From 15ff508429b7141da24bd8919d1af9be344b8b57 Mon Sep 17 00:00:00 2001 From: Deon George Date: Sun, 13 Sep 2020 23:41:26 +1000 Subject: [PATCH] Swap out adldap2/adldap2 for directorytree/ldaprecord-laravel --- .env.example | 5 + README.md | 2 +- app/Classes/LDAP/Server.php | 29 +- app/Http/Controllers/APIController.php | 14 +- app/Http/Controllers/Auth/LoginController.php | 19 +- app/Ldap/Entry.php | 15 + app/Ldap/User.php | 20 ++ app/LdapUser.php | 81 ----- composer.json | 2 +- composer.lock | 273 +++++++------- config/auth.php | 9 +- config/ldap.php | 264 +++----------- config/ldap_auth.php | 339 ------------------ .../architect/views/auth/login.blade.php | 72 ++-- 14 files changed, 302 insertions(+), 842 deletions(-) create mode 100644 app/Ldap/Entry.php create mode 100644 app/Ldap/User.php delete mode 100644 app/LdapUser.php delete mode 100644 config/ldap_auth.php diff --git a/.env.example b/.env.example index ac74863..2de7d0f 100644 --- a/.env.example +++ b/.env.example @@ -44,3 +44,8 @@ PUSHER_APP_CLUSTER=mt1 MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" + +LDAP_HOST= +LDAP_BASE_DN= +LDAP_USERNAME= +LDAP_PASSWORD= diff --git a/README.md b/README.md index 4b02ba4..98450c0 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ With that PLA is going under a major revamp in preparation for v2 and will aim t Some of the creations planned to be used in v2 include: * Laravel (https://laravel.com) -* adldap2/adldap2 (https://github.com/Adldap2/Adldap2) +* directorytree/ldaprecord-laravel (https://ldaprecord.com/) * JQuery (https://jquery.com) * FancyTree (https://github.com/mar10/fancytree) * ArchitectUI (https://architectui.com) diff --git a/app/Classes/LDAP/Server.php b/app/Classes/LDAP/Server.php index 6d1ce36..a6733cd 100644 --- a/app/Classes/LDAP/Server.php +++ b/app/Classes/LDAP/Server.php @@ -2,8 +2,7 @@ namespace App\Classes\LDAP; -use Adldap\Adldap; -use Adldap\Models\Entry; +use App\Ldap\Entry; use Illuminate\Support\Collection; class Server @@ -42,11 +41,10 @@ class Server protected function getDNAttrValues(string $dn,array $attrs=['*','+'],int $deref=LDAP_DEREF_NEVER): ?Entry { try { - return ($x=(new Adldap) - ->addProvider(config('ldap.connections.default.settings')) - ->search() + return ($x=(new Entry) + ->query() ->select($attrs) - ->findByDn($dn)) ? $x : NULL; + ->find($dn)) ? $x : NULL; // @todo Tidy up this exception } catch (\Exception $e) { @@ -60,14 +58,13 @@ class Server * @param $dn * @return |null */ - public function fetch(string $dn,array $attributes=['*']) + public function fetch(string $dn,array $attrs=['*','+']) { try { - return ($x=(new Adldap) - ->addProvider(config('ldap.connections.default.settings')) - ->search() - ->select($attributes) - ->findByDn($dn)) ? $x : NULL; + return ($x=(new Entry) + ->query() + ->select($attrs) + ->find($dn)) ? $x : NULL; // @todo Tidy up this exception } catch (\Exception $e) { @@ -84,11 +81,9 @@ class Server public function query(string $dn) { try { - return ($x=(new Adldap) - ->addProvider(config('ldap.connections.default.settings')) - ->search() - ->setBaseDn($dn) - //->select($attrs) + return ($x=(new Entry) + ->query() + ->setDn($dn) ->listing() ->get()) ? $x : NULL; diff --git a/app/Http/Controllers/APIController.php b/app/Http/Controllers/APIController.php index d9b88e2..faa6b57 100644 --- a/app/Http/Controllers/APIController.php +++ b/app/Http/Controllers/APIController.php @@ -3,9 +3,9 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; -use Illuminate\Support\Collection; use Illuminate\Support\Facades\Crypt; use Illuminate\Support\Facades\Log; +use LdapRecord\Query\Collection; use App\Classes\LDAP\Server; @@ -31,6 +31,10 @@ class APIController extends Controller }); } + /** + * @param Request $request + * @return Collection + */ public function query(Request $request): Collection { $levels = $request->query('depth',1); @@ -41,14 +45,12 @@ class APIController extends Controller ->query($dn) ->transform(function($item) { return [ - 'title'=>$item->getDistinguishedName(), - 'item'=>Crypt::encryptString($item->getDistinguishedName()), + 'title'=>$item->getDn(), + 'item'=>Crypt::encryptString($item->getDn()), 'icon'=>'fa-fw fas fa-sitemap', 'lazy'=>TRUE, - 'tooltip'=>$item->getDistinguishedName(), + 'tooltip'=>$item->getDn(), ]; }); - - Log::debug(sprintf('%s: Query [%s] - Levels [%d]: %s',__METHOD__,$dn,$levels,serialize($x))); } } diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index 9436e17..7a19223 100644 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use App\Providers\RouteServiceProvider; use Illuminate\Foundation\Auth\AuthenticatesUsers; +use Illuminate\Http\Request; class LoginController extends Controller { @@ -38,6 +39,14 @@ class LoginController extends Controller $this->middleware('guest')->except('logout'); } + protected function credentials(Request $request): array + { + return [ + 'mail' => $request->get('email'), + 'password' => $request->get('password'), + ]; + } + /** * Show our themed login page */ @@ -50,14 +59,4 @@ class LoginController extends Controller return view('architect::auth.login')->with('login_note',$login_note); } - - /** - * Get the login username to be used by the controller. - * - * @return string - */ - public function username() - { - return config('ldap_auth.identifiers.ldap.locate_users_by'); - } } diff --git a/app/Ldap/Entry.php b/app/Ldap/Entry.php new file mode 100644 index 0000000..df636f4 --- /dev/null +++ b/app/Ldap/Entry.php @@ -0,0 +1,15 @@ +hasMany(Passport::clientModel(), 'user_id'); - } - - /** - * Get all of the access tokens for the user. - * - * @return \Illuminate\Database\Eloquent\Relations\HasMany - */ - public function tokens() - { - // return $this->hasMany(Passport::tokenModel(), 'user_id')->orderBy('created_at', 'desc'); - } - - /** - * Get the current access token being used by the user. - * - * @return \Laravel\Passport\Token|null - */ - public function token() - { - return $this->accessToken; - } - - /** - * Determine if the current API token has a given scope. - * - * @param string $scope - * @return bool - */ - public function tokenCan($scope) - { - return $this->accessToken ? $this->accessToken->can($scope) : false; - } - - /** - * Create a new personal access token for the user. - * - * @param string $name - * @param array $scopes - * - * @return \Laravel\Passport\PersonalAccessTokenResult - */ - public function createToken($name, array $scopes = []) - { - return Container::getInstance()->make(PersonalAccessTokenFactory::class)->make( - $this->getKey(), $name, $scopes - ); - } - - /** - * Set the current access token for the user. - * - * @param \Laravel\Passport\Token $accessToken - * - * @return $this - */ - public function withAccessToken($accessToken) - { - $this->accessToken = $accessToken; - - return $this; - } -} diff --git a/composer.json b/composer.json index f2e148a..bee8788 100644 --- a/composer.json +++ b/composer.json @@ -9,7 +9,7 @@ "license": "MIT", "require": { "php": "^7.2.5", - "adldap2/adldap2-laravel": "^6.0", + "directorytree/ldaprecord-laravel": "^1.7", "fideloper/proxy": "^4.2", "fruitcake/laravel-cors": "^2.0", "guzzlehttp/guzzle": "^6.3", diff --git a/composer.lock b/composer.lock index 255f81d..7f516e7 100644 --- a/composer.lock +++ b/composer.lock @@ -4,121 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "6af914ca38690bee00357e0090846450", + "content-hash": "3305fba3e359e4cd7e2d41c6a65c7437", "packages": [ - { - "name": "adldap2/adldap2", - "version": "v10.3.0", - "source": { - "type": "git", - "url": "https://github.com/Adldap2/Adldap2.git", - "reference": "1294c92746e3fb3bb59cd7756ca7838a1e705a2a" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/Adldap2/Adldap2/zipball/1294c92746e3fb3bb59cd7756ca7838a1e705a2a", - "reference": "1294c92746e3fb3bb59cd7756ca7838a1e705a2a", - "shasum": "" - }, - "require": { - "ext-json": "*", - "ext-ldap": "*", - "illuminate/contracts": "~5.0|~6.0|~7.0", - "php": ">=7.0", - "psr/log": "~1.0", - "psr/simple-cache": "~1.0", - "tightenco/collect": "~5.0|~6.0|~7.0" - }, - "require-dev": { - "mockery/mockery": "~1.0", - "phpunit/phpunit": "~6.0" - }, - "suggest": { - "ext-fileinfo": "fileinfo is required when retrieving user encoded thumbnails" - }, - "type": "library", - "autoload": { - "psr-4": { - "Adldap\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "authors": [ - { - "name": "Steve Bauman", - "email": "steven_bauman@outlook.com", - "role": "Developer" - } - ], - "description": "A PHP LDAP Package for humans.", - "keywords": [ - "active directory", - "ad", - "adLDAP", - "adldap2", - "directory", - "ldap", - "windows" - ], - "time": "2020-05-04T21:10:15+00:00" - }, - { - "name": "adldap2/adldap2-laravel", - "version": "v6.1.1", - "source": { - "type": "git", - "url": "https://github.com/Adldap2/Adldap2-Laravel.git", - "reference": "c72a2e3757919c39d6a03bd345ec4e586284825c" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/Adldap2/Adldap2-Laravel/zipball/c72a2e3757919c39d6a03bd345ec4e586284825c", - "reference": "c72a2e3757919c39d6a03bd345ec4e586284825c", - "shasum": "" - }, - "require": { - "adldap2/adldap2": "^10.1", - "illuminate/support": "~5.5|~6.0|~7.0", - "php": ">=7.1" - }, - "require-dev": { - "mockery/mockery": "~1.0", - "orchestra/testbench": "~3.7", - "phpunit/phpunit": "~7.0" - }, - "type": "project", - "extra": { - "laravel": { - "providers": [ - "Adldap\\Laravel\\AdldapServiceProvider", - "Adldap\\Laravel\\AdldapAuthServiceProvider" - ], - "aliases": { - "Adldap": "Adldap\\Laravel\\Facades\\Adldap" - } - } - }, - "autoload": { - "psr-4": { - "Adldap\\Laravel\\": "src/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT" - ], - "description": "LDAP Authentication & Management for Laravel.", - "keywords": [ - "adLDAP", - "adldap2", - "laravel", - "ldap" - ], - "time": "2020-06-02T00:45:05+00:00" - }, { "name": "asm89/stack-cors", "version": "v2.0.1", @@ -345,6 +232,130 @@ ], "time": "2018-07-24T23:27:56+00:00" }, + { + "name": "directorytree/ldaprecord", + "version": "v1.10.1", + "source": { + "type": "git", + "url": "https://github.com/DirectoryTree/LdapRecord.git", + "reference": "601e2fb47802795b27ea6052e78557c56f397082" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/DirectoryTree/LdapRecord/zipball/601e2fb47802795b27ea6052e78557c56f397082", + "reference": "601e2fb47802795b27ea6052e78557c56f397082", + "shasum": "" + }, + "require": { + "ext-json": "*", + "ext-ldap": "*", + "illuminate/contracts": "^5.0|^6.0|^7.0|^8.0", + "nesbot/carbon": "^1.0|^2.0", + "php": ">=7.2", + "psr/log": "^1.0", + "psr/simple-cache": "^1.0", + "tightenco/collect": "^5.0|^6.0|^7.0|^8.0" + }, + "require-dev": { + "mockery/mockery": "^1.0", + "phpunit/phpunit": "^6.0" + }, + "type": "library", + "autoload": { + "psr-4": { + "LdapRecord\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Steve Bauman", + "email": "steven_bauman@outlook.com", + "role": "Developer" + } + ], + "description": "A fully-featured LDAP ORM.", + "homepage": "https://www.ldaprecord.com", + "keywords": [ + "active directory", + "ad", + "adLDAP", + "adldap2", + "directory", + "ldap", + "ldaprecord", + "orm", + "windows" + ], + "funding": [ + { + "url": "https://github.com/stevebauman", + "type": "github" + } + ], + "time": "2020-09-08T16:57:58+00:00" + }, + { + "name": "directorytree/ldaprecord-laravel", + "version": "v1.7.1", + "source": { + "type": "git", + "url": "https://github.com/DirectoryTree/LdapRecord-Laravel.git", + "reference": "98e6698057321aef9d777bfe312bd1d968a5d67e" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/DirectoryTree/LdapRecord-Laravel/zipball/98e6698057321aef9d777bfe312bd1d968a5d67e", + "reference": "98e6698057321aef9d777bfe312bd1d968a5d67e", + "shasum": "" + }, + "require": { + "directorytree/ldaprecord": "^1.8.2", + "ext-ldap": "*", + "illuminate/support": "^5.6|^6.0|^7.0|^8.0", + "php": ">=7.2" + }, + "require-dev": { + "mockery/mockery": "~1.0", + "orchestra/testbench": "~3.7|~4.0|~5.0|~6.0", + "phpunit/phpunit": "~7.0|~8.0|~9.0" + }, + "type": "project", + "extra": { + "laravel": { + "providers": [ + "LdapRecord\\Laravel\\LdapServiceProvider", + "LdapRecord\\Laravel\\LdapAuthServiceProvider" + ] + } + }, + "autoload": { + "psr-4": { + "LdapRecord\\Laravel\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "description": "LDAP Authentication & Management for Laravel.", + "keywords": [ + "adldap2", + "laravel", + "ldap", + "ldaprecord" + ], + "funding": [ + { + "url": "https://github.com/stevebauman", + "type": "github" + } + ], + "time": "2020-09-08T18:14:11+00:00" + }, { "name": "doctrine/inflector", "version": "2.0.3", @@ -2141,16 +2152,16 @@ }, { "name": "nesbot/carbon", - "version": "2.39.1", + "version": "2.39.2", "source": { "type": "git", "url": "https://github.com/briannesbitt/Carbon.git", - "reference": "7af467873250583cc967a59ee9df29fabab193c1" + "reference": "326efde1bc09077a26cb77f6e2e32e13f06c27f2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/7af467873250583cc967a59ee9df29fabab193c1", - "reference": "7af467873250583cc967a59ee9df29fabab193c1", + "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/326efde1bc09077a26cb77f6e2e32e13f06c27f2", + "reference": "326efde1bc09077a26cb77f6e2e32e13f06c27f2", "shasum": "" }, "require": { @@ -2226,7 +2237,7 @@ "type": "tidelift" } ], - "time": "2020-09-04T13:11:37+00:00" + "time": "2020-09-10T12:16:42+00:00" }, { "name": "nyholm/psr7", @@ -5389,16 +5400,16 @@ }, { "name": "symfony/translation-contracts", - "version": "v2.1.3", + "version": "v2.2.0", "source": { "type": "git", "url": "https://github.com/symfony/translation-contracts.git", - "reference": "616a9773c853097607cf9dd6577d5b143ffdcd63" + "reference": "77ce1c3627c9f39643acd9af086631f842c50c4d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/616a9773c853097607cf9dd6577d5b143ffdcd63", - "reference": "616a9773c853097607cf9dd6577d5b143ffdcd63", + "url": "https://api.github.com/repos/symfony/translation-contracts/zipball/77ce1c3627c9f39643acd9af086631f842c50c4d", + "reference": "77ce1c3627c9f39643acd9af086631f842c50c4d", "shasum": "" }, "require": { @@ -5410,7 +5421,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "2.1-dev" + "dev-master": "2.2-dev" }, "thanks": { "name": "symfony/contracts", @@ -5460,7 +5471,7 @@ "type": "tidelift" } ], - "time": "2020-07-06T13:23:11+00:00" + "time": "2020-09-07T11:33:47+00:00" }, { "name": "symfony/var-dumper", @@ -5554,16 +5565,16 @@ }, { "name": "tightenco/collect", - "version": "v7.26.1", + "version": "v8.0.0", "source": { "type": "git", - "url": "https://github.com/tightenco/collect.git", - "reference": "5e460929279ad806e59fc731e649e9b25fc8774a" + "url": "https://github.com/tighten/collect.git", + "reference": "90aa058ca9250eebc3e07f25377949f43855ecae" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/tightenco/collect/zipball/5e460929279ad806e59fc731e649e9b25fc8774a", - "reference": "5e460929279ad806e59fc731e649e9b25fc8774a", + "url": "https://api.github.com/repos/tighten/collect/zipball/90aa058ca9250eebc3e07f25377949f43855ecae", + "reference": "90aa058ca9250eebc3e07f25377949f43855ecae", "shasum": "" }, "require": { @@ -5600,7 +5611,7 @@ "collection", "laravel" ], - "time": "2020-09-05T00:05:48+00:00" + "time": "2020-09-08T16:43:13+00:00" }, { "name": "tijsverkoyen/css-to-inline-styles", diff --git a/config/auth.php b/config/auth.php index 927c3eb..4cb9951 100644 --- a/config/auth.php +++ b/config/auth.php @@ -38,7 +38,7 @@ return [ 'guards' => [ 'web' => [ 'driver' => 'session', - 'provider' => 'users', + 'provider' => 'ldap', ], 'api' => [ @@ -68,13 +68,18 @@ return [ 'providers' => [ 'users' => [ 'driver' => 'ldap', - // 'model' => App\User::class, + 'model' => App\Ldap\User::class, ], // 'users' => [ // 'driver' => 'database', // 'table' => 'users', // ], + + 'ldap' => [ + 'driver' => 'ldap', + 'model' => App\Ldap\User::class, + ], ], /* diff --git a/config/ldap.php b/config/ldap.php index 03d3536..fd94d32 100644 --- a/config/ldap.php +++ b/config/ldap.php @@ -4,242 +4,70 @@ return [ /* |-------------------------------------------------------------------------- - | Logging + | Default LDAP Connection Name |-------------------------------------------------------------------------- | - | This option enables logging all LDAP operations on all configured - | connections such as bind requests and CRUD operations. - | - | Log entries will be created in your default logging stack. - | - | This option is extremely helpful for debugging connectivity issues. + | Here you may specify which of the LDAP connections below you wish + | to use as your default connection for all LDAP operations. Of + | course you may add as many connections you'd like below. | */ - 'logging' => env('LDAP_LOGGING', false), + 'default' => env('LDAP_CONNECTION', 'default'), /* |-------------------------------------------------------------------------- - | Connections + | LDAP Connections |-------------------------------------------------------------------------- | - | This array stores the connections that are added to Adldap. You can add - | as many connections as you like. - | - | The key is the name of the connection you wish to use and the value is - | an array of configuration settings. + | Below you may configure each LDAP connection your application requires + | access to. Be sure to include a valid base DN - otherwise you may + | not receive any results when performing LDAP search operations. | */ 'connections' => [ 'default' => [ - - /* - |-------------------------------------------------------------------------- - | Auto Connect - |-------------------------------------------------------------------------- - | - | If auto connect is true, Adldap will try to automatically connect to - | your LDAP server in your configuration. This allows you to assume - | connectivity rather than having to connect manually - | in your application. - | - | If this is set to false, you **must** connect manually before running - | LDAP operations. Otherwise, you will receive exceptions. - | - */ - - 'auto_connect' => env('LDAP_AUTO_CONNECT', true), - - /* - |-------------------------------------------------------------------------- - | Connection - |-------------------------------------------------------------------------- - | - | The connection class to use to run raw LDAP operations on. - | - | Custom connection classes must implement: - | - | Adldap\Connections\ConnectionInterface - | - */ - - 'connection' => Adldap\Connections\Ldap::class, - - /* - |-------------------------------------------------------------------------- - | Connection Settings - |-------------------------------------------------------------------------- - | - | This connection settings array is directly passed into the Adldap constructor. - | - | Feel free to add or remove settings you don't need. - | - */ - - 'settings' => [ - - /* - |-------------------------------------------------------------------------- - | Schema - |-------------------------------------------------------------------------- - | - | The schema class to use for retrieving attributes and generating models. - | - | You can also set this option to `null` to use the default schema class. - | - | For OpenLDAP, you must use the schema: - | - | Adldap\Schemas\OpenLDAP::class - | - | For FreeIPA, you must use the schema: - | - | Adldap\Schemas\FreeIPA::class - | - | Custom schema classes must implement Adldap\Schemas\SchemaInterface - | - */ - - //'schema' => Adldap\Schemas\OpenLDAP::class, - 'schema' => App\Schema\Adldap::class, - - /* - |-------------------------------------------------------------------------- - | Account Prefix - |-------------------------------------------------------------------------- - | - | The account prefix option is the prefix of your user accounts in LDAP directory. - | - | This string is prepended to all authenticating users usernames. - | - */ - - 'account_prefix' => env('LDAP_ACCOUNT_PREFIX', 'prefix'), - - /* - |-------------------------------------------------------------------------- - | Account Suffix - |-------------------------------------------------------------------------- - | - | The account suffix option is the suffix of your user accounts in your LDAP directory. - | - | This string is appended to all authenticating users usernames. - | - */ - - 'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', 'suffix'), - - /* - |-------------------------------------------------------------------------- - | Domain Controllers - |-------------------------------------------------------------------------- - | - | The domain controllers option is an array of servers located on your - | network that serve Active Directory. You can insert as many servers or - | as little as you'd like depending on your forest (with the - | minimum of one of course). - | - | These can be IP addresses of your server(s), or the host name. - | - */ - - 'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')), - - /* - |-------------------------------------------------------------------------- - | Port - |-------------------------------------------------------------------------- - | - | The port option is used for authenticating and binding to your LDAP server. - | - */ - - 'port' => env('LDAP_PORT', 389), - - /* - |-------------------------------------------------------------------------- - | Timeout - |-------------------------------------------------------------------------- - | - | The timeout option allows you to configure the amount of time in - | seconds that your application waits until a response - | is received from your LDAP server. - | - */ - - 'timeout' => env('LDAP_TIMEOUT', 5), - - /* - |-------------------------------------------------------------------------- - | Base Distinguished Name - |-------------------------------------------------------------------------- - | - | The base distinguished name is the base distinguished name you'd - | like to perform query operations on. An example base DN would be: - | - | dc=corp,dc=acme,dc=org - | - | A correct base DN is required for any query results to be returned. - | - */ - - 'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'), - - /* - |-------------------------------------------------------------------------- - | LDAP Username & Password - |-------------------------------------------------------------------------- - | - | When connecting to your LDAP server, a username and password is required - | to be able to query and run operations on your server(s). You can - | use any user account that has these permissions. This account - | does not need to be a domain administrator unless you - | require changing and resetting user passwords. - | - */ - - 'username' => env('LDAP_USERNAME'), - 'password' => env('LDAP_PASSWORD'), - - /* - |-------------------------------------------------------------------------- - | Follow Referrals - |-------------------------------------------------------------------------- - | - | The follow referrals option is a boolean to tell active directory - | to follow a referral to another server on your network if the - | server queried knows the information your asking for exists, - | but does not yet contain a copy of it locally. - | - | This option is defaulted to false. - | - */ - - 'follow_referrals' => false, - - /* - |-------------------------------------------------------------------------- - | SSL & TLS - |-------------------------------------------------------------------------- - | - | If you need to be able to change user passwords on your server, then an - | SSL or TLS connection is required. All other operations are allowed - | on unsecured protocols. - | - | One of these options are definitely recommended if you - | have the ability to connect to your server securely. - | - */ - - 'use_ssl' => env('LDAP_USE_SSL', false), - 'use_tls' => env('LDAP_USE_TLS', false), - - ], - - 'name' => 'OpenLDAP', + 'hosts' => [env('LDAP_HOST', '127.0.0.1')], + 'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'), + 'password' => env('LDAP_PASSWORD', 'secret'), + 'port' => env('LDAP_PORT', 389), + 'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'), + 'timeout' => env('LDAP_TIMEOUT', 5), + 'use_ssl' => env('LDAP_SSL', false), + 'use_tls' => env('LDAP_TLS', false), ], ], + /* + |-------------------------------------------------------------------------- + | LDAP Logging + |-------------------------------------------------------------------------- + | + | When LDAP logging is enabled, all LDAP search and authentication + | operations are logged using the default application logging + | driver. This can assist in debugging issues and more. + | + */ + + 'logging' => env('LDAP_LOGGING', true), + + /* + |-------------------------------------------------------------------------- + | LDAP Cache + |-------------------------------------------------------------------------- + | + | LDAP caching enables the ability of caching search results using the + | query builder. This is great for running expensive operations that + | may take many seconds to complete, such as a pagination request. + | + */ + + 'cache' => [ + 'enabled' => env('LDAP_CACHE', false), + 'driver' => env('CACHE_DRIVER', 'file'), + ], + ]; diff --git a/config/ldap_auth.php b/config/ldap_auth.php deleted file mode 100644 index d2244bf..0000000 --- a/config/ldap_auth.php +++ /dev/null @@ -1,339 +0,0 @@ - env('LDAP_CONNECTION', 'default'), - - /* - |-------------------------------------------------------------------------- - | Provider - |-------------------------------------------------------------------------- - | - | The LDAP authentication provider to use depending - | if you require database synchronization. - | - | For synchronizing LDAP users to your local applications database, use the provider: - | - | Adldap\Laravel\Auth\DatabaseUserProvider::class - | - | Otherwise, if you just require LDAP authentication, use the provider: - | - | Adldap\Laravel\Auth\NoDatabaseUserProvider::class - | - */ - - 'provider' => Adldap\Laravel\Auth\NoDatabaseUserProvider::class, - - /* - |-------------------------------------------------------------------------- - | Model - |-------------------------------------------------------------------------- - | - | The model to utilize for authentication and importing. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'model' => App\User::class, - - /* - |-------------------------------------------------------------------------- - | Rules - |-------------------------------------------------------------------------- - | - | Rules allow you to control user authentication requests depending on scenarios. - | - | You can create your own rules and insert them here. - | - | All rules must extend from the following class: - | - | Adldap\Laravel\Validation\Rules\Rule - | - */ - - 'rules' => [ - - // Denys deleted users from authenticating. - - Adldap\Laravel\Validation\Rules\DenyTrashed::class, - - // Allows only manually imported users to authenticate. - - // Adldap\Laravel\Validation\Rules\OnlyImported::class, - - ], - - /* - |-------------------------------------------------------------------------- - | Scopes - |-------------------------------------------------------------------------- - | - | Scopes allow you to restrict the LDAP query that locates - | users upon import and authentication. - | - | All scopes must implement the following interface: - | - | Adldap\Laravel\Scopes\ScopeInterface - | - */ - - 'scopes' => [ - - // Only allows users with a user principal name to authenticate. - // Suitable when using ActiveDirectory. - // Adldap\Laravel\Scopes\UpnScope::class, - - // Only allows users with a uid to authenticate. - // Suitable when using OpenLDAP. - // Adldap\Laravel\Scopes\UidScope::class, - - ], - - 'identifiers' => [ - - /* - |-------------------------------------------------------------------------- - | LDAP - |-------------------------------------------------------------------------- - | - | Locate Users By: - | - | This value is the users attribute you would like to locate LDAP - | users by in your directory. - | - | For example, using the default configuration below, if you're - | authenticating users with an email address, your LDAP server - | will be queried for a user with the a `userprincipalname` - | equal to the entered email address. - | - | Bind Users By: - | - | This value is the users attribute you would - | like to use to bind to your LDAP server. - | - | For example, when a user is located by the above attribute, - | the users attribute you specify below will be used as - | the 'username' to bind to your LDAP server. - | - | This is usually their distinguished name. - | - */ - - 'ldap' => [ - - 'locate_users_by' => 'mail', - - 'bind_users_by' => 'dn', - - ], - - 'database' => [ - - /* - |-------------------------------------------------------------------------- - | GUID Column - |-------------------------------------------------------------------------- - | - | The value of this option is the database column that will contain the - | LDAP users global identifier. This column does not need to be added - | to the sync attributes below. It is synchronized automatically. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'guid_column' => 'objectguid', - - /* - |-------------------------------------------------------------------------- - | Username Column - |-------------------------------------------------------------------------- - | - | The value of this option is the database column that contains your - | users login username. - | - | This column must be added to your sync attributes below to be - | properly synchronized. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'username_column' => 'mail', - - ], - - /* - |-------------------------------------------------------------------------- - | Windows Authentication Middleware (SSO) - |-------------------------------------------------------------------------- - | - | Local Users By: - | - | This value is the users attribute you would like to locate LDAP - | users by in your directory. - | - | For example, if 'samaccountname' is the value, then your LDAP server is - | queried for a user with the 'samaccountname' equal to the value of - | $_SERVER['AUTH_USER']. - | - | If a user is found, they are imported (if using the DatabaseUserProvider) - | into your local database, then logged in. - | - | Server Key: - | - | This value represents the 'key' of the $_SERVER - | array to pull the users account name from. - | - | For example, $_SERVER['AUTH_USER']. - | - */ - - 'windows' => [ - - 'locate_users_by' => 'samaccountname', - - 'server_key' => 'AUTH_USER', - - ], - - ], - - 'passwords' => [ - - /* - |-------------------------------------------------------------------------- - | Password Sync - |-------------------------------------------------------------------------- - | - | The password sync option allows you to automatically synchronize users - | LDAP passwords to your local database. These passwords are hashed - | natively by Laravel using the Hash::make() method. - | - | Enabling this option would also allow users to login to their accounts - | using the password last used when an LDAP connection was present. - | - | If this option is disabled, the local database account is applied a - | random 16 character hashed password upon first login, and will - | lose access to this account upon loss of LDAP connectivity. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'sync' => env('LDAP_PASSWORD_SYNC', false), - - /* - |-------------------------------------------------------------------------- - | Column - |-------------------------------------------------------------------------- - | - | This is the column of your users database table - | that is used to store passwords. - | - | Set this to `null` if you do not have a password column. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'column' => 'password', - - ], - - /* - |-------------------------------------------------------------------------- - | Login Fallback - |-------------------------------------------------------------------------- - | - | The login fallback option allows you to login as a user located on the - | local database if active directory authentication fails. - | - | Set this to true if you would like to enable it. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'login_fallback' => env('LDAP_LOGIN_FALLBACK', false), - - /* - |-------------------------------------------------------------------------- - | Sync Attributes - |-------------------------------------------------------------------------- - | - | Attributes specified here will be added / replaced on the user model - | upon login, automatically synchronizing and keeping the attributes - | up to date. - | - | The array key represents the users Laravel model key, and - | the value represents the users LDAP attribute. - | - | You **must** include the users login attribute here. - | - | This option is only applicable to the DatabaseUserProvider. - | - */ - - 'sync_attributes' => [ - - 'mail' => 'userprincipalname', - - 'name' => 'cn', - - ], - - /* - |-------------------------------------------------------------------------- - | Logging - |-------------------------------------------------------------------------- - | - | User authentication attempts will be logged using Laravel's - | default logger if this setting is enabled. - | - | No credentials are logged, only usernames. - | - | This is usually stored in the '/storage/logs' directory - | in the root of your application. - | - | This option is useful for debugging as well as auditing. - | - | You can freely remove any events you would not like to log below, - | as well as use your own listeners if you would prefer. - | - */ - - 'logging' => [ - - 'enabled' => env('LDAP_LOGGING', true), - - 'events' => [ - - \Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class, - \Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class, - \Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class, - \Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class, - \Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class, - \Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class, - \Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class, - \Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class, - \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class, - \Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class, - \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class, - - ], - ], - -]; diff --git a/resources/themes/architect/views/auth/login.blade.php b/resources/themes/architect/views/auth/login.blade.php index bfc053e..9159526 100644 --- a/resources/themes/architect/views/auth/login.blade.php +++ b/resources/themes/architect/views/auth/login.blade.php @@ -14,20 +14,9 @@
@endisset - @if (count($errors) > 0) -
- Whoops! {{ trans('adminlte_lang::message.someproblems') }}

- -
- @endif - @if (Session::has('error'))
- Whoops! {{ trans('adminlte_lang::message.someproblems') }}

+ Hmm... {{ trans('message.someproblems') }}

@@ -42,20 +31,21 @@