Swap out adldap2/adldap2 for directorytree/ldaprecord-laravel

This commit is contained in:
Deon George 2020-09-13 23:41:26 +10:00
parent f323be3d7f
commit 15ff508429
14 changed files with 302 additions and 842 deletions

View File

@ -44,3 +44,8 @@ PUSHER_APP_CLUSTER=mt1
MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
LDAP_HOST=
LDAP_BASE_DN=
LDAP_USERNAME=
LDAP_PASSWORD=

View File

@ -26,7 +26,7 @@ With that PLA is going under a major revamp in preparation for v2 and will aim t
Some of the creations planned to be used in v2 include:
* Laravel (https://laravel.com)
* adldap2/adldap2 (https://github.com/Adldap2/Adldap2)
* directorytree/ldaprecord-laravel (https://ldaprecord.com/)
* JQuery (https://jquery.com)
* FancyTree (https://github.com/mar10/fancytree)
* ArchitectUI (https://architectui.com)

View File

@ -2,8 +2,7 @@
namespace App\Classes\LDAP;
use Adldap\Adldap;
use Adldap\Models\Entry;
use App\Ldap\Entry;
use Illuminate\Support\Collection;
class Server
@ -42,11 +41,10 @@ class Server
protected function getDNAttrValues(string $dn,array $attrs=['*','+'],int $deref=LDAP_DEREF_NEVER): ?Entry
{
try {
return ($x=(new Adldap)
->addProvider(config('ldap.connections.default.settings'))
->search()
return ($x=(new Entry)
->query()
->select($attrs)
->findByDn($dn)) ? $x : NULL;
->find($dn)) ? $x : NULL;
// @todo Tidy up this exception
} catch (\Exception $e) {
@ -60,14 +58,13 @@ class Server
* @param $dn
* @return |null
*/
public function fetch(string $dn,array $attributes=['*'])
public function fetch(string $dn,array $attrs=['*','+'])
{
try {
return ($x=(new Adldap)
->addProvider(config('ldap.connections.default.settings'))
->search()
->select($attributes)
->findByDn($dn)) ? $x : NULL;
return ($x=(new Entry)
->query()
->select($attrs)
->find($dn)) ? $x : NULL;
// @todo Tidy up this exception
} catch (\Exception $e) {
@ -84,11 +81,9 @@ class Server
public function query(string $dn)
{
try {
return ($x=(new Adldap)
->addProvider(config('ldap.connections.default.settings'))
->search()
->setBaseDn($dn)
//->select($attrs)
return ($x=(new Entry)
->query()
->setDn($dn)
->listing()
->get()) ? $x : NULL;

View File

@ -3,9 +3,9 @@
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Collection;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\Log;
use LdapRecord\Query\Collection;
use App\Classes\LDAP\Server;
@ -31,6 +31,10 @@ class APIController extends Controller
});
}
/**
* @param Request $request
* @return Collection
*/
public function query(Request $request): Collection
{
$levels = $request->query('depth',1);
@ -41,14 +45,12 @@ class APIController extends Controller
->query($dn)
->transform(function($item) {
return [
'title'=>$item->getDistinguishedName(),
'item'=>Crypt::encryptString($item->getDistinguishedName()),
'title'=>$item->getDn(),
'item'=>Crypt::encryptString($item->getDn()),
'icon'=>'fa-fw fas fa-sitemap',
'lazy'=>TRUE,
'tooltip'=>$item->getDistinguishedName(),
'tooltip'=>$item->getDn(),
];
});
Log::debug(sprintf('%s: Query [%s] - Levels [%d]: %s',__METHOD__,$dn,$levels,serialize($x)));
}
}

View File

@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
class LoginController extends Controller
{
@ -38,6 +39,14 @@ class LoginController extends Controller
$this->middleware('guest')->except('logout');
}
protected function credentials(Request $request): array
{
return [
'mail' => $request->get('email'),
'password' => $request->get('password'),
];
}
/**
* Show our themed login page
*/
@ -50,14 +59,4 @@ class LoginController extends Controller
return view('architect::auth.login')->with('login_note',$login_note);
}
/**
* Get the login username to be used by the controller.
*
* @return string
*/
public function username()
{
return config('ldap_auth.identifiers.ldap.locate_users_by');
}
}

15
app/Ldap/Entry.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace App\Ldap;
use LdapRecord\Models\Model;
class Entry extends Model
{
/**
* The object classes of the LDAP model.
*
* @var array
*/
public static $objectClasses = [];
}

20
app/Ldap/User.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace App\Ldap;
use Laravel\Passport\HasApiTokens;
use LdapRecord\Models\OpenLDAP\User as Model;
class User extends Model
{
use HasApiTokens;
/**
* The object classes of the LDAP model.
*
* @var array
*/
public static $objectClasses = [
'posixAccount',
];
}

View File

@ -1,81 +0,0 @@
<?php
namespace App;
use Laravel\Passport\HasApiTokens;
use Adldap\Models\User as BaseModel;
class LdapUser extends BaseModel
{
use HasApiTokens;
/**
* Get all of the user's registered OAuth clients.
*
* @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
public function clients()
{
// return $this->hasMany(Passport::clientModel(), 'user_id');
}
/**
* Get all of the access tokens for the user.
*
* @return \Illuminate\Database\Eloquent\Relations\HasMany
*/
public function tokens()
{
// return $this->hasMany(Passport::tokenModel(), 'user_id')->orderBy('created_at', 'desc');
}
/**
* Get the current access token being used by the user.
*
* @return \Laravel\Passport\Token|null
*/
public function token()
{
return $this->accessToken;
}
/**
* Determine if the current API token has a given scope.
*
* @param string $scope
* @return bool
*/
public function tokenCan($scope)
{
return $this->accessToken ? $this->accessToken->can($scope) : false;
}
/**
* Create a new personal access token for the user.
*
* @param string $name
* @param array $scopes
*
* @return \Laravel\Passport\PersonalAccessTokenResult
*/
public function createToken($name, array $scopes = [])
{
return Container::getInstance()->make(PersonalAccessTokenFactory::class)->make(
$this->getKey(), $name, $scopes
);
}
/**
* Set the current access token for the user.
*
* @param \Laravel\Passport\Token $accessToken
*
* @return $this
*/
public function withAccessToken($accessToken)
{
$this->accessToken = $accessToken;
return $this;
}
}

View File

@ -9,7 +9,7 @@
"license": "MIT",
"require": {
"php": "^7.2.5",
"adldap2/adldap2-laravel": "^6.0",
"directorytree/ldaprecord-laravel": "^1.7",
"fideloper/proxy": "^4.2",
"fruitcake/laravel-cors": "^2.0",
"guzzlehttp/guzzle": "^6.3",

273
composer.lock generated
View File

@ -4,121 +4,8 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "6af914ca38690bee00357e0090846450",
"content-hash": "3305fba3e359e4cd7e2d41c6a65c7437",
"packages": [
{
"name": "adldap2/adldap2",
"version": "v10.3.0",
"source": {
"type": "git",
"url": "https://github.com/Adldap2/Adldap2.git",
"reference": "1294c92746e3fb3bb59cd7756ca7838a1e705a2a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Adldap2/Adldap2/zipball/1294c92746e3fb3bb59cd7756ca7838a1e705a2a",
"reference": "1294c92746e3fb3bb59cd7756ca7838a1e705a2a",
"shasum": ""
},
"require": {
"ext-json": "*",
"ext-ldap": "*",
"illuminate/contracts": "~5.0|~6.0|~7.0",
"php": ">=7.0",
"psr/log": "~1.0",
"psr/simple-cache": "~1.0",
"tightenco/collect": "~5.0|~6.0|~7.0"
},
"require-dev": {
"mockery/mockery": "~1.0",
"phpunit/phpunit": "~6.0"
},
"suggest": {
"ext-fileinfo": "fileinfo is required when retrieving user encoded thumbnails"
},
"type": "library",
"autoload": {
"psr-4": {
"Adldap\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Steve Bauman",
"email": "steven_bauman@outlook.com",
"role": "Developer"
}
],
"description": "A PHP LDAP Package for humans.",
"keywords": [
"active directory",
"ad",
"adLDAP",
"adldap2",
"directory",
"ldap",
"windows"
],
"time": "2020-05-04T21:10:15+00:00"
},
{
"name": "adldap2/adldap2-laravel",
"version": "v6.1.1",
"source": {
"type": "git",
"url": "https://github.com/Adldap2/Adldap2-Laravel.git",
"reference": "c72a2e3757919c39d6a03bd345ec4e586284825c"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Adldap2/Adldap2-Laravel/zipball/c72a2e3757919c39d6a03bd345ec4e586284825c",
"reference": "c72a2e3757919c39d6a03bd345ec4e586284825c",
"shasum": ""
},
"require": {
"adldap2/adldap2": "^10.1",
"illuminate/support": "~5.5|~6.0|~7.0",
"php": ">=7.1"
},
"require-dev": {
"mockery/mockery": "~1.0",
"orchestra/testbench": "~3.7",
"phpunit/phpunit": "~7.0"
},
"type": "project",
"extra": {
"laravel": {
"providers": [
"Adldap\\Laravel\\AdldapServiceProvider",
"Adldap\\Laravel\\AdldapAuthServiceProvider"
],
"aliases": {
"Adldap": "Adldap\\Laravel\\Facades\\Adldap"
}
}
},
"autoload": {
"psr-4": {
"Adldap\\Laravel\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "LDAP Authentication & Management for Laravel.",
"keywords": [
"adLDAP",
"adldap2",
"laravel",
"ldap"
],
"time": "2020-06-02T00:45:05+00:00"
},
{
"name": "asm89/stack-cors",
"version": "v2.0.1",
@ -345,6 +232,130 @@
],
"time": "2018-07-24T23:27:56+00:00"
},
{
"name": "directorytree/ldaprecord",
"version": "v1.10.1",
"source": {
"type": "git",
"url": "https://github.com/DirectoryTree/LdapRecord.git",
"reference": "601e2fb47802795b27ea6052e78557c56f397082"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/601e2fb47802795b27ea6052e78557c56f397082",
"reference": "601e2fb47802795b27ea6052e78557c56f397082",
"shasum": ""
},
"require": {
"ext-json": "*",
"ext-ldap": "*",
"illuminate/contracts": "^5.0|^6.0|^7.0|^8.0",
"nesbot/carbon": "^1.0|^2.0",
"php": ">=7.2",
"psr/log": "^1.0",
"psr/simple-cache": "^1.0",
"tightenco/collect": "^5.0|^6.0|^7.0|^8.0"
},
"require-dev": {
"mockery/mockery": "^1.0",
"phpunit/phpunit": "^6.0"
},
"type": "library",
"autoload": {
"psr-4": {
"LdapRecord\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Steve Bauman",
"email": "steven_bauman@outlook.com",
"role": "Developer"
}
],
"description": "A fully-featured LDAP ORM.",
"homepage": "https://www.ldaprecord.com",
"keywords": [
"active directory",
"ad",
"adLDAP",
"adldap2",
"directory",
"ldap",
"ldaprecord",
"orm",
"windows"
],
"funding": [
{
"url": "https://github.com/stevebauman",
"type": "github"
}
],
"time": "2020-09-08T16:57:58+00:00"
},
{
"name": "directorytree/ldaprecord-laravel",
"version": "v1.7.1",
"source": {
"type": "git",
"url": "https://github.com/DirectoryTree/LdapRecord-Laravel.git",
"reference": "98e6698057321aef9d777bfe312bd1d968a5d67e"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/DirectoryTree/LdapRecord-Laravel/zipball/98e6698057321aef9d777bfe312bd1d968a5d67e",
"reference": "98e6698057321aef9d777bfe312bd1d968a5d67e",
"shasum": ""
},
"require": {
"directorytree/ldaprecord": "^1.8.2",
"ext-ldap": "*",
"illuminate/support": "^5.6|^6.0|^7.0|^8.0",
"php": ">=7.2"
},
"require-dev": {
"mockery/mockery": "~1.0",
"orchestra/testbench": "~3.7|~4.0|~5.0|~6.0",
"phpunit/phpunit": "~7.0|~8.0|~9.0"
},
"type": "project",
"extra": {
"laravel": {
"providers": [
"LdapRecord\\Laravel\\LdapServiceProvider",
"LdapRecord\\Laravel\\LdapAuthServiceProvider"
]
}
},
"autoload": {
"psr-4": {
"LdapRecord\\Laravel\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"description": "LDAP Authentication & Management for Laravel.",
"keywords": [
"adldap2",
"laravel",
"ldap",
"ldaprecord"
],
"funding": [
{
"url": "https://github.com/stevebauman",
"type": "github"
}
],
"time": "2020-09-08T18:14:11+00:00"
},
{
"name": "doctrine/inflector",
"version": "2.0.3",
@ -2141,16 +2152,16 @@
},
{
"name": "nesbot/carbon",
"version": "2.39.1",
"version": "2.39.2",
"source": {
"type": "git",
"url": "https://github.com/briannesbitt/Carbon.git",
"reference": "7af467873250583cc967a59ee9df29fabab193c1"
"reference": "326efde1bc09077a26cb77f6e2e32e13f06c27f2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/7af467873250583cc967a59ee9df29fabab193c1",
"reference": "7af467873250583cc967a59ee9df29fabab193c1",
"url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/326efde1bc09077a26cb77f6e2e32e13f06c27f2",
"reference": "326efde1bc09077a26cb77f6e2e32e13f06c27f2",
"shasum": ""
},
"require": {
@ -2226,7 +2237,7 @@
"type": "tidelift"
}
],
"time": "2020-09-04T13:11:37+00:00"
"time": "2020-09-10T12:16:42+00:00"
},
{
"name": "nyholm/psr7",
@ -5389,16 +5400,16 @@
},
{
"name": "symfony/translation-contracts",
"version": "v2.1.3",
"version": "v2.2.0",
"source": {
"type": "git",
"url": "https://github.com/symfony/translation-contracts.git",
"reference": "616a9773c853097607cf9dd6577d5b143ffdcd63"
"reference": "77ce1c3627c9f39643acd9af086631f842c50c4d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/symfony/translation-contracts/zipball/616a9773c853097607cf9dd6577d5b143ffdcd63",
"reference": "616a9773c853097607cf9dd6577d5b143ffdcd63",
"url": "https://api.github.com/repos/symfony/translation-contracts/zipball/77ce1c3627c9f39643acd9af086631f842c50c4d",
"reference": "77ce1c3627c9f39643acd9af086631f842c50c4d",
"shasum": ""
},
"require": {
@ -5410,7 +5421,7 @@
"type": "library",
"extra": {
"branch-alias": {
"dev-master": "2.1-dev"
"dev-master": "2.2-dev"
},
"thanks": {
"name": "symfony/contracts",
@ -5460,7 +5471,7 @@
"type": "tidelift"
}
],
"time": "2020-07-06T13:23:11+00:00"
"time": "2020-09-07T11:33:47+00:00"
},
{
"name": "symfony/var-dumper",
@ -5554,16 +5565,16 @@
},
{
"name": "tightenco/collect",
"version": "v7.26.1",
"version": "v8.0.0",
"source": {
"type": "git",
"url": "https://github.com/tightenco/collect.git",
"reference": "5e460929279ad806e59fc731e649e9b25fc8774a"
"url": "https://github.com/tighten/collect.git",
"reference": "90aa058ca9250eebc3e07f25377949f43855ecae"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/tightenco/collect/zipball/5e460929279ad806e59fc731e649e9b25fc8774a",
"reference": "5e460929279ad806e59fc731e649e9b25fc8774a",
"url": "https://api.github.com/repos/tighten/collect/zipball/90aa058ca9250eebc3e07f25377949f43855ecae",
"reference": "90aa058ca9250eebc3e07f25377949f43855ecae",
"shasum": ""
},
"require": {
@ -5600,7 +5611,7 @@
"collection",
"laravel"
],
"time": "2020-09-05T00:05:48+00:00"
"time": "2020-09-08T16:43:13+00:00"
},
{
"name": "tijsverkoyen/css-to-inline-styles",

View File

@ -38,7 +38,7 @@ return [
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
'provider' => 'ldap',
],
'api' => [
@ -68,13 +68,18 @@ return [
'providers' => [
'users' => [
'driver' => 'ldap',
// 'model' => App\User::class,
'model' => App\Ldap\User::class,
],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
'ldap' => [
'driver' => 'ldap',
'model' => App\Ldap\User::class,
],
],
/*

View File

@ -4,242 +4,70 @@ return [
/*
|--------------------------------------------------------------------------
| Logging
| Default LDAP Connection Name
|--------------------------------------------------------------------------
|
| This option enables logging all LDAP operations on all configured
| connections such as bind requests and CRUD operations.
|
| Log entries will be created in your default logging stack.
|
| This option is extremely helpful for debugging connectivity issues.
| Here you may specify which of the LDAP connections below you wish
| to use as your default connection for all LDAP operations. Of
| course you may add as many connections you'd like below.
|
*/
'logging' => env('LDAP_LOGGING', false),
'default' => env('LDAP_CONNECTION', 'default'),
/*
|--------------------------------------------------------------------------
| Connections
| LDAP Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
| Below you may configure each LDAP connection your application requires
| access to. Be sure to include a valid base DN - otherwise you may
| not receive any results when performing LDAP search operations.
|
*/
'connections' => [
'default' => [
/*
|--------------------------------------------------------------------------
| Auto Connect
|--------------------------------------------------------------------------
|
| If auto connect is true, Adldap will try to automatically connect to
| your LDAP server in your configuration. This allows you to assume
| connectivity rather than having to connect manually
| in your application.
|
| If this is set to false, you **must** connect manually before running
| LDAP operations. Otherwise, you will receive exceptions.
|
*/
'auto_connect' => env('LDAP_AUTO_CONNECT', true),
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The connection class to use to run raw LDAP operations on.
|
| Custom connection classes must implement:
|
| Adldap\Connections\ConnectionInterface
|
*/
'connection' => Adldap\Connections\Ldap::class,
/*
|--------------------------------------------------------------------------
| Connection Settings
|--------------------------------------------------------------------------
|
| This connection settings array is directly passed into the Adldap constructor.
|
| Feel free to add or remove settings you don't need.
|
*/
'settings' => [
/*
|--------------------------------------------------------------------------
| Schema
|--------------------------------------------------------------------------
|
| The schema class to use for retrieving attributes and generating models.
|
| You can also set this option to `null` to use the default schema class.
|
| For OpenLDAP, you must use the schema:
|
| Adldap\Schemas\OpenLDAP::class
|
| For FreeIPA, you must use the schema:
|
| Adldap\Schemas\FreeIPA::class
|
| Custom schema classes must implement Adldap\Schemas\SchemaInterface
|
*/
//'schema' => Adldap\Schemas\OpenLDAP::class,
'schema' => App\Schema\Adldap::class,
/*
|--------------------------------------------------------------------------
| Account Prefix
|--------------------------------------------------------------------------
|
| The account prefix option is the prefix of your user accounts in LDAP directory.
|
| This string is prepended to all authenticating users usernames.
|
*/
'account_prefix' => env('LDAP_ACCOUNT_PREFIX', 'prefix'),
/*
|--------------------------------------------------------------------------
| Account Suffix
|--------------------------------------------------------------------------
|
| The account suffix option is the suffix of your user accounts in your LDAP directory.
|
| This string is appended to all authenticating users usernames.
|
*/
'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', 'suffix'),
/*
|--------------------------------------------------------------------------
| Domain Controllers
|--------------------------------------------------------------------------
|
| The domain controllers option is an array of servers located on your
| network that serve Active Directory. You can insert as many servers or
| as little as you'd like depending on your forest (with the
| minimum of one of course).
|
| These can be IP addresses of your server(s), or the host name.
|
*/
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
/*
|--------------------------------------------------------------------------
| Port
|--------------------------------------------------------------------------
|
| The port option is used for authenticating and binding to your LDAP server.
|
*/
'port' => env('LDAP_PORT', 389),
/*
|--------------------------------------------------------------------------
| Timeout
|--------------------------------------------------------------------------
|
| The timeout option allows you to configure the amount of time in
| seconds that your application waits until a response
| is received from your LDAP server.
|
*/
'timeout' => env('LDAP_TIMEOUT', 5),
/*
|--------------------------------------------------------------------------
| Base Distinguished Name
|--------------------------------------------------------------------------
|
| The base distinguished name is the base distinguished name you'd
| like to perform query operations on. An example base DN would be:
|
| dc=corp,dc=acme,dc=org
|
| A correct base DN is required for any query results to be returned.
|
*/
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
/*
|--------------------------------------------------------------------------
| LDAP Username & Password
|--------------------------------------------------------------------------
|
| When connecting to your LDAP server, a username and password is required
| to be able to query and run operations on your server(s). You can
| use any user account that has these permissions. This account
| does not need to be a domain administrator unless you
| require changing and resetting user passwords.
|
*/
'username' => env('LDAP_USERNAME'),
'password' => env('LDAP_PASSWORD'),
/*
|--------------------------------------------------------------------------
| Follow Referrals
|--------------------------------------------------------------------------
|
| The follow referrals option is a boolean to tell active directory
| to follow a referral to another server on your network if the
| server queried knows the information your asking for exists,
| but does not yet contain a copy of it locally.
|
| This option is defaulted to false.
|
*/
'follow_referrals' => false,
/*
|--------------------------------------------------------------------------
| SSL & TLS
|--------------------------------------------------------------------------
|
| If you need to be able to change user passwords on your server, then an
| SSL or TLS connection is required. All other operations are allowed
| on unsecured protocols.
|
| One of these options are definitely recommended if you
| have the ability to connect to your server securely.
|
*/
'use_ssl' => env('LDAP_USE_SSL', false),
'use_tls' => env('LDAP_USE_TLS', false),
],
'name' => 'OpenLDAP',
'hosts' => [env('LDAP_HOST', '127.0.0.1')],
'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
'password' => env('LDAP_PASSWORD', 'secret'),
'port' => env('LDAP_PORT', 389),
'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
'timeout' => env('LDAP_TIMEOUT', 5),
'use_ssl' => env('LDAP_SSL', false),
'use_tls' => env('LDAP_TLS', false),
],
],
/*
|--------------------------------------------------------------------------
| LDAP Logging
|--------------------------------------------------------------------------
|
| When LDAP logging is enabled, all LDAP search and authentication
| operations are logged using the default application logging
| driver. This can assist in debugging issues and more.
|
*/
'logging' => env('LDAP_LOGGING', true),
/*
|--------------------------------------------------------------------------
| LDAP Cache
|--------------------------------------------------------------------------
|
| LDAP caching enables the ability of caching search results using the
| query builder. This is great for running expensive operations that
| may take many seconds to complete, such as a pagination request.
|
*/
'cache' => [
'enabled' => env('LDAP_CACHE', false),
'driver' => env('CACHE_DRIVER', 'file'),
],
];

View File

@ -1,339 +0,0 @@
<?php
return [
/*
|--------------------------------------------------------------------------
| Connection
|--------------------------------------------------------------------------
|
| The LDAP connection to use for Laravel authentication.
|
| You must specify connections in your `config/ldap.php` configuration file.
|
*/
'connection' => env('LDAP_CONNECTION', 'default'),
/*
|--------------------------------------------------------------------------
| Provider
|--------------------------------------------------------------------------
|
| The LDAP authentication provider to use depending
| if you require database synchronization.
|
| For synchronizing LDAP users to your local applications database, use the provider:
|
| Adldap\Laravel\Auth\DatabaseUserProvider::class
|
| Otherwise, if you just require LDAP authentication, use the provider:
|
| Adldap\Laravel\Auth\NoDatabaseUserProvider::class
|
*/
'provider' => Adldap\Laravel\Auth\NoDatabaseUserProvider::class,
/*
|--------------------------------------------------------------------------
| Model
|--------------------------------------------------------------------------
|
| The model to utilize for authentication and importing.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'model' => App\User::class,
/*
|--------------------------------------------------------------------------
| Rules
|--------------------------------------------------------------------------
|
| Rules allow you to control user authentication requests depending on scenarios.
|
| You can create your own rules and insert them here.
|
| All rules must extend from the following class:
|
| Adldap\Laravel\Validation\Rules\Rule
|
*/
'rules' => [
// Denys deleted users from authenticating.
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
// Allows only manually imported users to authenticate.
// Adldap\Laravel\Validation\Rules\OnlyImported::class,
],
/*
|--------------------------------------------------------------------------
| Scopes
|--------------------------------------------------------------------------
|
| Scopes allow you to restrict the LDAP query that locates
| users upon import and authentication.
|
| All scopes must implement the following interface:
|
| Adldap\Laravel\Scopes\ScopeInterface
|
*/
'scopes' => [
// Only allows users with a user principal name to authenticate.
// Suitable when using ActiveDirectory.
// Adldap\Laravel\Scopes\UpnScope::class,
// Only allows users with a uid to authenticate.
// Suitable when using OpenLDAP.
// Adldap\Laravel\Scopes\UidScope::class,
],
'identifiers' => [
/*
|--------------------------------------------------------------------------
| LDAP
|--------------------------------------------------------------------------
|
| Locate Users By:
|
| This value is the users attribute you would like to locate LDAP
| users by in your directory.
|
| For example, using the default configuration below, if you're
| authenticating users with an email address, your LDAP server
| will be queried for a user with the a `userprincipalname`
| equal to the entered email address.
|
| Bind Users By:
|
| This value is the users attribute you would
| like to use to bind to your LDAP server.
|
| For example, when a user is located by the above attribute,
| the users attribute you specify below will be used as
| the 'username' to bind to your LDAP server.
|
| This is usually their distinguished name.
|
*/
'ldap' => [
'locate_users_by' => 'mail',
'bind_users_by' => 'dn',
],
'database' => [
/*
|--------------------------------------------------------------------------
| GUID Column
|--------------------------------------------------------------------------
|
| The value of this option is the database column that will contain the
| LDAP users global identifier. This column does not need to be added
| to the sync attributes below. It is synchronized automatically.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'guid_column' => 'objectguid',
/*
|--------------------------------------------------------------------------
| Username Column
|--------------------------------------------------------------------------
|
| The value of this option is the database column that contains your
| users login username.
|
| This column must be added to your sync attributes below to be
| properly synchronized.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'username_column' => 'mail',
],
/*
|--------------------------------------------------------------------------
| Windows Authentication Middleware (SSO)
|--------------------------------------------------------------------------
|
| Local Users By:
|
| This value is the users attribute you would like to locate LDAP
| users by in your directory.
|
| For example, if 'samaccountname' is the value, then your LDAP server is
| queried for a user with the 'samaccountname' equal to the value of
| $_SERVER['AUTH_USER'].
|
| If a user is found, they are imported (if using the DatabaseUserProvider)
| into your local database, then logged in.
|
| Server Key:
|
| This value represents the 'key' of the $_SERVER
| array to pull the users account name from.
|
| For example, $_SERVER['AUTH_USER'].
|
*/
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
'passwords' => [
/*
|--------------------------------------------------------------------------
| Password Sync
|--------------------------------------------------------------------------
|
| The password sync option allows you to automatically synchronize users
| LDAP passwords to your local database. These passwords are hashed
| natively by Laravel using the Hash::make() method.
|
| Enabling this option would also allow users to login to their accounts
| using the password last used when an LDAP connection was present.
|
| If this option is disabled, the local database account is applied a
| random 16 character hashed password upon first login, and will
| lose access to this account upon loss of LDAP connectivity.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'sync' => env('LDAP_PASSWORD_SYNC', false),
/*
|--------------------------------------------------------------------------
| Column
|--------------------------------------------------------------------------
|
| This is the column of your users database table
| that is used to store passwords.
|
| Set this to `null` if you do not have a password column.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'column' => 'password',
],
/*
|--------------------------------------------------------------------------
| Login Fallback
|--------------------------------------------------------------------------
|
| The login fallback option allows you to login as a user located on the
| local database if active directory authentication fails.
|
| Set this to true if you would like to enable it.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
/*
|--------------------------------------------------------------------------
| Sync Attributes
|--------------------------------------------------------------------------
|
| Attributes specified here will be added / replaced on the user model
| upon login, automatically synchronizing and keeping the attributes
| up to date.
|
| The array key represents the users Laravel model key, and
| the value represents the users LDAP attribute.
|
| You **must** include the users login attribute here.
|
| This option is only applicable to the DatabaseUserProvider.
|
*/
'sync_attributes' => [
'mail' => 'userprincipalname',
'name' => 'cn',
],
/*
|--------------------------------------------------------------------------
| Logging
|--------------------------------------------------------------------------
|
| User authentication attempts will be logged using Laravel's
| default logger if this setting is enabled.
|
| No credentials are logged, only usernames.
|
| This is usually stored in the '/storage/logs' directory
| in the root of your application.
|
| This option is useful for debugging as well as auditing.
|
| You can freely remove any events you would not like to log below,
| as well as use your own listeners if you would prefer.
|
*/
'logging' => [
'enabled' => env('LDAP_LOGGING', true),
'events' => [
\Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
\Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
\Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
\Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
\Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
\Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
\Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
\Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
\Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
\Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
\Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,
],
],
];

View File

@ -14,20 +14,9 @@
<br>
@endisset
@if (count($errors) > 0)
<div class="alert alert-danger">
<strong>Whoops!</strong> {{ trans('adminlte_lang::message.someproblems') }}<br><br>
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
@if (Session::has('error'))
<div class="alert alert-danger">
<strong>Whoops!</strong> {{ trans('adminlte_lang::message.someproblems') }}<br><br>
<strong>Hmm...</strong> {{ trans('message.someproblems') }}<br><br>
<ul>
<li>{{ Session::get('error') }}</li>
</ul>
@ -42,20 +31,21 @@
<div class="mx-auto app-login-box col-md-8">
<div class="modal-dialog w-100 mx-auto">
<div class="modal-content">
<form method="post">
{{ csrf_field() }}
<div class="modal-body">
<div class="h5 modal-title text-center">
<h4 class="mt-2">
<div class="app-logo mx-auto mb-3"><img class="w-75" src="{{ url('img/logo-h-lg.png') }}"></div>
<small>Please sign in to your account below.</small>
</h4>
</div>
<form method="post">
{{ csrf_field() }}
<div class="modal-body">
<div class="h5 modal-title text-center">
<h4 class="mt-2">
<div class="app-logo mx-auto mb-3"><img class="w-75" src="{{ url('img/logo-h-lg.png') }}"></div>
<small>Please sign in to your account below.</small>
</h4>
</div>
<div class="form-row">
<div class="col-md-12">
<div class="position-relative form-group">
<input name="{{ config('ldap_auth.identifiers.ldap.locate_users_by') }}" id="user" placeholder="Email..." type="email" class="form-control">
<input name="email" id="user" placeholder="Email..." type="email" class="form-control">
</div>
</div>
<div class="col-md-12">
@ -64,22 +54,32 @@
</div>
</div>
</div>
{{--
<div class="divider"></div>
<h6 class="mb-0">No account? <a href="javascript:void(0);" class="text-primary">Sign up now</a></h6>
--}}
</div>
<div class="modal-footer">
{{--
<div class="float-left">
<a href="javascript:void(0);" class="btn-lg btn btn-link">Recover Password</a>
{{--
<div class="divider"></div>
<h6 class="mb-0">No account? <a href="javascript:void(0);" class="text-primary">Sign up now</a></h6>
--}}
</div>
--}}
<div class="float-right">
<button class="btn btn-primary btn-lg">Login</button>
<div class="modal-footer">
@if (count($errors) > 0)
<div class="alert alert-danger w-100">
<strong>Whoops!</strong> Something went wrong?<br><br>
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
{{--
<div class="float-left">
<a href="javascript:void(0);" class="btn-lg btn btn-link">Recover Password</a>
</div>
--}}
<div class="float-right">
<button class="btn btn-primary btn-lg">Login</button>
</div>
</div>
</div>
</form>
</form>
</div>
</div>
</div>