2016-08-17 15:18
浏览 120

在Symfony 3中通过LDAP进行身份验证

I am trying to implement active directory authentication in my Symfony application.

I can't seem to authenticate successfully. The following is logged each time I try to login via a web form:

2016-08-17 17:07:08] php.DEBUG: ldap_bind(): Unable to bind to server: Invalid credentials {"type":2,"file":"/Users/firstname.lastname/Sites/url-builder/url_builder/vendor/symfony/symfony/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php","line":53,"level":28928} [] [2016-08-17 17:07:08] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Bad credentials. at /Users/firstname.lastname/Sites/url-builder/url_builder/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90, Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): The presented password is invalid. at /Users/"} [] [2016-08-17 17:07:08] security.DEBUG: Authentication failure, redirect triggered. {"failure_path":"login"} [] [2016-08-17 17:07:08] request.INFO: Matched route "{route}". {"route":"login","route_parameters":{"_controller":"UrlBuilderBundle\Controller\SecurityController::loginAction","_route":"login"},"request_uri":"","method":"GET"} []

I have configured the user provider to read users from the database:

            class: UrlBuilderBundle:User
            property: username

I have configured Ldap authentication via form in the firewalls section:

           provider: urlbuilder_provider
            # activate different ways to authenticate

            # http_basic: ~

                login_path: login
                check_path: login
                service:  app.ldap
                dn_string: 'uid={username},dc=global,dc=com'
                default_target_path: /manage-user

My login action has the following content:

public function loginAction(Request $request)
    $authenticationUtils = $this->get('security.authentication_utils');

    // get the login error if there is one
    $error = $authenticationUtils->getLastAuthenticationError();

    // last username entered by the user
    $lastUsername = $authenticationUtils->getLastUsername();

    return $this->render(
            // last username entered by the user
            'last_username' => $lastUsername,
            'error'         => $error,

I tested ldap authentication in a standalone PHP script and it worked as expected. I am storing user details in a database table but want to authenticate against active directory. My feeling is that the problem is how the username and password are submitted to LDAP but can't quite put my finger on it.

I am well and truly stumped, appreciate if anyone could shed some light on this.


The usernames in the AD that I am authenticating against have the domain 'global' so this means the username will be in the following format: 'global\firstname.lastname'

I feel the backslash in the username string is the source of my issue. I 'var_dump'-ed the username that is being passed in the bind(), the characters '5c' are being added just after the backslash; 'global\5cfirstname.lastname'. How can I ensure that backslash is handled correctly?

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

3条回答 默认 最新

相关推荐 更多相似问题