1. 首頁
  2. 問答
  3. Symfony的3.2 LDAP身份驗證問題

Symfony的3.2 LDAP身份驗證問題

2017-04-10 120 views
1

我試圖用Symfony的3.2認證通過LDAP(窗口活動目錄)用戶配置的服務和保障爲每documentsSymfony的3.2 LDAP身份驗證問題

但我得到的錯誤:

php.DEBUG: Warning: ldap_bind(): Unable to bind to server: Invalid credentials {"exception":"[object] (Symfony\Component\Debug\Exception\SilencedErrorContext: {\"severity\":2,\"file\":\"/var/www/html/workflow/vendor/symfony/symfony/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php\",\"line\":54})"} []

嘗試了諸如添加域{username} 或完全從ldap search softerra複製cn字符串等參數的更改。

security.yml

security: 
    providers: 
     my_ldap: 
      ldap: 
       service: ldap 
       base_dn: dc=example,dc=example 
       search_dn: "cn=user.name,DC=example,DC=example" 
       search_password: PassWord 
       default_roles: ROLE_ADMIN 
       uid_key: sAMAccountName 

firewalls: 
    dev: 
     pattern: ^/(_(profiler|wdt)|css|images|js)/ 
     security: false 

    main: 
     # an`enter code here`onymous: ~`enter code here` 
     http_basic_ldap: 
      service: ldap 
      dn_string: 'uid={username},dc=example,dc=example' 

access_control: 
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY } 
    - { path: ^/, roles: ROLE_ADMIN }

service.yml

services: 
     ldap: 
      class: Symfony\Component\Ldap\LdapClient 
      arguments: 
       - ip # host 
       - portenter code here   # port 
       - 3   # version 
       - false  # SSL 
       - false  # TLS

native php

<?php 
$name = '[email protected]'; 
$pass = 'password'; 
$adServer = 'ldap://xxx.xxx.xxx.xxx:1234/'; 

$basedn="OU=Users,OU=Office,OU=xxx,DC=xxx,DC=xxx" 
$filter="(&(!(ou=NoSync))(department=*)(sn=*))"; 

$attributes=array("displayname", "mail", "company", "department", "physicaldeliveryofficename", "memberOf","givenname","sn","manager", 
        "mobile", "ipphone", "telephoneNumber", "facsimiletelephonenumber", "streetaddress", "l", "st","userprincipalname", 
        "postalcode", "c", "title", "samaccountname", "useraccountcontrol"); 

$cnx = ldap_connect($adServer) or die("Could not connect to LDAP server."); 
ldap_bind($cnx, $name, $pass); 

ldap_set_option($cnx, LDAP_OPT_SIZELIMIT,10000); 
ldap_set_option($cnx, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Could not set ldap protocol");; 
ldap_set_option($cnx, LDAP_OPT_REFERRALS, 0) or die ("Could not set option referrals"); 
ldap_control_paged_result($cnx, 1000) or die ("Could not set option page limit"); 


$pageSize = 900; 
    $total=''; 
    $cookie = ''; 
    $arr_rec=[]; 
    $arr_rec_update=[]; 
    do { 
      $total = $pageSize + $total; 
      ldap_control_paged_result($cnx, $pageSize, true, $cookie); 

      $result = ldap_search($cnx,$basedn,$filter,$attributes); 
      $entries = ldap_get_entries($cnx, $result); 
?>

來源

2017-04-10 Elie Satouff

+0

由用戶我試圖他們進行身份驗證的方式如果我使用本地php ldap腳本,則可以成功通過身份驗證。 –

+0

你能告訴我們你正在使用本機php的php腳本嗎?這可能有助於發現配置問題。 – COil

+0

嗨,感謝您提供幫助 –

回答

1

月1日,宣佈LDAP服務,你也已過時,對於Symfony的3.2,你應該把它聲明使用ldap類:

app/config/services.yml

services: 
    ldap: 
     class: Symfony\Component\Ldap\Ldap 
     factory: [ 'Symfony\Component\Ldap\Ldap', 'create'] 
     arguments: 
      - ext_ldap 
      - host: ip 
      - port: 1234 
      - version: 3 
      - ssl: false 
      - tls: false

關於您所提供的PHP腳本,你的配置應該是這樣的:

app/config/security.yml

security: 
    providers: 
     my_ldap: 
      ldap: 
       service: ldap 
       base_dn: 'OU=Users,OU=Office,OU=xxx,DC=xxx,DC=xxx' 
       search_dn: '[email protected]' 
       search_password: 'password' 
       default_roles: 'ROLE_ADMIN' 

    firewalls: 
     main: 
      pattern: ^/ 
      anonymous: ~ 
      http_basic_ldap: 
       service: ldap 
       dn_string: '{username}' 
       #dn_string: 'domain\{username}' # or try including your domain prefix

來源

2017-04-10 15:10:10 COil

+1

非常感謝你「COIL」,你救了我的一天 –

+0

不客氣,我已經很努力地安靜了很久!很高興聽到它幫助你節省了一些。 ;) – COil

+0

的確,無論何時涉及到ldap和活動目錄,這都是一種掙扎。但很顯然你是一位專家。再次感謝。 –

相關問題

 相關問題