logo标签列表

Symfony 2.8中的LDAP身份验证

phpsymfonyauthenticationsymfony-2.8
7
我正在尝试在Symfony 2.8中使用新的LdapUserProvider。我相信我已经按照文档配置好了一切。
我的用户可以成功进行身份验证,然后被重定向到受保护的页面。重定向后问题就开始了。Symfony尝试以认证用户的身份进行绑定,但是密码为null,这被开放式LDAP拒绝了。
以下是相关的日志条目和配置值。
配置:
services:
    app.ldap:
        class: Symfony\Component\Ldap\LdapClient
        arguments: [ "localhost" ]

安全性:

security:
    firewalls:
        restricted_area:
            provider: app_users
            form_login_ldap:
                service: app.ldap
                dn_string: "uid={username},DC=mydomain,DC=net"
                check_path: login_check
                login_path: login
    providers:
        app_users:
            ldap:
                service: app.ldap
                base_dn: dc=mydomain,dc=net
                search_dn: cn=Manager,DC=mydomain,DC=net
                search_password: secretPassword
                filter: "(&(aptAccountEnabled=1)(ObjectClass=aptAccount)(uid={username}))"
                default_roles: ROLE_USER

并且日志文件:

[2015-12-18 13:55:11] request.INFO: Matched route "login_check". {"route_parameters":{"_route":"login_check"},"request_uri":"http://ancdev.admin.aptalaska.net/~dmorphis/Portal/web/app_dev.php/Login/Verify"} []
[2015-12-18 13:55:11] security.DEBUG: Read existing security token from the session. {"key":"_security_restricted_area"} []
[2015-12-18 13:55:11] security.DEBUG: User was reloaded from a user provider. {"username":"dan.smartrg","provider":"Symfony\\Component\\Security\\Core\\User\\LdapUserProvider"} []
[2015-12-18 13:55:26] security.INFO: User has been authenticated successfully. {"username":"dan.smartrg"} []
<snip>
[2015-12-18 13:55:26] security.DEBUG: Stored the security token in the session. {"key":"_security_restricted_area"} []
<snip>
[2015-12-18 13:55:27] request.INFO: Matched route "home.index". {"route_parameters":{"_controller":"Apt\\PortalBundle\\Controller\\DefaultController::indexAction","_route":"home.index"},"request_uri":"http://ancdev.admin.aptalaska.net/~dmorphis/Portal/web/app_dev.php/"} []
[2015-12-18 13:55:28] security.DEBUG: Read existing security token from the session. {"key":"_security_restricted_area"} []
[2015-12-18 13:55:28] security.DEBUG: User was reloaded from a user provider. {"username":"dan.smartrg","provider":"Symfony\\Component\\Security\\Core\\User\\LdapUserProvider"} []
[2015-12-18 13:56:15] php.DEBUG: ldap_bind(): Unable to bind to server: Server is unwilling to perform {"type":2,"file":"/home/dmorphis/public_html/Portal/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":73,"level":28928} []
[2015-12-18 13:56:15] app.ERROR: Bad credentials. [{"file":"/home/dmorphis/public_html/Portal/app/cache/dev/classes.php","line":2697,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvide <truncated>
[2015-12-18 13:56:15] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point.
文档说要使用 Symfony\Component\Security\Ldap\Ldap,但是文档是错误的。实际类是 Symfony\Component\Ldap\LdapClient。 - Dan Morphis
1
这似乎非常严重。也许在GitHub上开一个问题?(那里的可见性更高) - Radu Murzea
4个回答
4

最终我找到了问题所在。

您需要链接 UserProvider

chain_provider:
    chain:
             providers: [in_memory, app_users]
    in_memory:
        memory: ~
    app_users:
        ldap:
           .....</i>
在Symfony 2.8上,将提供程序行添加到上面会导致错误。 - Christian
标记有点破损,在这里:http://symfony.com/doc/2.8/security/multiple_user_providers.html - 4lxndr
1
我曾遇到相同问题。在我的情况下,framework.session.handler_id 的配置错误,我需要将其从本地文件处理程序更改为默认的 PHP 会话处理程序 null。
0
我几乎遇到了完全相同的问题。经过深入调试,我找到了这一行代码:
\Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken::__construct中:
parent::setAuthenticated(count($roles) > 0);

这是一个问题,因为我诊断出,UsernamePasswordToken最初来自于未经身份验证的会话存储。这是由于我的自定义覆盖默认服务而导致没有分配角色造成的。
通常,在登录时只会调用LDAP一次,并且不应该将密码存储在会话中。只有序列化令牌中的authenticated = true。
你确定你得到的是未序列化的已认证令牌吗?
0
在Symfony 3.1中,LdapClient组件已被弃用。因此,我想要更新解决方案。这个解决方案也应该适用于Symfony 2.8/2.9应用程序。
#security.yml
security:
    firewalls:
        restricted_area:
            provider: app_users
            form_login_ldap:
                service: ldap.auth
                dn_string: "%dn_string%"

    providers:
        app_users:
            ldap:
                service: ldap.auth
                base_dn: "dc=domain,dc=net"
                search_dn: "cn=Manager,DC=domain,DC=net"
                search_password: secretPassword
                filter: "(&(aptAccountEnabled=1)(ObjectClass=aptAccount)({uid_key}={username}))"
                default_roles: ROLE_USER
                uid_key: uid

#services.yml
services:
    ldap.auth:
        class: 'Symfony\Component\Ldap\Ldap'
        factory:
            - 'Symfony\Component\Ldap\Ldap'
            - 'create'
        arguments:
            - 'ext_ldap'  # adapter
            -
              host: database
              options:
                  protocol_version: 3
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接