Download the PHP package jotaelesalinas/laravel-adminless-ldap-auth without Composer
On this page you can find all versions of the php package jotaelesalinas/laravel-adminless-ldap-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download jotaelesalinas/laravel-adminless-ldap-auth
More information about jotaelesalinas/laravel-adminless-ldap-auth
Files in jotaelesalinas/laravel-adminless-ldap-auth
Package laravel-adminless-ldap-auth
Short Description Authenticate users in Laravel against an adminless LDAP server
License MIT
Homepage https://github.com/jotaelesalinas/laravel-adminless-ldap-auth
Informations about the package laravel-adminless-ldap-auth
jotaelesalinas/laravel-adminless-ldap-auth
Authenticate users in Laravel against an adminless LDAP server
Important: The use case for this authentication package is very specific:
- This package does only one thing: validate users' credentials against an LDAP server.
- It is not possible to create/modify/delete users in the Laravel application.
- User management is done in the LDAP server.
Installation
You need an existing Laravel project. Inside its folder, type:
You might get an error saying that your requirements could not be resolved to an installable set of packages. This is usually caused by adldap2/adldap2 depending on different versions of some packages also required by Laravel. This problem is usually solved adding the option -W
(or --update-with-all-dependencies
), but be warned that this could cause issues.
Go on with the configuration. The package will not work if it is not properly configured.
Configuration
A note on the most important .env variables
-
LDAP_USER_SEARCH_ATTRIBUTE
: the name of the attribute in the LDAP server that uniquely identifies a user, e.g.uid
,mail
orsAMAccountName
. The value of this attribute is what the user will have to type as identifier in the login form (+ the password, of course). -
LDAP_USER_BIND_ATTRIBUTE
: the name of the attribute in the LDAP server that is used inside the distinguished name, e.g.uid
orcn
. The value will be read from the user attributes returned by the LDAP server. AUTH_USER_KEY_FIELD
: the name of the property that will uniquely identify the Auth user. By default, the name isusername
and the value is read from the LDAP user attributeLDAP_USER_SEARCH_ATTRIBUTE
.
See an explanation of how the library works for a better understanding of the rationale behind the different variables.
Add variables to .env
You will need the assistance of your LDAP administrator to get these options right.
These are just a few options, the ones needed to make this example work. There are many more in config/ldap.php
.
Also, add the name of the property that will uniquely identify your Auth user:
You can change the value of AUTH_USER_KEY_FIELD
to whatever you want, e.g. id
, email
or phonenumber
, but you don't really have to.
For Windows ActiveDirectory users
Based on some feedback, this configuration might work for you (I can't promise it will):
Testing with Apache Direcory
I have been able to test ActiveDirectory using the docker image dwimberger/ldap-ad-it
with an Apache Directory installation. Thanks to James Hamilton for this video.
I know it is not the same as Windows' RSAT ActiveDirectory, but it is what I have been able to test.
These are the .env
variables that I had to change to make it work:
Also, I had to modify the code to pre-connect to the LDAP server before attempting to search for a user. I think this was probably the real issue most people had when trying to use the library with AD.
Modify config/auth.php
Add a new LDAP provider using the newly installed adminless_ldap
driver:
You can delete the users
provider if you want. Or just comment it out.
Do not leave unused code hanging around.
Modify the web guard to use the new ldap
provider:
Delete the api
guard if you don't need it. Or at least comment it out.
Important! Create this new entry:
Publish the config files of Adldap and AdldapAuth
Configure the LDAP connection in config/ldap.php
Again, you will need the assistance of your LDAP administrator. See comments below.
Configure the LDAP authentication in config/ldap_auth.php
Tell the Adldap library how to search and bind users in your LDAP server.
Important! Do not forget to add the entry user_format
.
And tell the new auth provider which fields from the LDAP user entry you will want "imported" into your Auth user on every successful login.
Usage
That's it! Now you should be able to use Laravel's built-in authentication to perform all auth-related tasks, e.g. Auth::check()
, Auth::attempt()
, Auth::user()
, etc.
You can try with tinker:
If you get an error saying that writing to /path/to/folder/.config/psysh is not allowed, try adding this line to your .env
:
Run these instructions to test the applicacion in real time:
Remember that you have these users available in the public testing LDAP server:
einstein
, newton
and tesla
. The password is password
for all of them.
If you want to see which attributes are available for each user in the LDAP server, run this in Tinker:
Was this package useful? Give it a star. Did it save your day? Are you making money out of it? Consider sponsoring me!
Login UI (routes, controllers, views)
If you want to see how to build a login UI adapted to this specific adminless LDAP system, you can read the Login UI guide.
To do
- [ ] Tests -- WIP
- [ ] Instructions for ActiveDirectory -- help needed, I don't have access to any AD server
- [ ] Do we have to trigger events for login attempts, success, failure, logout, etc? Or are they triggered somewhere else?
- [x] Add instructions to build the login UI
- [x] Extend
LdapUser
onIlluminate\Auth\GenericUser
- [x] Upload to packagist
- [x] Set up the GitHub Hook for Packagist to automate new versions
Contributing
Please see CODE_OF_CONDUCT for details.
Security
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
Credits
- José Luis Salinas
- All Contributors
Sponsoring
Did this package save your day? Are you making $$$ out of it? Give back by sponsoring me!
License and disclaimer
The MIT License (MIT). Please see License File for more information.
The configuration shown in this document makes use of a publicly available testing LDAP server. The authors of this package are not linked in any way with it and are not responsible nor liable in any way for anything related to it.