I really appreciate if someone could help me to use LDAP authentication at symfony2 Framework. The main idea is to use properly LDAP to know all users without using an interne table and without login (insert username/password), let's say that I want to be something like automatic identification.
-
There are a lot of bundles doing LDAP authentication. Check on knpbundles.com/search?q=ldapFidan Hakaj– Fidan Hakaj2015-03-16 09:08:35 +00:00Commented Mar 16, 2015 at 9:08
-
Sorry..., Yes, it's the first stuff that I do, but found just a few bundles that use an internal table with FOSuserBundle, and we still have a classical login form, what I want do is to get identification automatically for each user without that user put his id/password at login page, hope that what I say is clear thank you.ASSUMA– ASSUMA2015-03-16 09:18:40 +00:00Commented Mar 16, 2015 at 9:18
-
I have used github.com/Maks3w/FR3DLdapBundle along with the FOSUserBundle quite easily in the past.qooplmao– qooplmao2015-03-16 11:02:59 +00:00Commented Mar 16, 2015 at 11:02
Add a comment
|
1 Answer
You are looking for single sign on. You really do not have to deal with LDAP but your web server must be configured properly. Web server is dealing with authenticating instead your app. Then you can get user login from REMOTE_USER enviroment variable. It is credentials for you that you can trust. In Symfony is special security provider for that (starting from version 2.6).
Update: Added more specific info for IIS
- Enable Windows Authentication on IIS (some maybe helpful link and make sure your server and clients are in domain).
- Try to catch $_SERVER['REMOTE_USER'] in easy PHP script - you should see your domain login.
If everything will going well you can play with Symfony remote_user provider from link above. You also need to have users in database (ie. only domain login, email and maybe some flags) for using roles, logging etc. Also be sure that your server is in local intranet zone.
Update 2: Added Symfony configuration example
security.yml
security:
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
- { name: 'DOMAIN\login', roles: [ 'ROLE_USER' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
secured_area:
pattern: ^/demo
remote_user:
provider: in_memory
access_control:
- { path: ^/demo/secured/login, roles: ROLE_ADMIN }
This is example for clean Symfony 2.6 installation with AcmeDemoBundle. Try to play with it on your own. On homepage you are not logged in at all. If windows authentication is working and your login is DOMAIN\login you will be logged in after clicking on Run the demo button. If you try to access /demo/secured/login you will get 403. I hope it is enough as introduction what Symfony could do for you.
7 Comments
ASSUMA
Hy, thanks but I can't do without LDAP server it's primordial, Yes I'm loking for single sign on for all users, is there an other option ?
kba
If you want to make possible log in your users without username and password you must trust your web server and configured it. Your web server will use LDAP for authenticating users and your job is just to take username from REMOTE_USER. Client have to be logged under domain account and use browser that can send credentials through ntlm or kerberos protocol in the background to web server. What is the enviroment? Clients are windows? Web server is IIS, Apache or something else? What browser do you use?
ASSUMA
Hy Yes my environement is IIS and I 'm using IE11 as browser.
ASSUMA
And could i use eventually other table for role if it's possible.
kba
I have updated my answer a little bit. You need working windows authentication first then you can play with Symfony.
|