imag/ldap-bundle

LDAP Bundle for Symfony 2

Monday, October 20, 2014
by BorisMorel
Repository
20 Watchers
110 Stars
134,026 Installations

PHP
4 Dependents
0 Suggesters
102 Forks
56 Open issues
12 Versions
2 % Grown

The README.md

LdapBundle

LdapBundle provides LDAP authentication without using Apache's mod_ldap. The bundle instead relies on PHP's LDAP extension along with a form to authenticate users. LdapBundle can also be used for authorization by retrieving the user's roles defined in LDAP., _(*1)

Contact

Nick: aways IRC: irc.freenode.net - #symfony-fr, _(*2)

Install

Download with composer
Enable the Bundle
Configure LdapBundle in security.yml
Import LdapBundle routing
Implement Logout
Use chain provider
Subscribe to PRE_BIND event
Subscribe to POST_BIND event

Get the Bundle

Composer

Add LdapBundle in your project's composer.json, _(*3)

{
    "require": {
        "imag/ldap-bundle": "dev-master"
    }
}

Enable the Bundle

``` php <?php // app/AppKernel.php, _(*4)

public function registerBundles() { $bundles = array( // ... new IMAG\LdapBundle\IMAGLdapBundle(), ); }, _(*5)


### Configure security.yml

**Note:**
> An example `security.yml` file is located within the bundle at `./Resources/Docs/security.yml`

``` yaml
# ./IMAG/LdapBundle/Resources/config/security.yml

security:
  firewalls:
    restricted_area:
      pattern:          ^/
      anonymous:        ~
      provider:         ldap
      imag_ldap:        ~
      # alternative configuration
      # imag_ldap:
      #   login_path:   /ninja/login
      logout:
        path:           /logout
        target:         /

  providers:
    ldap:
      id: imag_ldap.security.user.provider

  encoders:
    IMAG\LdapBundle\User\LdapUser: plaintext

  access_control:
    - { path: ^/login,          roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/,               roles: IS_AUTHENTICATED_FULLY }

imag_ldap:
  client:
    host: your.host.foo
    port: 389
#    version: 3 # Optional
#    username: foo # Optional
#    password: bar # Optional
#    network_timeout: 10 # Optional
#    referrals_enabled: true # Optional
#    bind_username_before: true # Optional
#    skip_roles: false # Optional

  user:
    base_dn: ou=people,dc=host,dc=foo
#    filter: (&(foo=bar)(ObjectClass=Person)) #Optional
    name_attribute: uid
  role:
    base_dn: ou=group, dc=host, dc=foo
#    filter: (ou=group) #Optional
    name_attribute: cn
    user_attribute: member
    user_id: [ dn or username ]

#  user_class: IMAG\LdapBundle\User\LdapUser # Optional

You should configure the parameters under the imag_ldap section to match your environment., _(*6)

Note:, _(*7)

The optional parameters have default values if not set. You can disable default values by setting a parameter to NULL., _(*8)

``` yaml, _(*9)

app/config/security.yml

imag_ldap: # ... role: # ... filter: NULL, _(*10)


### Import routing

``` yaml
# app/config/routing.yml

imag_ldap:
  resource: "@IMAGLdapBundle/Resources/config/routing.yml"

Implement Logout

Just create a link with a logout target., _(*11)

``` html Logout, _(*12)


**Note:**
> You can refer to the official Symfony documentation :
> http://symfony.com/doc/current/book/security.html#logging-out

### Chain provider ###

You can also chain the login form with other providers, such as database_provider, in_memory provider, etc.

``` yml
# app/config/security.yml
security:
    firewalls:
        secured_area:
            pattern: ^/
            anonymous: ~
            imag_ldap:
                provider: multiples
            logout:
                path: logout
    providers:
        multiples:
            chain:
                providers: [ldap, db]          
        ldap:
            id: imag_ldap.security.user.provider
        db:
            entity: { class: FQDN\User }

Note:, _(*13)

If you have set the config option bind_username_before: true you must chain the providers with the ldap provider in the last position., _(*14)

``` yml, _(*15)

app/config/security.yml

providers: [db, ldap], _(*16)


### Subscribe to PRE_BIND event

The PRE_BIND is fired before the user is authenticated via LDAP. Here you can write a listener to perform your own logic before the user is bound/authenticated to LDAP.
For example, to add your own roles or do other authentication/authorization checks with your application.

If you want to break the authentication process within your listener, throw an Exception.

Example listener:
``` xml
<service id="ldap.listener" class="Acme\HelloBundle\EventListener\LdapSecuritySubscriber">
    <tag name="kernel.event_subscriber" />
</service>

Example:, _(*17)

<?php

namespace Acme\HelloBundle\EventListener;

use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use IMAG\LdapBundle\Event\LdapUserEvent;

/**
 * Performs logic before the user is found to LDAP
 */
class LdapSecuritySubscriber implements EventSubscriberInterface
{
    public static function getSubscribedEvents()
    {
        return array(
            \IMAG\LdapBundle\Event\LdapEvents::PRE_BIND => 'onPreBind',
        );
    }

    /**
     * Modifies the User before binding data from LDAP
     *
     * @param \IMAG\LdapBundle\Event\LdapUserEvent $event
     */
    public function onPreBind(LdapUserEvent $event)
    {
        $user = $event->getUser();
        $config = $this->appContext->getConfig();

        $ldapConf = $config['ldap'];

        if (!in_array($user->getUsername(), $ldapConf['allowed'])) {
            throw new \Exception(sprintf('LDAP user %s not allowed', $user->getUsername()));
        }

        $user->addRole('ROLE_LDAP');
        $event->setUser($user);
    }
}

The POST_BIND is fired after the user is authenticated via LDAP. You can use it in exactly the same manner as PRE_BIND., _(*18)

Note:, _(*19)

However each time a page is refreshed, Symfony call the refreshUser method in the provider that is used and doesn't trigger these events (PRE_BIND and POST_BIND). If you want to override user (for example like credentials, roles ...), you must create a new provider and override this method., _(*20)

The Versions

20/10 2014

dev-master

9999999-dev http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
ext-ldap *
symfony/symfony >2.0

2.3.x-dev

2.3.9999999.9999999-dev http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
ext-ldap *
symfony/symfony >2.0

v2.3.1

2.3.1.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
ext-ldap *
symfony/symfony >2.0

2.1.x-dev

2.1.9999999.9999999-dev http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
ext-ldap *
symfony/symfony >2.0

v2.1.6

2.1.6.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
ext-ldap *
symfony/symfony >2.0

v2.1.5

2.1.5.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
symfony/symfony >2.0

v2.1.4

2.1.4.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
symfony/symfony >2.0

v2.1.3

2.1.3.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
symfony/symfony >2.0

v2.1.2

2.1.2.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

CeCILL

The Requires

php >=5.3.3
symfony/symfony >2.0

dev-kategray-#47

dev-kategray-#47 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

The Requires

php >=5.3.3
symfony/symfony >2.0

dev-HomeStorming

dev-HomeStorming http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

The Requires

php >=5.3.3
symfony/symfony >2.0

2.1.0

2.1.0.0 http://github.com/BorisMorel/LdapBundle

LDAP Bundle for Symfony 2

Sources Download

The Requires

php >=5.3.3
symfony/symfony >2.0

library ldap-bundle

LDAP Bundle for Symfony 2

imag/ldap-bundle

The README.md

LdapBundle

Contact

Install

Get the Bundle

Composer

Enable the Bundle

app/config/security.yml

Implement Logout

app/config/security.yml

Subscribe to POST_BIND event

The Versions

dev-master

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

2.3.x-dev

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.3.1

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

2.1.x-dev

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.6

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.5

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.4

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

by John Kary

v2.1.3

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

v2.1.2

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

dev-kategray-#47

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

dev-HomeStorming

The Requires

by Boris Morel

by Juti Noppornpitak

by Shiroyuki

2.1.0

The Requires

by Boris Morel