FR3DLdapBundle - 身份验证请求失败

FR3DLdapBundle - Authentication request failed

我正在使用 FR3DLdapBundle 和 FOSUserBundle。

Symfony 版本 3.2.6 FR3DLdapBundle 版本 3

config.yml

fos_user:
    db_driver: orm # other valid values are 'mongodb' and 'couchdb'
    firewall_name: main
    user_class: AppBundle\Entity\User
    from_email:
        address: "%mailer_user%"
        sender_name: "%mailer_user%"

fr3d_ldap:
    driver:
        host: ldap.forumsys.com
        port: 389
        username: cn=read-only-admin,dc=example,dc=com
        password: password
        bindRequiresDn: true
    user:
        baseDn: dc=example,dc=com
        filter: (&(objectClass=person))
        attributes:
            - { ldap_attr: uid,  user_method: setUsername }

security.yml

encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt
    AppBundle\Entity\User: plaintext

erase_credentials: false

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]

providers:
    chain_provider:
        chain:
            providers: [fr3d_ldapbundle,fos_userbundle]

    fr3d_ldapbundle:
        id: fr3d_ldap.security.user.provider

    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        pattern:    ^/
        fr3d_ldap:  ~
        form_login:
            provider: chain_provider
            always_use_default_target_path: true
            default_target_path: /
        logout:     true
        anonymous:  true

encoders:
    AcmeBundle\Acme\User\LdapUser: plaintext

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, role: ROLE_USER }

我用 Online LDAP Test Server 测试服务。 我已经成功地使用以下配置成功登录:

fr3d_ldap:
driver:
    host: ldap.forumsys.com
    port: 389
    #version: 3
    username: cn=read-only-admin,dc=example,dc=com
    password: password
    bindRequiresDn: true

user:
    baseDn: uid=euclid,dc=example,dc=com
    filter: (&(objectClass=person))
    attributes:
        - { ldap_attr: uid,  user_method: setUsername }

但是这个配置的问题我只能以用户 euclid 的身份登录。但我想以每个可用用户身份登录。

但使用其他配置时,我在日志中收到消息,发现用户已找到,但发生了错误。

2017-04-20 09:36:16] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []

[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []

[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_bind(einstein, ****) {"action":"ldap_bind","bind_rdn":"einstein"} []

[2017-04-20 09:36:17] ldap_driver.DEBUG: exception 'Zend\Ldap\Exception\LdapException' with message '0x1: Failed to retrieve DN for account: einstein [0x1: Unexpected result count (16) for: (&(objectClass=person))]' in /vendor/zendframework/zend-ldap/src/Ldap.php:805 Stack trace: #0 /vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php(82): Zend\Ldap\Ldap->bind('einstein', 'password') #1 /vendor/fr3d/ldap-bundle/Ldap/LdapManager.php(78): FR3D\LdapBundle\Driver\ZendLdapDriver->bind(Object(AppBundle\Entity\User), 'password') #2 /vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php(90): FR3D\LdapBundle\Ldap\LdapManager->bind(Object(AppBundle\Entity\User), 'password') #3 ...

[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []

[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []

[2017-04-20 09:36:17] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Bad credentials. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90, Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): The presented password is invalid. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:67)"} []

我不知道我做错了什么,我刚开始使用 LDAP。

编辑 我已经像 Alvin 发布的示例一样更改了我的代码。 但是我收到以下错误:Symfony Dev Log。 系统找到了用户,但随后我在日志文件中收到错误。

您只需要像这样更改您的 baseDn:

user:
    baseDn: dc=example,dc=com

我认为应该这样做。


编辑 # 2 - 基于反馈

这是根据我的教程将其添加到 FOSUser.php 实体的解决方案:

/**
  * {@inheritDoc}
  */
public function setDn($dn){
    $this->dn = $dn;
}

/**
  * {@inheritDoc}
  */
public function getDn(){
    return $this->dn;
}

这里参考我的教程: https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/

所以我终于在我的代码中找到了问题。

我忘记正确设置用户实体中 DN 字段的设置和获取功能。那是我的代码:

/**
 * Set Ldap Distinguished Name.
 *
 * @param string $dn Distinguished Name
 */
public function setDn($dn)
{
    // TODO: Implement setDn() method.
}

/**
 * Get Ldap Distinguished Name.
 *
 * @return null|string Distinguished Name
 */
public function getDn()
{
    // TODO: Implement getDn() method.
}

但这是 Alvins 教程中的正确答案:

 /**
 * {@inheritDoc}
 */
public function setDn($dn)
{ $this->dn = $dn; }

/**
 * {@inheritDoc}
 */
public function getDn()
{ return $this->dn; }

感谢 Alvin 的帮助和出色的 tutorial