Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Username used for authentication instead of DN (in some cases) #127

Open
thomaskonrad opened this issue Aug 5, 2014 · 1 comment
Open

Username used for authentication instead of DN (in some cases) #127

thomaskonrad opened this issue Aug 5, 2014 · 1 comment

Comments

@thomaskonrad
Copy link

Hi,

I'm trying to use LdapBundle for authenticating against an Active Directory LDAP server. I have got it working when the user logs in the first time with the guide on how to do this in combination with FOSUserBundle.

A link in the main README.md to Resources/Docs/ldap_with_custom_user_manager.md would be great, by the way. I only found this by searching for my issue on Google.

Now when a new user logs in the first time, it works great, because $this->ldapManager->exists($username) is called, which searches for the user on the LDAP server and populates the $ldapUser member variable in LdapManagerUser, which, when the auth() method of the same class is called leads to the authentication of the user with their Dn:

public function auth()
    {
        if (strlen($this->password) === 0) {
            return false;
        }

        if (null === $this->ldapUser) {
            return ($this->bindByUsername() && $this->doPass());
        }

        return ($this->doPass() && $this->bindByDn()); // This is called in my case!
    }

Now when the user is already persisted and loaded from the database, that $this->ldapManager->exists($username) is not called, so the $ldapUser member is not populated in the LdapManagerUser class, and the user is authenticated with their user name.

public function auth()
    {
        if (strlen($this->password) === 0) {
            return false;
        }

        if (null === $this->ldapUser) {
            return ($this->bindByUsername() && $this->doPass()); // This is called in case the user already exists and is loaded from the database!
        }

        return ($this->doPass() && $this->bindByDn());
    }

This is a problem, as in my setup, the user needs to be authenticated by their Dn always (shouldn't the user always be authenticated by the same field?). What is that if condition good for?

Can anybody help me out? Is that an error in the docs, in the implementation, or in my way of thinking?

Thanks
Thomas
@BorisMorel
Copy link
Owner

You authenticate your users only from Ldap ? Your user's snapshot in the DB add some parameters but he is never used to auth ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BorisMorel @thomaskonrad