Morning, 尝试登录我的应用程序时,我不断收到消息"必须指定用户名"。 与LDAP的连接正常,同步也,在我的数据库/表用户中,我看到所有带有密码的用户名。 但不能使用任何人的用户名登录。 尝试dd($username(进入LoginController,"guard((->try"显示"null"。 感谢您的帮助!
我的版本
Laravel Version: ^7.0
Adldap2-Laravel Version: ^6.1
PHP Version: ^7.2.5
LDAP Type: OpenLDAP
我的 .env
LDAP_HOSTS=ldap.forumsys.com
LDAP_BASE_DN=dc=example,dc=com
LDAP_USERNAME=cn=read-only-admin,dc=example,dc=com
LDAP_PASSWORD=password
LDAP_PASSWORD_SYNC=true
我的低密度脂蛋白.php
<?php
return [
'logging' => env('LDAP_LOGGING', false),
'connections' => [
'default' => [
'auto_connect' => env('LDAP_AUTO_CONNECT', true),
'connection' => AdldapConnectionsLdap::class,
'settings' => [
'schema' => AdldapSchemasOpenLDAP::class,
'account_prefix' => env('LDAP_ACCOUNT_PREFIX', ''),
'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', ''),
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
'port' => env('LDAP_PORT', 389),
'timeout' => env('LDAP_TIMEOUT', 5),
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
'username' => env('LDAP_USERNAME', 'username'),
'password' => env('LDAP_PASSWORD', 'secret'),
'follow_referrals' => false,
'use_ssl' => env('LDAP_USE_SSL', false),
'use_tls' => env('LDAP_USE_TLS', false),
],
],
],
];
我的ldap_auth
<?php
return [
'connection' => env('LDAP_CONNECTION', 'default'),
'provider' => AdldapLaravelAuthDatabaseUserProvider::class,
'model' => AppUser::class,
'rules' => [
// Denys deleted users from authenticating.
AdldapLaravelValidationRulesDenyTrashed::class,
// Allows only manually imported users to authenticate.
// AdldapLaravelValidationRulesOnlyImported::class,
],
'scopes' => [
// Only allows users with a user principal name to authenticate.
// Suitable when using ActiveDirectory.
// AdldapLaravelScopesUpnScope::class,
// Only allows users with a uid to authenticate.
// Suitable when using OpenLDAP.
// AdldapLaravelScopesUidScope::class,
],
'identifiers' => [
'ldap' => [
'locate_users_by' => 'uid',
'bind_users_by' => 'distinguishedname',
],
'database' => [
'guid_column' => 'objectguid',
'username_column' => 'username', //'email',
],
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
'passwords' => [
'sync' => env('LDAP_PASSWORD_SYNC', false),
'column' => 'password',
],
'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
'sync_attributes' => [
//'email' => 'userprincipalname',
'username' => 'uid',
'name' => 'cn',
],
'logging' => [
'enabled' => env('LDAP_LOGGING', true),
'events' => [
AdldapLaravelEventsImporting::class => AdldapLaravelListenersLogImport::class,
AdldapLaravelEventsSynchronized::class => AdldapLaravelListenersLogSynchronized::class,
AdldapLaravelEventsSynchronizing::class => AdldapLaravelListenersLogSynchronizing::class,
AdldapLaravelEventsAuthenticated::class => AdldapLaravelListenersLogAuthenticated::class,
AdldapLaravelEventsAuthenticating::class => AdldapLaravelListenersLogAuthentication::class,
AdldapLaravelEventsAuthenticationFailed::class => AdldapLaravelListenersLogAuthenticationFailure::class,
AdldapLaravelEventsAuthenticationRejected::class => AdldapLaravelListenersLogAuthenticationRejection::class,
AdldapLaravelEventsAuthenticationSuccessful::class => AdldapLaravelListenersLogAuthenticationSuccess::class,
AdldapLaravelEventsDiscoveredWithCredentials::class => AdldapLaravelListenersLogDiscovery::class,
AdldapLaravelEventsAuthenticatedWithWindows::class => AdldapLaravelListenersLogWindowsAuth::class,
AdldapLaravelEventsAuthenticatedModelTrashed::class => AdldapLaravelListenersLogTrashedModel::class,
],
],
];
我的登录控制器
<?php
namespace AppHttpControllersAuth;
use AppHttpControllersController;
use AppProvidersRouteServiceProvider;
use IlluminateFoundationAuthAuthenticatesUsers;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = RouteServiceProvider::HOME;
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
public function username()
{
return 'username';
}
}
我自己也经历过这种痛苦。
看起来您正在使用服务帐户连接到LDAP,但是我没有看到您将经过身份验证的用户登录到Laravel的位置。 您的用户是否必须在屏幕上的某个位置提供用户名和密码? 如果没有,您如何抓住用户并让他们登录到 Laravel?
在必须通过LDAP的企业中,我这样做的方式是拥有正常的Laravel登录页面,而是登录控制器中的中间方法,该方法通过PW的服务帐户向LDAP发送消息。 如果成功,则使用 Laravel 的标准方法登录。 基本上只是根据LDAP检查PW,然后登录而不是检查Laravel数据库。
示例代码 - 这将有很大差异,但可以让您了解可能有效的方法:
if(env('LOGIN', false) === 'LDAP'){
$ldap = new AppHttpControllersClientSpecificBaseLDAPController();
$username = $request->input('username');
if($ldap->authenticate($username, $request->input('password'))){
return $this->sendLoginResponse($request);
}
}else {
if ($this->guard()->attempt($credentials, $request->has('remember'))) {
return $this->sendLoginResponse($request);
}
}
我知道这是一个老问题,但即使在 2020 年,我仍然面临这个问题,这花了我很多时间。实际上,如果您还尝试使用Adldap2-Laravel包将OpenLDAP服务器与Laravel应用程序绑定,则问题非常愚蠢。 默认情况下,Adldap2-Laravel是为Microsoft的活动目录配置的。但是对于OpenLDAP,我们需要正确更改Identifiers数组,如下所示。
<?php
return [
// configurations settings...
'identifiers' => [
'ldap' => [
'locate_users_by' => 'uid', // changed from userprincipalname
'bind_users_by' => 'dn', // changed from distinguishedname
],
'database' => [
'guid_column' => 'objectguid',
'username_column' => 'username', //'email',
],
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
// rest of the configurations...
];
如果我的答案对新人来说不清楚,请告诉我,因为我也是新手。我将尝试更好地解释解决方案:)