0

早上,我不断收到消息“必须指定用户名”。尝试登录我的应用程序时。连接到 LDAP 没问题,也同步,在我的数据库/表用户中,我看到所有用户名和密码。但是不能用任何人的用户名登录。试图 dd($username) 进入 LoginController,“guard()->attempt”显示“null”。谢谢你的帮助 !

我的版本

Laravel Version: ^7.0
Adldap2-Laravel Version: ^6.1
PHP Version: ^7.2.5
LDAP Type: OpenLDAP

我的 .env

LDAP_HOSTS=ldap.forumsys.com
LDAP_BASE_DN=dc=example,dc=com
LDAP_USERNAME=cn=read-only-admin,dc=example,dc=com
LDAP_PASSWORD=password
LDAP_PASSWORD_SYNC=true

我的 ldap.php

<?php

return [

    'logging' => env('LDAP_LOGGING', false),

     'connections' => [

        'default' => [

                  'auto_connect' => env('LDAP_AUTO_CONNECT', true),

                  'connection' => Adldap\Connections\Ldap::class,

               'settings' => [

               'schema' => Adldap\Schemas\OpenLDAP::class, 

               'account_prefix' => env('LDAP_ACCOUNT_PREFIX', ''),

               'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', ''),

              'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),

               'port' => env('LDAP_PORT', 389),

               'timeout' => env('LDAP_TIMEOUT', 5),

                'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),

                'username' => env('LDAP_USERNAME', 'username'),
                'password' => env('LDAP_PASSWORD', 'secret'),

                'follow_referrals' => false,

                'use_ssl' => env('LDAP_USE_SSL', false),
                'use_tls' => env('LDAP_USE_TLS', false),

            ],

        ],

    ],

];

我的 ldap_auth

<?php

return [

     'connection' => env('LDAP_CONNECTION', 'default'),

    'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,

    'model' => App\User::class,

    'rules' => [

        // Denys deleted users from authenticating.

        Adldap\Laravel\Validation\Rules\DenyTrashed::class,

        // Allows only manually imported users to authenticate.

        // Adldap\Laravel\Validation\Rules\OnlyImported::class,

    ],

    'scopes' => [

        // Only allows users with a user principal name to authenticate.
        // Suitable when using ActiveDirectory.
        // Adldap\Laravel\Scopes\UpnScope::class,

        // Only allows users with a uid to authenticate.
        // Suitable when using OpenLDAP.
        // Adldap\Laravel\Scopes\UidScope::class,

    ],

    'identifiers' => [

        'ldap' => [

            'locate_users_by' => 'uid',

            'bind_users_by' => 'distinguishedname',

        ],

        'database' => [

         'guid_column' => 'objectguid',

            'username_column' => 'username', //'email',

        ],

        'windows' => [

            'locate_users_by' => 'samaccountname',

            'server_key' => 'AUTH_USER',

        ],

    ],

    'passwords' => [

        'sync' => env('LDAP_PASSWORD_SYNC', false),

        'column' => 'password',

    ],

    'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),

    'sync_attributes' => [

        //'email' => 'userprincipalname',

        'username' => 'uid', 

        'name' => 'cn',

    ],

    'logging' => [

        'enabled' => env('LDAP_LOGGING', true),

        'events' => [

            \Adldap\Laravel\Events\Importing::class                 => \Adldap\Laravel\Listeners\LogImport::class,
            \Adldap\Laravel\Events\Synchronized::class              => \Adldap\Laravel\Listeners\LogSynchronized::class,
            \Adldap\Laravel\Events\Synchronizing::class             => \Adldap\Laravel\Listeners\LogSynchronizing::class,
            \Adldap\Laravel\Events\Authenticated::class             => \Adldap\Laravel\Listeners\LogAuthenticated::class,
            \Adldap\Laravel\Events\Authenticating::class            => \Adldap\Laravel\Listeners\LogAuthentication::class,
            \Adldap\Laravel\Events\AuthenticationFailed::class      => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
            \Adldap\Laravel\Events\AuthenticationRejected::class    => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
            \Adldap\Laravel\Events\AuthenticationSuccessful::class  => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
            \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
            \Adldap\Laravel\Events\AuthenticatedWithWindows::class  => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
            \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,

        ],
    ],

];

我的登录控制器

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = RouteServiceProvider::HOME;

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest')->except('logout');
    }

    public function username()
    {
        return 'username';
    }
}
4

2 回答 2

0

我自己也经历过这种痛苦。

看起来您正在使用您的服务帐户连接到 LDAP,但我看不到您将经过身份验证的用户登录到 Laravel的位置。您的用户是否必须在某处的屏幕上提供用户名和密码?如果没有,你如何获取用户并将他们登录到 Laravel?

我在必须通过 LDAP 的业务中这样做的方式是拥有普通的 Laravel 登录页面,但登录控制器中的中间方法通过带有 PW 的服务帐户向 LDAP 发送消息。如果成功,则使用 Laravel 的标准方法登录。基本上只需根据 LDAP 检查 PW,然后登录,而不是检查 Laravel DB。

示例代码 - 这会千差万别,但可以让您了解什么可能有效:

  if(env('LOGIN', false) === 'LDAP'){
        $ldap = new \App\Http\Controllers\ClientSpecific\BaseLDAPController();
        $username = $request->input('username');
        if($ldap->authenticate($username, $request->input('password'))){
            return $this->sendLoginResponse($request);
        }
    }else {
        if ($this->guard()->attempt($credentials, $request->has('remember'))) {
            return $this->sendLoginResponse($request);
        }
    }
于 2020-06-16T20:07:24.210 回答
0

我知道这是一个老问题,但即使在 2020 年我仍然面临这个问题,这花了我很多时间。OpenLDAP实际上,如果您还尝试使用 package.json 将服务器与您的 Laravel 应用程序绑定,那么这个问题非常愚蠢Adldap2-LaravelAdldap2-Laravel默认情况下为 Microsoft 的 Active Directory 配置。但是对于 OpenLDAP,我们需要正确更改Identifiers数组,如下所示..

<?php

return [

     // configurations settings...

    'identifiers' => [

        'ldap' => [

            'locate_users_by' => 'uid', // changed from userprincipalname

            'bind_users_by' => 'dn', // changed from distinguishedname

        ],

        'database' => [

         'guid_column' => 'objectguid',

            'username_column' => 'username', //'email',

        ],

        'windows' => [

            'locate_users_by' => 'samaccountname',

            'server_key' => 'AUTH_USER',

        ],

    ],

    // rest of the configurations...

];

如果我的答案对新手来说不清楚,请告诉我,因为我也是新手。我将尝试更好地解释解决方案:)

于 2020-07-29T09:50:09.910 回答