FR3DLdapBundle - 身份验证请求失败
FR3DLdapBundle - Authentication request failed
我正在使用 FR3DLdapBundle 和 FOSUserBundle。
Symfony 版本 3.2.6
FR3DLdapBundle 版本 3
config.yml
fos_user:
db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: main
user_class: AppBundle\Entity\User
from_email:
address: "%mailer_user%"
sender_name: "%mailer_user%"
fr3d_ldap:
driver:
host: ldap.forumsys.com
port: 389
username: cn=read-only-admin,dc=example,dc=com
password: password
bindRequiresDn: true
user:
baseDn: dc=example,dc=com
filter: (&(objectClass=person))
attributes:
- { ldap_attr: uid, user_method: setUsername }
security.yml
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
AppBundle\Entity\User: plaintext
erase_credentials: false
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]
providers:
chain_provider:
chain:
providers: [fr3d_ldapbundle,fos_userbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: chain_provider
always_use_default_target_path: true
default_target_path: /
logout: true
anonymous: true
encoders:
AcmeBundle\Acme\User\LdapUser: plaintext
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
我用 Online LDAP Test Server 测试服务。
我已经成功地使用以下配置成功登录:
fr3d_ldap:
driver:
host: ldap.forumsys.com
port: 389
#version: 3
username: cn=read-only-admin,dc=example,dc=com
password: password
bindRequiresDn: true
user:
baseDn: uid=euclid,dc=example,dc=com
filter: (&(objectClass=person))
attributes:
- { ldap_attr: uid, user_method: setUsername }
但是这个配置的问题我只能以用户 euclid 的身份登录。但我想以每个可用用户身份登录。
但使用其他配置时,我在日志中收到消息,发现用户已找到,但发生了错误。
2017-04-20 09:36:16] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []
[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []
[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_bind(einstein, ****) {"action":"ldap_bind","bind_rdn":"einstein"} []
[2017-04-20 09:36:17] ldap_driver.DEBUG: exception 'Zend\Ldap\Exception\LdapException' with message '0x1: Failed to retrieve DN for account: einstein [0x1: Unexpected result count (16) for: (&(objectClass=person))]' in /vendor/zendframework/zend-ldap/src/Ldap.php:805 Stack trace: #0 /vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php(82): Zend\Ldap\Ldap->bind('einstein', 'password') #1 /vendor/fr3d/ldap-bundle/Ldap/LdapManager.php(78): FR3D\LdapBundle\Driver\ZendLdapDriver->bind(Object(AppBundle\Entity\User), 'password') #2 /vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php(90): FR3D\LdapBundle\Ldap\LdapManager->bind(Object(AppBundle\Entity\User), 'password') #3 ...
[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []
[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []
[2017-04-20 09:36:17] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Bad credentials. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90, Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): The presented password is invalid. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:67)"} []
我不知道我做错了什么,我刚开始使用 LDAP。
编辑
我已经像 Alvin 发布的示例一样更改了我的代码。
但是我收到以下错误:Symfony Dev Log。
系统找到了用户,但随后我在日志文件中收到错误。
您只需要像这样更改您的 baseDn:
user:
baseDn: dc=example,dc=com
我认为应该这样做。
编辑 # 2 - 基于反馈
这是根据我的教程将其添加到 FOSUser.php 实体的解决方案:
/**
* {@inheritDoc}
*/
public function setDn($dn){
$this->dn = $dn;
}
/**
* {@inheritDoc}
*/
public function getDn(){
return $this->dn;
}
这里参考我的教程:
https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/
所以我终于在我的代码中找到了问题。
我忘记正确设置用户实体中 DN 字段的设置和获取功能。那是我的代码:
/**
* Set Ldap Distinguished Name.
*
* @param string $dn Distinguished Name
*/
public function setDn($dn)
{
// TODO: Implement setDn() method.
}
/**
* Get Ldap Distinguished Name.
*
* @return null|string Distinguished Name
*/
public function getDn()
{
// TODO: Implement getDn() method.
}
但这是 Alvins 教程中的正确答案:
/**
* {@inheritDoc}
*/
public function setDn($dn)
{ $this->dn = $dn; }
/**
* {@inheritDoc}
*/
public function getDn()
{ return $this->dn; }
感谢 Alvin 的帮助和出色的 tutorial。
我正在使用 FR3DLdapBundle 和 FOSUserBundle。
Symfony 版本 3.2.6 FR3DLdapBundle 版本 3
config.yml
fos_user:
db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: main
user_class: AppBundle\Entity\User
from_email:
address: "%mailer_user%"
sender_name: "%mailer_user%"
fr3d_ldap:
driver:
host: ldap.forumsys.com
port: 389
username: cn=read-only-admin,dc=example,dc=com
password: password
bindRequiresDn: true
user:
baseDn: dc=example,dc=com
filter: (&(objectClass=person))
attributes:
- { ldap_attr: uid, user_method: setUsername }
security.yml
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
AppBundle\Entity\User: plaintext
erase_credentials: false
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]
providers:
chain_provider:
chain:
providers: [fr3d_ldapbundle,fos_userbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: chain_provider
always_use_default_target_path: true
default_target_path: /
logout: true
anonymous: true
encoders:
AcmeBundle\Acme\User\LdapUser: plaintext
access_control:
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/, role: ROLE_USER }
我用 Online LDAP Test Server 测试服务。 我已经成功地使用以下配置成功登录:
fr3d_ldap:
driver:
host: ldap.forumsys.com
port: 389
#version: 3
username: cn=read-only-admin,dc=example,dc=com
password: password
bindRequiresDn: true
user:
baseDn: uid=euclid,dc=example,dc=com
filter: (&(objectClass=person))
attributes:
- { ldap_attr: uid, user_method: setUsername }
但是这个配置的问题我只能以用户 euclid 的身份登录。但我想以每个可用用户身份登录。
但使用其他配置时,我在日志中收到消息,发现用户已找到,但发生了错误。
2017-04-20 09:36:16] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []
[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []
[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_bind(einstein, ****) {"action":"ldap_bind","bind_rdn":"einstein"} []
[2017-04-20 09:36:17] ldap_driver.DEBUG: exception 'Zend\Ldap\Exception\LdapException' with message '0x1: Failed to retrieve DN for account: einstein [0x1: Unexpected result count (16) for: (&(objectClass=person))]' in /vendor/zendframework/zend-ldap/src/Ldap.php:805 Stack trace: #0 /vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php(82): Zend\Ldap\Ldap->bind('einstein', 'password') #1 /vendor/fr3d/ldap-bundle/Ldap/LdapManager.php(78): FR3D\LdapBundle\Driver\ZendLdapDriver->bind(Object(AppBundle\Entity\User), 'password') #2 /vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php(90): FR3D\LdapBundle\Ldap\LdapManager->bind(Object(AppBundle\Entity\User), 'password') #3 ...
[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []
[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []
[2017-04-20 09:36:17] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Bad credentials. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90, Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): The presented password is invalid. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:67)"} []
我不知道我做错了什么,我刚开始使用 LDAP。
编辑 我已经像 Alvin 发布的示例一样更改了我的代码。 但是我收到以下错误:Symfony Dev Log。 系统找到了用户,但随后我在日志文件中收到错误。
您只需要像这样更改您的 baseDn:
user:
baseDn: dc=example,dc=com
我认为应该这样做。
编辑 # 2 - 基于反馈
这是根据我的教程将其添加到 FOSUser.php 实体的解决方案:
/**
* {@inheritDoc}
*/
public function setDn($dn){
$this->dn = $dn;
}
/**
* {@inheritDoc}
*/
public function getDn(){
return $this->dn;
}
这里参考我的教程: https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/
所以我终于在我的代码中找到了问题。
我忘记正确设置用户实体中 DN 字段的设置和获取功能。那是我的代码:
/**
* Set Ldap Distinguished Name.
*
* @param string $dn Distinguished Name
*/
public function setDn($dn)
{
// TODO: Implement setDn() method.
}
/**
* Get Ldap Distinguished Name.
*
* @return null|string Distinguished Name
*/
public function getDn()
{
// TODO: Implement getDn() method.
}
但这是 Alvins 教程中的正确答案:
/**
* {@inheritDoc}
*/
public function setDn($dn)
{ $this->dn = $dn; }
/**
* {@inheritDoc}
*/
public function getDn()
{ return $this->dn; }
感谢 Alvin 的帮助和出色的 tutorial。