Symfony2的FOSUSER與LDAP FR3DLdapBundle

Question

我試圖使用LDAP連接到我的權威性用戶，同時保持FOSUser來管理它們，我使用本教程完全相同http://blog.henriet.eu/authentification-ldap-avec-symfony-2.1-et-fosuserbundle.html

了當前配置

fr3d_ldap: 
    driver: 
     host:    dsti-dc1 
     port:    389 # Optional 
     #username:    # Optional 
     # password:    # Optional 
     bindRequiresDn:  true # Optional 
     baseDn: dc=cm-funchal, dc=pt 
#  accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username 
#  optReferrals:  false # Optional 
     useSsl:    false # Enable SSL negotiation. Optional 
#  useStartTls:   true # Enable TLS negotiation. Optional 
#  accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User 
#  accountDomainName: HOST 
#  accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User 
    user: 
     baseDn: dc=cm-funchal, dc=pt 
     filter: (&(objectClass=user)) 
     attributes: 
      - { ldap_attr: samaccountname, user_method: setUsername } # champ login 
     # - { ldap_attr: sn, user_method: setName } 
     # - { ldap_attr: preferredlanguage, user_method: setLanguage } 
     # - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser 

#   - { ldap_attr: ..., user_method: ... }   # Optional 
# service: 
#  user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator 
#  ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager 

當我嘗試登錄我總是得到「無效憑證」，但通過執行命令行

ldapsearch -H ldap://dsti-dc1:389 -x -b DC=cm-funchal,DC=pt -D test@cm-funchal.pt -w 'tetst「

我收到了大量數據的迴應。任何想法爲什麼捆綁不驗證憑據？ TY

編輯 我張貼我的完整配置

//security.yml 

security: 
    # Preserve plain text password in token for refresh the user. 
    # Analyze the security considerations before turn off this setting. 
    erase_credentials: false 


    providers: 
    chain_provider: 
     chain: 
     providers: [fos_userbundle, fr3d_ldapbundle] 
    fr3d_ldapbundle: 
     id: fr3d_ldap.security.user.provider 
    fos_userbundle: 
     id: fos_user.user_manager 

    firewalls: 
    main: 
     pattern: ^/ 
     fr3d_ldap: ~ 
     form_login: 
      provider: chain_provider 
      csrf_token_generator: security.csrf.token_manager 
      always_use_default_target_path: true 
      default_target_path:/
     logout:  true 
     anonymous: true 


    encoders: 
     LDAPCMF\AuthBundle\Entity\User: plaintext 

//CONFIG.yml

imports: 
    - { resource: parameters.yml } 
    - { resource: security.yml } 
    - { resource: services.yml } 

# Put parameters here that don't need to change on each machine where the app is deployed 
# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration 
parameters: 
    locale: en 

framework: 
    #esi:    ~ 
    #translator:  { fallbacks: ["%locale%"] } 
    secret:   "%secret%" 
    router: 
     resource: "%kernel.root_dir%/config/routing.yml" 
     strict_requirements: ~ 
    form:   ~ 
    csrf_protection: ~ 
    validation:  { enable_annotations: true } 
    #serializer:  { enable_annotations: true } 
    templating: 
     engines: ['twig'] 
    default_locale: "%locale%" 
    trusted_hosts: ~ 
    trusted_proxies: ~ 
    session: 
     # handler_id set to null will use default session handler from php.ini 
     handler_id: ~ 
    fragments:  ~ 
    http_method_override: true 

# Twig Configuration 
twig: 
    debug:   "%kernel.debug%" 
    strict_variables: "%kernel.debug%" 

# Doctrine Configuration 
doctrine: 
    dbal: 
     driver: pdo_mysql 
     host:  "%database_host%" 
     port:  "%database_port%" 
     dbname: "%database_name%" 
     user:  "%database_user%" 
     password: "%database_password%" 
     charset: UTF8 
     # if using pdo_sqlite as your database driver: 
     # 1. add the path in parameters.yml 
     #  e.g. database_path: "%kernel.root_dir%/data/data.db3" 
     # 2. Uncomment database_path in parameters.yml.dist 
     # 3. Uncomment next line: 
     #  path:  "%database_path%" 

    orm: 
     auto_generate_proxy_classes: "%kernel.debug%" 
     naming_strategy: doctrine.orm.naming_strategy.underscore 
     auto_mapping: true 

# Swiftmailer Configuration 
swiftmailer: 
    transport: "%mailer_transport%" 
    host:  "%mailer_host%" 
    username: "%mailer_user%" 
    password: "%mailer_password%" 
    spool:  { type: memory } 


fos_user: 
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel' 
    firewall_name: main 
    user_class: LDAPCMF\AuthBundle\Entity\User 

fr3d_ldap: 
    driver: 
     host:    dsti-dc1 
     port:    389 # Optional 
     username:   test@cm-funchal.pt 
     password:   test # Optional 
     bindRequiresDn:  true # Optional 
     baseDn: dc=cm-funchal, dc=pt 
#  accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username 
#  optReferrals:  false # Optional 
     useSsl:    false # Enable SSL negotiation. Optional 
#  useStartTls:   true # Enable TLS negotiation. Optional 
#  accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User 
#  accountDomainName: HOST 
#  accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User 
    user: 
     baseDn: dc=cm-funchal, dc=pt 
     filter: (&(objectClass=Person)) 
     attributes: 
      - { ldap_attr: samaccountname, user_method: setUsername } # champ login 
     # - { ldap_attr: sn, user_method: setName } 
     # - { ldap_attr: preferredlanguage, user_method: setLanguage } 
     # - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser 

#   - { ldap_attr: ..., user_method: ... }   # Optional 
# service: 
#  user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator 
#  ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager 

和我的用戶等級：

namespace LDAPCMF\AuthBundle\Entity; 


use Doctrine\ORM\Mapping as ORM; 
use FR3D\LdapBundle\Model\LdapUserInterface; 
use FOS\UserBundle\Model\User as BaseUser; 

/** 
* User 
* 
* @ORM\Table() 
* @ORM\Entity 
*/ 
class User extends BaseUser implements LdapUserInterface 
{ 

    /** 
    * @ORM\Id 
    * @ORM\Column(type="integer") 
    * @ORM\GeneratedValue(strategy="AUTO") 
    */ 
    protected $id; 

    /** 
    * @ORM\Column(type="string", nullable=true) 
    */ 
    protected $name; 

    /** 
    * Ldap Object Distinguished Name 
    * @ORM\Column(type="string", length=128) 
    * @var string $dn 
    */ 
    private $dn; 

    public function __construct() 
    { 
     parent::__construct(); 
     if (empty($this->roles)) { 
      $this->roles[] = 'ROLE_USER'; 
     } 
    } 

    public function setName($name) { 
     $this->name = $name; 
    } 

    /** 
    * {@inheritDoc} 
    */ 
    public function setDn($dn) 
    { 
     $this->dn = $dn; 
    } 

    /** 
    * {@inheritDoc} 
    */ 
    public function getDn() 
    { 
     return $this->dn; 
    } 

} 

我目前得到

個

Authentication request could not be processed due to a system problem. 

EDIT 2

接縫就像是一個服務器的問題？嘗試使用與http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/捆綁和工作完全正常，但是當我改變到我的服務器我得到錯誤。可能是與ldap配置的東西？

編輯3

得到了以下dev.log

[2016-03-23 13:05:30] request.INFO: Matched route "fos_user_security_check". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::checkAction","_route":"fos_user_security_check"},"request_uri":"http://localhost:8000/login_check"} [] 
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"function":"trigger_error"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/ChainUserProvider.php","line":49,"function":"loadUserByUsername","class":"FOS\\UserBundle\\Model\\UserManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php","line":55,"function":"loadUserByUsername","class":"Symfony\\Component\\Security\\Core\\User\\ChainUserProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php","line":70,"function":"retrieveUser","class":"FR3D\\LdapBundle\\Security\\Authentication\\LdapAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2667,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php","line":107,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php","line":146,"function":"attemptAuthentication","class":"Symfony\\Component\\Security\\Http\\Firewall\\UsernamePasswordFormAuthenticationListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2582,"function":"handle","class":"Symfony\\Component\\Security\\Http\\Firewall\\AbstractAuthenticationListener","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1853,"function":"call_user_func"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1771,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":132,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":120,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":62,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php","line":69,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":185,"function":"handle","class":"Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Resources/config/router_dev.php","line":40,"args":["/home/sergio/Desktop/RSU/web/app_dev.php"],"function":"require"}]} [] 
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["semivi@cm-funchal.pt"] [] 
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))(sAMAccountName=semivi@cm-funchal.pt)), sAMAccountName,cn,mail) [] [] 
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] [] 
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928} [] 
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["semivi@cm-funchal.pt"] [] 
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))(sAMAccountName=semivi@cm-funchal.pt)), sAMAccountName,cn,mail) [] [] 
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] [] 
[2016-03-23 13:05:30] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:94, FR3D\\LdapBundle\\Driver\\LdapDriverException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php:55)"} [] 
[2016-03-23 13:05:30] security.DEBUG: Authentication failure, redirect triggered. {"failure_path":"/login"} [] 
[2016-03-23 13:05:31] request.INFO: Matched route "fos_user_security_login". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::loginAction","_route":"fos_user_security_login"},"request_uri":"http://localhost:8000/login"} [] 
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] [] 
[2016-03-23 13:05:31] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"8a4680","_route":"_wdt"},"request_uri":"http://localhost:8000/_wdt/8a4680"} [] 
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] [] 

Answer 1

修正了問題，默認驅動程序文件確實CN = 「XXX」，我的環境CN AINT一樣samaaccount名。編輯驅動程序文件並用samaacount替換cn。

Answer 2

看來你的LDAP不允許匿名搜索，所以你必須填寫用戶名和密碼的配置集。

fr3d_ldap: 
    driver: 
     username: test@cm-funchal.pt 
     password: tetst