0

我在 Symfony 中有应用程序。用户使用带有 Oauth 的 FOS 登录。现在我需要添加使用活动目录登录的选项。所以我已经安装了这个包:https ://github.com/Maks3w/FR3DLdapBundle但仍然无法配置它工作。我发布了我的配置和安全文件。任何想法我应该改变什么?

安全.yml

security:

  erase_credentials: false

  encoders:
    FOS\UserBundle\Model\UserInterface: sha512
    #FOS\UserBundle\Model\UserInterface: plaintext
    FR3D\LdapBundle\User\LdapUser: plaintext
  providers:
    chain_provider:
      chain:
        providers: [fos_userbundle, fr3d_ldapbundle]
    fr3d_ldapbundle:
      id: fr3d_ldap.security.user.provider
    fos_userbundle:
      id: fos_user.user_provider.username_email

  role_hierarchy:
    ROLE_USER: ~
    ROLE_ADMIN: [ROLE_USER]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  firewalls:
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false

    doc:
      pattern: ^/api/doc/$
      security: false

    oauth_token:
      pattern:  ^/oauth/v2/token
      security:   false

    passwords:
      pattern: ^/api/password
      security: false

    # Poniżej są metory autoryzacji.
    oauth_authorize:
      pattern:   ^/site|^/fos|^/api
      fr3d_ldap: ~
      fos_oauth: true
      form_login:
        provider: fos_userbundle
        check_path: /fos/login_check
        login_path: /fos/login
      logout:
        path:   /fos/logout
        target: /
      anonymous: true

  access_control:
    - { path: ^/oauth/v2/auth_login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/users/[0-9]+/(avatar|wallpaper), roles: [ IS_AUTHENTICATED_FULLY ] }
    - { path: ^/api/users, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api/groups, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api/menus, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
    - { path: ^/ /, roles: IS_AUTHENTICATED_ANONYMOUSLY }

配置.yml

imports:
  - { resource: parameters.yml }
  - { resource: security.yml }
  - { resource: doctrine_extensions.yml }
  - { resource: services.yml }

framework:
  #esi:       ~
  #translator:    { fallback: "%locale%" }
  secret:      "%secret%"
  router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
  form:      ~
  csrf_protection: ~
  validation:    { enable_annotations: true }
  templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
  default_locale:  "%locale%"
  trusted_hosts:   ~
  trusted_proxies: ~
  session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
  fragments:     ~
  http_method_override: true

# Twig Configuration
twig:
  debug:      "%kernel.debug%"
  strict_variables: "%kernel.debug%"

# Assetic Configuration
assetic:
  debug:      "%kernel.debug%"
  use_controller: false
  bundles:    [ ]
  #java: /usr/bin/java
  filters:
    cssrewrite: ~
    #closure:
    #  jar: "%kernel.root_dir%/Resources/java/compiler.jar"
    #yui_css:
    #  jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"

# Doctrine Configuration
doctrine:
  dbal:
    default_connection: default
    connections:
      default:
        driver:   "%database_driver%"
        host:   "%database_host%"
        port:   "%database_port%"
        dbname:   "%database_name%"
        user:   "%database_user%"
        password: "%database_password%"
        charset:  UTF8
      axp:
        driver_class:   Realestate\MssqlBundle\Driver\PDODblib\Driver
#driver:   "%database_driver2%"
        host:   "%database_host2%"
        #server:   "%database_host2%"
        #port:   "%database_port2%"
        #dbname:   "%database_name2%"
        user:   "%database_user2%"
        password: "%database_password2%"
        #charset:  UTF8

  orm:
    default_entity_manager: default
    entity_managers:
      default:
        connection: default
        auto_mapping: true
      axp:
        connection: axp
        mappings:
          XtrdAxpPeopleBundle: ~

    auto_generate_proxy_classes: "%kernel.debug%"


# Swiftmailer Configuration
swiftmailer:
  transport: "%mailer_transport%"
  host:    "%mailer_host%"
  username:  "%mailer_user%"
  password:  "%mailer_password%"
  spool:   { type: memory }


fos_rest:
  serializer:
    serialize_null: true
  routing_loader:
    default_format: json
  param_fetcher_listener: true
  body_converter:
    enabled: true
    validate: true
  body_listener:
    array_normalizer: fos_rest.normalizer.camel_keys
    decoders:
      json: fos_rest.decoder.jsontoform
  format_listener:
    rules:
       - { path: ^/api, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
       - { path: ^/axp, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
       - { path: ^/, priorities: [ html ], fallback_format: html, prefer_extension: false }
  view:
    serialize_null: true
    view_response_listener: force
    failed_validation: HTTP_UNPROCESSABLE_ENTITY
    formats:
      json: true
      xml: true


nelmio_cors:
  defaults:
    allow_credentials: false
    allow_origin: [ 'http://localhost:4200' ]
    allow_headers: []
    allow_methods: []
    expose_headers: []
    max_age: 0
    hosts: []
  paths:
    '^/':
      origin_regex: true
      allow_origin: ['^http://localhost:[0-9]+', '^http://.*.Xtrd.com', '^http://localhost:8000+']
      allow_headers: ['*']
      allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
      max_age: 3600

fos_oauth_server:
  db_driver: orm
  client_class: Xtrd\IntranetApiBundle\Entity\Client
  access_token_class: Xtrd\IntranetApiBundle\Entity\AccessToken
  refresh_token_class: Xtrd\IntranetApiBundle\Entity\RefreshToken
  auth_code_class: Xtrd\IntranetApiBundle\Entity\AuthCode
  service:
    user_provider: fos_user.user_manager
    #user_provider: fr3d_ldap.security.user.provider

fos_user:
  db_driver: orm
  firewall_name: oauth_authorize
  user_class: Xtrd\IntranetApiBundle\Entity\User
  group:
    group_class: Xtrd\IntranetApiBundle\Entity\Group


parameters:
  jms_serializer.camel_case_naming_strategy.class: JMS\Serializer\Naming\IdenticalPropertyNamingStrategy

jms_serializer:
  handlers:
    datetime:
      default_format: "c" # ISO8601
      default_timezone: "UTC" # defaults to whatever timezone set in php.ini or via date_default_timezone_set

  property_naming:
    separator:
    lower_case: false

  metadata:
    cache: file
    debug: "%kernel.debug%"
    file_cache:
      dir: "%kernel.cache_dir%/serializer"
    auto_detection: true
    directories:
      FOSUserBundle:
        namespace_prefix: "FOS\\UserBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer/fos"
      XtrdExchangeWebServicesBundle:
        namespace_prefix: "Xtrd\\ExchangeWebServicesBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer/ews"
      XtrdIntranetApiBundle:
        namespace_prefix: "Xtrd\\IntranetApiBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer"

  visitors:
    json:
      options: 128 # json_encode options bitmask

fr3d_ldap:
  driver:
    host: xtrd.com
    #port: 389 # Optional
    #username:   # Optional
    #password: # Optional
#    bindRequiresDn: true
    #baseDn: DC=Xtrd,DC=com
#    accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
    #accountFilterFormat: (&(samaccountname=%s))
#     optReferrals:    false  # Optional
    #useSsl: false # Enable SSL negotiation. Optional
#     useStartTls:     true   # Enable TLS negotiation. Optional
#     accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
    #accountDomainName: 
    #accountDomainNameShort:  # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
  user:
    baseDn: dc=xtrd,dc=com
    filter: (&(objectClass=Person))
    # filter: (&(objectClass=user))
    attributes:
     - { ldap_attr: samaccountname, user_method: setUsername }
#      - { ldap_attr: userprincipalname, user_method: setUsername }
    # - { ldap_attr: mail, user_method: setEmail }
    # - { ldap_attr: givenname, user_method: setFirstName }
    # - { ldap_attr: sn, user_method: setLastName }
    # - { ldap_attr: description, user_method: setDescription }
    # - { ldap_attr: password, user_method: setPassword }
  #service:
    #user_manager: fos_user.user_manager      # Overrides default user manager
    #ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager
4

1 回答 1

1

你有没有看过我的 Symfony AD 集成帖子:

https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/

我看到您使用的是 REST API,因此您的配置可能与我的有所不同。我的建议是创建一个新的 Symphony 项目,并确保您可以首先让 LDAP 身份验证正常工作,然后再让 AD 身份验证正常工作。

顺便说一句,我不得不花很多时间来完成这项工作,所以希望这篇博文对你有所帮助。

于 2016-07-13T15:52:43.490 回答