使用Laravel4进行LDAP身份验证

Question

请通过Laravel4帮助我进行LDAP身份验证。

我下面的配置总是返回false

我有我的auth.php这样的：

<?php 

return array(

/* 
|-------------------------------------------------------------------------- 
| Default Authentication Driver 
|-------------------------------------------------------------------------- 
| 
| This option controls the authentication driver that will be utilized. 
| This driver manages the retrieval and authentication of the users 
| attempting to get access to protected areas of your application. 
| 
| Supported: "database", "eloquent" 
| 
*/ 

//'driver' => 'eloquent', 
'driver' => 'ldap', 

/* 
|-------------------------------------------------------------------------- 
| Authentication Model 
|-------------------------------------------------------------------------- 
| 
| When using the "Eloquent" authentication driver, we need to know which 
| Eloquent model should be used to retrieve your users. Of course, it 
| is often just the "User" model but you may use whatever you like. 
| 
*/ 
'username_field' => 'username', 

'model' => 'User', 

/* 
|-------------------------------------------------------------------------- 
| Authentication Table 
|-------------------------------------------------------------------------- 
| 
| When using the "Database" authentication driver, we need to know which 
| table should be used to retrieve your users. We have chosen a basic 
| default value but you may easily change it to any table you like. 
| 
*/ 

'table' => 'users', 

/* 
|-------------------------------------------------------------------------- 
| Password Reminder Settings 
|-------------------------------------------------------------------------- 
| 
| Here you may set the settings for password reminders, including a view 
| that should be used as your password reminder e-mail. You will also 
| be able to set the name of the table that holds the reset tokens. 
| 
| The "expire" time is the number of minutes that the reminder should be 
| considered valid. This security feature keeps tokens short-lived so 
| they have less time to be guessed. You may change this as needed. 
| 
*/ 

'reminder' => array(

    'email' => 'emails.auth.reminder', 

    'table' => 'password_reminders', 

    'expire' => 60, 

), 

); 

和我应用程序/配置/ adldap.php这样的：

<?php 

return array(
    'account_suffix' => "@pusat.corp.pln.co.id", 
'domain_controllers' => array("dc01.pusat.corp.pln.co.id","pusat.corp.pln.co.id"), // An array of domains may be provided for load balancing. 

'base_dn' => 'DC=pusat','DC=corp','DC=pln','DC=co','DC=id', 


'real_primary_group' => true, // Returns the primary group (an educated guess). 

'use_ssl' => false, // If TLS is true this MUST be false. 

'use_tls' => false, // If SSL is true this MUST be false. 

    'recursive_groups' => true, 

); 

in routes.php

Route::post('login', function() { 
    $passhash = Input::get('password'); 
    $credentials = array(
     'username' => Input::get('username'), 
     'password' => Input::get('password') 
    ); 


    if ($a = Auth::attempt($credentials)) 
     return '<pre>' . print_r(Auth::user(), true); 
    else 
     dd($a); 
}); 

Answer 1

Laravel 4在内核中没有LDAP认证。所以这是一种快速和肮脏的方式将它添加到您的应用程序。它使用内部LDAP的PHP函数，所以你需要安装php5-ldap包：

配置为您的应用程序/ conf目录/ auth.php：

'ldap_tree' => 'OU=anything,DC=domain,DC=com', 
'ldap_server' => 'your.ldap.server.com', 

这是通过使用一个LDAP类你的控制器：

class LDAP { 

    public static function authenticate($username, $password) 
    { 
     if(empty($username) or empty($password)) 
     { 
      Log::error('Error binding to LDAP: username or password empty'); 
      return false; 
     } 

     $ldapRdn = static::getLdapRdn($username); 

     $ldapconn = ldap_connect(Config::get('auth.ldap_server')) or die("Could not connect to LDAP server."); 

     $result = false; 

     if ($ldapconn) 
     { 
      $ldapbind = @ldap_bind($ldapconn, $ldapRdn, $password); 

      if ($ldapbind) 
      { 
       $result = true; 
      } else { 
       Log::error('Error binding to LDAP server.'); 
      } 

      ldap_unbind($ldapconn); 

     } else { 
      Log::error('Error connecting to LDAP.'); 
     } 

     return $result; 

    } 

    public static function getLdapRdn($username) 
    { 
     return str_replace('[username]', $username, 'CN=[username],' . Config::get('auth.ldap_tree')); 
    } 

} 

而一个AuthController来处理您的应用程序的登录：

class AuthController extends Controller { 

    public function __construct(LDAP $ldap) 
    { 
     $this->ldap = $ldap; 
    } 

    public function login() 
    { 
     if ($this->ldap->authenticate(Input::get('email'), Input::get('password'))) 
     { 
      $user = User::where('email', Input::get('email'))->first(); 

      Auth::login($user); 

      return Redirect::to('home'); 
     } 

     return Redirect::refresh()->with('error', 'User and/or password are incorrect.'); 
    } 

    public function logout() 
    { 

     if (! Auth::guest()) 
     { 
      Auth::logout(); 

      return Redirect::to('message') 
        ->with('message', 'You just logged out.');     
     } 

     return Redirect::to('login'); 

    } 

} 

请注意，此控制器正在为LDAP类使用依赖注入，它将由Laravel自动注入。