我对 laravel 和 AD 身份验证完全陌生。我一直在关注这些教程,但遇到了以下问题,尝试启动应用程序时找不到解决方案。
我已设置,' auto_connect '=> true并且此错误出现在任何尝试从我的页面访问任何方向的尝试。
如果您还可以向我解释这两个功能的基础bind以及bindAsAdministrator它们想要链接的项目,那就太好了:
值得一提的是,我的表有一个username字段。
我的config/adldap.php:
/*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, anytime Adldap is instantiated it will automatically
| connect to your AD server. If this is set to false, you must connect manually
| using: Adldap::connect().
|
*/
'auto_connect' => true,
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run operations on.
|
| You can also set this option to `null` to use the default connection class.
|
| Custom connection classes must implement \Adldap\Contracts\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| Custom schema classes must implement \Adldap\Contracts\Schemas\SchemaInterface
|
*/
'schema' => Adldap\Schemas\ActiveDirectory::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'connection_settings' => [
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in AD.
|
| For example, if you'd prefer your users to use only their username instead
| of specifying a domain ('ACME\jdoe'), enter your domain name.
|
*/
'account_prefix' => '',
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in AD.
|
| For example, if your domain DN is DC=corp,DC=acme,DC=org, then your
| account suffix would be @corp.acme.org. This is then appended to
| then end of your user accounts on authentication.
|
*/
'account_suffix' => '',
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'domain_controllers' => ['190.168.124.147'],
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your AD server.
|
*/
'port' => 80,
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => 5,
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd like
| to perform operations on. An example base DN would be DC=corp,DC=acme,DC=org.
|
| If one is not defined, then Adldap will try to find it automatically
| by querying your server. It's recommended to include it to
| limit queries executed per request.
|
*/
'base_dn' => '',
/*
|--------------------------------------------------------------------------
| Administrator Account Suffix
|--------------------------------------------------------------------------
|
| This option allows you to set a different account suffix for your
| configured administrator account upon binding.
|
| If left empty, your `account_suffix` option will be used.
|
*/
'admin_account_suffix' => '',
/*
|--------------------------------------------------------------------------
| Administrator Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your AD server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'foo\saaa'),
'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'kaa@taa'),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => false,
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols. One of these options are definitely recommended
| if you have the ability to connect to your server securely.
|
*/
'use_ssl' => false,
'use_tls' => false,
我Auth\Guard.php的问题线:
public function bind($username, $password, $prefix = null, $suffix = null)
{
// We'll allow binding with a null username and password
// if their empty. This will allow us to anonymously
// bind to our servers if needed.
$username = $username ?: null;
$password = $password ?: null;
if ($username) {
// If the username isn't empty, we'll append the configured
// account prefix and suffix to bind to the LDAP server.
$prefix = is_null($prefix) ? $this->configuration->getAccountPrefix() : $prefix;
$suffix = is_null($suffix) ? $this->configuration->getAccountSuffix() : $suffix;
$username = $prefix.$username.$suffix;
}
// We'll mute any exceptions / warnings here. All we need to know
// is if binding failed and we'll throw our own exception.
if (!@$this->connection->bind($username, $password)) {
throw new BindException($this->connection->getLastError(), $this->connection->errNo());
}
}
我的config\auth.php:
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'api' => [
'driver' => 'token',
'provider' => 'users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'adldap',
'model' => App\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
'email' => 'auth.emails.password',
'table' => 'password_resets',
'expire' => 60,
],
],
我的User.php:
<?php
namespace App;
use Illuminate\Foundation\Auth\User as Authenticatable;
class User extends Authenticatable
{
/**
* The attributes that are mass assignable.
*
* @var array
*/
protected $fillable = [
'name', 'email', 'password','username'
];
/**
* The attributes that should be hidden for arrays.
*
* @var array
*/
protected $hidden = [
'password', 'remember_token',
];
}
我的AuthController.php:
namespace App\Http\Controllers\Auth;
use App\User;
use Validator;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Adldap\Contracts\AdldapInterface;
class AuthController extends Controller
{
/*
|--------------------------------------------------------------------------
| Registration & Login Controller
|--------------------------------------------------------------------------
|
| This controller handles the registration of new users, as well as the
| authentication of existing users. By default, this controller uses
| a simple trait to add these behaviors. Why don't you explore it?
|
*/
use AuthenticatesAndRegistersUsers, ThrottlesLogins;
/**
* Where to redirect users after login / registration.
*
* @var string
*/
protected $redirectTo = '/tickets';
/**
* @var Adldap
*/
protected $adldap;
/**
* Create a new authentication controller instance.
*
* @return void
*/
public function __construct(AdldapInterface $adldap)
{
$this->middleware($this->guestMiddleware(), ['except' => 'logout']);
$this->adldap = $adldap;
}
/**
* Get a validator for an incoming registration request.
*
* @param array $data
* @return \Illuminate\Contracts\Validation\Validator
*/
protected function validator(array $data)
{
return Validator::make($data, [
'name' => 'required|max:255',
'email' => 'required|email|max:255|unique:users',
'password' => 'required|min:6|confirmed',
]);
}
/**
* Create a new user instance after a valid registration.
*
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create([
'name' => $data['name'],
'email' => $data['email'],
'password' => bcrypt($data['password']),
]);
}
/**
* Handle a login request to the application.
*
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response
*/
public function login(Request $request)
{
if ($this->adldap->auth()->attempt($request->email, $request->password, TRUE )) {
return 'entro';
// $this->validateLogin($request);
// // If the class is using the ThrottlesLogins trait, we can automatically throttle
// // the login attempts for this application. We'll key this by the username and
// // the IP address of the client making these requests into this application.
// $throttles = $this->isUsingThrottlesLoginsTrait();
// if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
// $this->fireLockoutEvent($request);
// return $this->sendLockoutResponse($request);
// }
// $credentials = $this->getCredentials($request);
// if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
// return $this->handleUserWasAuthenticated($request, $throttles);
// }
// // If the login attempt was unsuccessful we will increment the number of attempts
// // to login and redirect the user back to the login form. Of course, when this
// // user surpasses their maximum number of attempts they will get locked out.
// if ($throttles && ! $lockedOut) {
// $this->incrementLoginAttempts($request);
// }
// return $this->sendFailedLoginResponse($request);
}
}
}