Cakephp-ldap plugin for CakePHP
Requirements
Installation
You can install this plugin into your CakePHP application using composer., (*1)
The recommended way to install composer packages is:, (*2)
composer require aravind-zrx/Cakephp-ldap
Usage
In your app's config/bootstrap.php add:, (*3)
// In config/bootstrap.php
Plugin::load('LdapUtility');
or using cake's console:, (*4)
./bin/cake plugin load LdapUtility
Configuration:
Basic configuration for creating ldap handler instance, (*5)
$config = [
'host' => 'ldap.example.com',
'port' => 389,
'baseDn' => 'dc=example,dc=com',
'startTLS' => true,
'hideErrors' => true,
'commonBindDn' => 'cn=readonly.user,ou=people,dc=example,dc=com',
'commonBindPassword' => 'secret'
]
$ldapHandler = new LdapUtility\Ldap($config);
Config parameters
| Parameter |
Description |
host |
Host name of LDAP server |
port |
Port to connect with LDAP server. Defaults to 389 |
baseDn |
Base Distinguished name (DN) |
startTLS |
Boolean to decide on connection with/without TLS. Defaults to false |
hideErrors |
Boolean to show/hide LDAP errors. Defaults to false |
commonBindDn |
Common bind DN. Used in the case of readonly operations |
commonBindPassword |
Passowrd for common bind DN |
Setup Ldap authentication config in Controller
Parameters for setting LDAP authentication has all the parameters of LDAP handler connection except commonBindDn and commonBindPassowrd, (*6)
// In your controller, for e.g. src/Api/UsersController.php
public function initialize()
{
parent::initialize();
$this->loadComponent('Auth', [
'storage' => 'Memory',
'authenticate', [
LdapUtility/Ldap => [
'host' => 'ldap.example.com',
'port' => 389,
'baseDn' => 'dc=example,dc=com',
'startTLS' => true,
'hideErrors' => true,
'queryDatasource' => true,
'userModel' => 'Users',
'fields' => ['username' => 'email'],
'auth' => [
'searchFilter' => '(cn={username})',
'bindDn' => 'cn={username},ou=people,dc=example,dc=com'
]
]
],
'unauthorizedRedirect' => false,
'checkAuthIn' => 'Controller.initialize',
]);
}
Auth specific configs, (*7)
| Parameter |
Description |
auth.searchFilter |
search filter syntax with username placeholder. The placeholder will be replaced by username data from request. This is used to read LDAP data entry of the authenticated user |
auth.bindDn |
bind DN syntax with username placeholder between braces. The placeholder will be replaced by username data from request |
queryDataSource |
Boolean to decide whether to query app datasource after successful LDAP authentication |
userModel |
If queryDataSource is set, userModel table will be used for base authentication |
fields.username |
If queryDataSource is set, authenticate class will use field.username as field condition for base authentication |
Example:
Search for entry with cn starting with test, (*8)
$ldapHandler->find('search', [
'baseDn' => 'ou=people,dc=example,dc=com',
'filter' => 'cn=test*',
'attributes' => ['cn', 'sn', 'mail']
]);
Read a particular entry with cn=test.user, (*9)
$ldapHandler->find('read', [
'baseDn' => 'ou=people,dc=example,dc=com',
'filter' => 'cn=test.user',
'attributes' => ['cn', 'sn', 'mail']
]);
TLS connections in development environment
To connect an LDAP server over TLS connection, check ldap.conf file
* For mac, conf file is located in /etc/openldap/ldap.conf
* For unix, conf file is located in /etc/ldap/ldap.conf
To disable certificate verification change TLS_REQCERT to 'never' in ldap.conf file
Wallogit.com
