Adldap2-Laravel icon indicating copy to clipboard operation
Adldap2-Laravel copied to clipboard

Published 20 hours ago verified publisher icon Adldap2

How to authenticate both OpenLDAP + Mysql

Open test98123456 opened this issue 5 years ago • 10 comments

  • Laravel Version: 5.7
  • Adldap2-Laravel Version: 5.1
  • PHP Version: 7.1.7
  • LDAP Type: OpenLDAP

Description:

my user info stores in openldap and mysql ,now,I have finished authrization based on mysql, but how to configure laravel to support mysql and ldap,prefer your answer

Steps To Reproduce:

test98123456 avatar Feb 28 '19 09:02 test98123456

config/auth.php: 'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ],

should i modify driver?

test98123456 avatar Feb 28 '19 11:02 test98123456

now,i have add one guard and one provider, 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'users', ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
    'adldap' => [
        'driver' => 'session',
        'provider' => 'myldap'
    ]
],

'providers' => [ 'users' => [ 'driver' => 'eloquent', 'model' => App\User::class, ], 'myldap' => [ 'driver' => 'ldap', 'model' => App\User::class, ],

so i try to auth like this

$c = ['username' => 'testuser', 'password' => '123456']; dd(Auth::guard('adldap')->attempt($c)); //return false

can u help me ?

test98123456 avatar Feb 28 '19 12:02 test98123456

why exactly do you want LDAP and MySQL, usually, LDAP will sync any data you want to mysql, so it's only used for relevant calls and eloquent just uses mysql

sachaw avatar Feb 28 '19 14:02 sachaw

why exactly do you want LDAP and MySQL, usually, LDAP will sync any data you want to mysql, so it's only used for relevant calls and eloquent just uses mysql

because my user data stores in ldap and mysql,i am also feel embarrassed ;)

test98123456 avatar Mar 01 '19 01:03 test98123456

Which scenario explains your situation best: Different users exist in mysql and ldap. The same users exist in mysql and ldap.

sachaw avatar Mar 01 '19 04:03 sachaw

@sachaw
Different users exist in mysql and ldap.

user a,b,c stores in mysql user 1,2,3 store in ldap exactly in login page i add user_type field ,which user stores in mysql choose user_type_1 and user stores in ldap choose user_type_2

test98123456 avatar Mar 01 '19 06:03 test98123456

now i use another solution to solve this problem,my login logic as follows:

public function doLogin(Request $r) { //users store in mysql if ($r->input('user_type') === "1") { //check user password if (Hash::check($r->input('password'), $u->password)) { $s = [ 'user_type' => 1, 'user' => $u, ....... ]; //write user info into session session(['logined' => $s]); return $this->redirectUrl('/home'); } //users store in ldap elseif ($r->input('user_type') === "2" { //check user password if (Adldap::auth()->attempt($r->input('username'),$r->input('password'))) { $u = Adldap::search()->where('uid', '=', $r->input('username'))->first(); dd($u) //return one Entry instance $s = [ 'user_type' => 2, 'user' => $u, ....... ]; //write user info into session session(['logined' => $s]); return $this->redirectUrl('/home'); } }

test98123456 avatar Mar 01 '19 06:03 test98123456

Hi @test98123456,

I would really suggest against the code you posted using the session() helper to track logged in users in your own custom manor and stick with Laravel’s built in authentication as you’re basically creating your own auth implementation.

To use different auth guards that you’ve configured in the config code you posted earlier, simply call:

Auth::guard(‘adldap’)->attempt($credentials);

// Or:

Auth::guard(‘web’)->attempt($credentials);

stevebauman avatar Mar 01 '19 11:03 stevebauman

Hi @test98123456,

I would really suggest against the code you posted using the session() helper to track logged in users in your own custom manor and stick with Laravel’s built in authentication as you’re basically creating your own auth implementation.

To use different auth guards that you’ve configured in the config code you posted earlier, simply call:

Auth::guard(‘adldap’)->attempt($credentials);

// Or:

Auth::guard(‘web’)->attempt($credentials);

hi @stevebauman

thanks for your reply ,i did this because i can not distinguish between adldap authorized user intance and mysql authorized user instance,forgive me ,That's why I use session() method,si i add 'user_type' field in session()

I don't know how to do it right. because i am new laraveler,actually i am a new phper :)

Auth::guard(‘web’)->attempt($credentials); this method return true,and how can i discriminate this logined user ,is a mysql user ,or ldap user?

Auth::guard(‘adldap’)->attempt($credentials); this code retrun false,and Now I'm trying to fix it and find out where the configuration is wrong. ,If the above code returns true, I will have the same problem as above.so Can you provide me some sample code?

test98123456 avatar Mar 04 '19 02:03 test98123456

Doesn't this automatically work if you configure both ADLDAP2 and conventional Laravel authentication correctly and then use LDAP_LOGIN_FALLBACK=true? If you use the DatabaseUserProvider and sync to the local database, then both LDAP and MySQL should work fine; if a user doesn't exist in LDAP, it falls back to the local DB.

ThomHurks avatar Mar 23 '19 14:03 ThomHurks