php - 使用 Laravel4 进行 LDAP 身份验证

Question

请帮助我使用 Laravel4 进行 LDAP 身份验证。

我下面的配置总是返回false

我的 auth.php 是这样的:

<?php

return array(

/*
|--------------------------------------------------------------------------
| Default Authentication Driver
|--------------------------------------------------------------------------
|
| This option controls the authentication driver that will be utilized.
| This driver manages the retrieval and authentication of the users
| attempting to get access to protected areas of your application.
|
| Supported: "database", "eloquent"
|
*/

//'driver' => 'eloquent',
'driver' => 'ldap',

/*
|--------------------------------------------------------------------------
| Authentication Model
|--------------------------------------------------------------------------
|
| When using the "Eloquent" authentication driver, we need to know which
| Eloquent model should be used to retrieve your users. Of course, it
| is often just the "User" model but you may use whatever you like.
|
*/
'username_field' => 'username',

'model' => 'User',

/*
|--------------------------------------------------------------------------
| Authentication Table
|--------------------------------------------------------------------------
|
| When using the "Database" authentication driver, we need to know which
| table should be used to retrieve your users. We have chosen a basic
| default value but you may easily change it to any table you like.
|
*/

'table' => 'users',

/*
|--------------------------------------------------------------------------
| Password Reminder Settings
|--------------------------------------------------------------------------
|
| Here you may set the settings for password reminders, including a view
| that should be used as your password reminder e-mail. You will also
| be able to set the name of the table that holds the reset tokens.
|
| The "expire" time is the number of minutes that the reminder should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/

'reminder' => array(

    'email' => 'emails.auth.reminder',

    'table' => 'password_reminders',

    'expire' => 60,

),

);

和我的 app/config/adldap.php 是这样的:

<?php

return array(
    'account_suffix' => "@pusat.corp.pln.co.id",
'domain_controllers' => array("dc01.pusat.corp.pln.co.id","pusat.corp.pln.co.id"), // An array of domains may be provided for load balancing.

'base_dn' => 'DC=pusat','DC=corp','DC=pln','DC=co','DC=id',


'real_primary_group' => true, // Returns the primary group (an educated guess).

'use_ssl' => false, // If TLS is true this MUST be false.

'use_tls' => false, // If SSL is true this MUST be false.

    'recursive_groups' => true,

);

在 routes.php 中

Route::post('login', function () {
    $passhash = Input::get('password');
    $credentials  = array(
        'username' => Input::get('username'),
        'password' => Input::get('password')
    );


    if ($a = Auth::attempt($credentials))
        return '<pre>' . print_r(Auth::user(), true);
    else
        dd($a);
});

Answer 1

Laravel 4 的核心没有内置 LDAP 身份验证。所以这是一种将其添加到您的应用程序的快速而肮脏的方法。它使用内部 LDAP PHP 函数，因此您需要安装 php5-ldap 包:

你的 app/conf/auth.php 的配置:

'ldap_tree'   => 'OU=anything,DC=domain,DC=com',
'ldap_server' => 'your.ldap.server.com',

这是您的 Controller 要使用的 LDAP 类:

class LDAP {

    public static function authenticate($username, $password)
    {
        if(empty($username) or empty($password))
        {
            Log::error('Error binding to LDAP: username or password empty');
            return false;
        }

        $ldapRdn = static::getLdapRdn($username);

        $ldapconn = ldap_connect( Config::get('auth.ldap_server') ) or die("Could not connect to LDAP server.");

        $result = false;

        if ($ldapconn) 
        {
            $ldapbind = @ldap_bind($ldapconn, $ldapRdn, $password);

            if ($ldapbind) 
            {
                $result = true;
            } else {
                Log::error('Error binding to LDAP server.');
            }

            ldap_unbind($ldapconn);

        } else {
            Log::error('Error connecting to LDAP.');
        }

        return $result;

    }

    public static function getLdapRdn($username)
    {
        return str_replace('[username]', $username, 'CN=[username],' . Config::get('auth.ldap_tree'));
    }

}

还有一个 AuthController 来处理您应用上的登录:

class AuthController extends Controller {

    public function __construct(LDAP $ldap)
    {
        $this->ldap = $ldap;
    }

    public function login()
    {
        if ( $this->ldap->authenticate( Input::get('email'), Input::get('password') ) )
        {
            $user = User::where('email', Input::get('email'))->first();

            Auth::login( $user );

            return Redirect::to('home');
        }

        return Redirect::refresh()->with('error', 'User and/or password are incorrect.');
    }

    public function logout()
    {

        if ( ! Auth::guest())
        {
            Auth::logout();

            return Redirect::to('message')
                    ->with('message', 'You just logged out.');                  
        }

        return Redirect::to('login');   

    }

}

请注意，此 Controller 正在为 LDAP 类使用依赖注入(inject)，它将由 Laravel 自动注入(inject)。