This repository was archived by the owner on Jul 24, 2023. It is now read-only.
This repository was archived by the owner on Jul 24, 2023. It is now read-only.
Facing Issue in LDAP ActiveDirectory Authentication #763
Description
- Laravel Version: 5.8.29
- Adldap2-Laravel Version: 6.0
- PHP Version: 7.3
- LDAP Type: ActiveDirectory
@stevebauman , Hi Steve, I have updated my question, please help me to resolve this issue...
Description: Hi, All.. I am facing two issues with Adldap ActiveDirectory setup with my application..
1). When I authenticate with below code by passing Email (userprincipalname) and password as parameter. Its working fine....
$attempt = Adldap::auth()->attempt($username, $password, $bindAsUser = true);
But, $attempt = Auth::attempt($credentials); is not working.
2). When I pass SamAccountName as Username and Password in credential to Authenticate, below code is not working...
$attempt = Adldap::auth()->attempt($username, $password, $bindAsUser = true);
What can be the issue behind this..??
And, How can I achieve if User want to Authentication with any of two credentials i.e. Email (userprincipalname) or AD ID (SamAccountName)..
Please Help me to resolve this issue...
This is my LDAP configuarion in .env
LDAP_HOSTS=1.2.3.4 // sample ip
LDAP_BASE_DN=OU=ABC,OU=SSC,DC=ad,DC=global
LDAP_USER_ATTRIBUTE=UserPrincipalName
LDAP_CONNECTION=default
#LDAP_SECURITY_GROUP=G-ABC-COUNTRY-cic-iic // User is member of this security group
#LDAP_ADMIN_USERNAME=random_username // disable, don't know where to use it
#LDAP_ADMIN_PASSWORD=random_password // disable, don't know where to use it
When I authenticate with
$attempt = Adldap::auth()->attempt($username="[email protected]", $password="PASSWORD", $bindAsUser = true);
return
$record = Adldap::search()->findByOrFail('userprincipalname', $username);
I get below User object...
[
{
"objectclass": [
"top",
"person",
"organizationalPerson",
"user"
],
"cn": [
"Gupta, Abhinav"
],
"sn": [
"Gupta"
],
"givenname": [
"Abhinav"
],
"distinguishedname": [
"CN=Gupta\\, Abhinav,OU=_Divisional,OU=UsersExternal,OU=Users,OU=ABC,OU=SSC,DC=ad,DC=global"
],
"displayname": [
"Gupta, Abhinav"
],
"memberof": [
"CN=G-ABC-COUNTRY-cic-iic,OU=COUNTRY,OU=Security,OU=SecurityGroups,OU=ABC,OU=SSC,DC=ad,DC=global"
],
"department": [
"IT"
],
"employeetype": [
"External-Account"
],
"name": [
"Gupta, Abhinav"
],
"objectguid": "9c84c497-f395-45e7-9cfb-c1fed692c5f3",
"primarygroupid": [
"513"
],
"samaccountname": [
"c-abgupt"
],
"userprincipalname": [
"[email protected]"
],
"mail": [
"[email protected]"
],
}
]
This is my ldap.php configuration ...
'logging' => env('LDAP_LOGGING', true),
'connections' => [
'default' => [
'auto_connect' => env('LDAP_AUTO_CONNECT', true),
'connection' => Adldap\Connections\Ldap::class,
'settings' => [
'schema' => Adldap\Schemas\ActiveDirectory::class,
'account_prefix' => env('LDAP_ACCOUNT_PREFIX', ''),
'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', ''),
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
'port' => env('LDAP_PORT', 389),
'timeout' => env('LDAP_TIMEOUT', 5),
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
'username' => env('LDAP_ADMIN_USERNAME', ''),
'password' => env('LDAP_ADMIN_PASSWORD', ''),
'follow_referrals' => false,
'use_ssl' => env('LDAP_USE_SSL', false),
'use_tls' => env('LDAP_USE_TLS', false),
],
],
];
This is my ldap_auth.php configuration..
'connection' => env('LDAP_CONNECTION', 'default'),
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
'model' => App\Models\User::class,
'rules' => [
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
],
'scopes' => [
Adldap\Laravel\Scopes\UpnScope::class,
],
'identifiers' => [
'ldap' => [
'locate_users_by' => 'UserPrincipalName',
'bind_users_by' => 'distinguishedname',
],
'database' => [
'guid_column' => 'objectguid',
'username_column' => 'username',
],
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
'passwords' => [
'sync' => env('LDAP_PASSWORD_SYNC', false),
'column' => 'password',
],
'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
'sync_attributes' => [
'username' => 'userprincipalname',
'name' => 'cn',
'phone' => 'telephonenumber',
],
'logging' => [
'enabled' => env('LDAP_LOGGING', true),
'events' => [
\Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
\Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
\Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
\Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
\Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
\Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
\Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
\Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
\Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
\Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
\Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,
],
],
In my LoginController.php, I am doing this...
$username = "[email protected]"; // it is UserPrincipalName in LDAP server
$password = "password";
$samAccountName = "c-abgupt";
$credentials = ['username' => $username, 'password' => $password];
$attempt = Auth::attempt($credentials); // Not Working
dd($attempt); // It always return false
$attempt = Adldap::auth()->attempt($username, $password, $bindAsUser = true); //working
$attempt = Adldap::auth()->attempt($samAccountName, $password, $bindAsUser = true); //Not working