxx",
'domain_controllers' => array("dc01.xxxxxxx.xxx.xxx"),
'base_dn' => 'DC=xxxxxxxx,DC=xxx,DC=xxx',
);
Now if I leave the adldap.php file as is above and run the following route.php file

Route::get('/', function()
{
$credentials = array(
'username' => 'username',
'password' => 'password'
);

if($a = Auth::attempt($credentials))
{
return print_r(Auth::user(), true);
}
else
{
dd($a);
}
});
I get the following output

bool(false)
Which doesn't seem to make sense because I am using the correct username/password. I am also using the same configuration in regards to the domain and DCs when running ADSI from MSSQL so I know it works.

Now, if I change the adldap.php file to include a admin_username, admin_password I get the following error in my laravel.log

'Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: Can't contact LDAP server'
Any suggestions? Thanks in advance.

I've got an issue with my default route. Basically I'm checking Auth to see if a user is logged in or if they are a guest.

Route::get('/', 'LoginController@showLogin')->before('guest');

If the LDAP server is available, everything is peachy...however if it is down, I get adLDAP\adLDAPException "Bind to Active Directory failed. Check the login credentials and/or server details. AD said: Can't contact LDAP server", apparently before I ever get to my Login Controller (which has it's own error handling)

What's the best way to catch these errors?

We didn't have a username_field defined in app/config/auth.php and kept getting an error preventing the authentication from working, would it be beneficial to add a default username_field to LdapAuthUserProvider.php ?

Trying to composer update on a fresh install of Laravel 4.1 yields this missing dependency.

Added in composer.json:

"require": {
    "laravel/framework": "4.1.*",
    "ccovey/ldap-auth": "1.1.x"
},

Then running a composer update:

Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - ccovey/ldap-auth v1.1.1 requires adldap/adldap 4.x-dev -> no matching package found.

Weird because adldap is in Packagist: https://packagist.org/packages/adldap/adldap

But there doesn't seem to be a -dev tag on the github repo: https://github.com/ztec/adLDAP/tags

Anyone else having this issue?

I want to create a simple crud for users and store them in a database, but I have to ckeck if the user exist in a LDAP server before adding it to the table. So, in case the username doesn't exists or is wrong, I can show an error message.

Obviously, I just have the username of the person I want to add. In adLdap I used to use the function "info" for bring some basic information about a user (no password needed) and this way I know if the account exists or not.

How can I achieve this with this driver?

(I have installed the driver and works well, I have made a couple of tests with username/passwords that I know)

Is it possible to have the system authenticate users from multiple domains in the same forest ?

After some struggling, I finally got this package to work.... nice job, BTW :)

However, the only way I was able to get it to work was by specifying admin credentials (admin_username and admin_password) in config/adldap.php.

I'd rather not have admin credentials tied into the code. Anyone have any ideas as to why this is the case? If I remove the admin credentials, the login simply fails.

I cannot run (all) artisan commands with this module enabled. It results in an ErrorException regarding ldap_start_tls () because that only works when accessed via https/web.

Would it be possible to prevent loading/running this module when artisan is being used? It should be possible with App::runningInConsole() AFAIK.

Any suggestions on how to get the adldap dependency working? Having trouble installing via Composer. Using Laravel 4.2.x, ldap-auth 1.1.x

Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - ccovey/ldap-auth v1.1.1 requires adldap/adldap 4.x-dev -> no matching package found.
    - ccovey/ldap-auth v1.1.0 requires adldap/adldap 4.x-dev -> no matching package found.

Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - The requested package adldap/adldap could not be found in any version, there may be a typo in the package name.

Has anyone been able to install this? Composer cannot resolve the dependencies for me.

Using this module on 4.1.26 results in a fatal error:

Class Ccovey\LdapAuth\LdapAuthUserProvider contains 2 abstract methods and must therefore be declared abstract or implement the remaining methods (Illuminate\Auth\UserProviderInterface::retrieveByToken, Illuminate\Auth\UserProviderInterface::updateRememberToken)