I am trying to implement active directory authentication in my Symfony application.
I can't seem to authenticate successfully. The following is logged each time I try to login via a web form:
2016-08-17 17:07:08] php.DEBUG: ldap_bind(): Unable to bind to server: Invalid credentials {"type":2,"file":"/Users/firstname.lastname/Sites/url-builder/url_builder/vendor/symfony/symfony/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php","line":53,"level":28928} [] [2016-08-17 17:07:08] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Bad credentials. at /Users/firstname.lastname/Sites/url-builder/url_builder/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90, Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): The presented password is invalid. at /Users/first.name/Sites/url-builder/url_builder/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/LdapBindAuthenticationProvider.php:86)"} [] [2016-08-17 17:07:08] security.DEBUG: Authentication failure, redirect triggered. {"failure_path":"login"} [] [2016-08-17 17:07:08] request.INFO: Matched route "{route}". {"route":"login","route_parameters":{"_controller":"UrlBuilderBundle\Controller\SecurityController::loginAction","_route":"login"},"request_uri":"http://www.url-builder.dev/app_dev.php/auth/login","method":"GET"} []
I have configured the user provider to read users from the database:
providers:
urlbuilder_provider:
entity:
class: UrlBuilderBundle:User
property: username
I have configured Ldap authentication via form in the firewalls section:
provider: urlbuilder_provider
# activate different ways to authenticate
# http_basic: ~
# http://symfony.com/doc/current/book/security.html#a-configuring-how-your-users-will-authenticate
form_login_ldap:
login_path: login
check_path: login
service: app.ldap
dn_string: 'uid={username},dc=global,dc=com'
default_target_path: /manage-user
My login action has the following content:
public function loginAction(Request $request)
{
$authenticationUtils = $this->get('security.authentication_utils');
// get the login error if there is one
$error = $authenticationUtils->getLastAuthenticationError();
// last username entered by the user
$lastUsername = $authenticationUtils->getLastUsername();
return $this->render(
'security/login.html.twig',
array(
// last username entered by the user
'last_username' => $lastUsername,
'error' => $error,
)
);
}
I tested ldap authentication in a standalone PHP script and it worked as expected. I am storing user details in a database table but want to authenticate against active directory. My feeling is that the problem is how the username and password are submitted to LDAP but can't quite put my finger on it.
I am well and truly stumped, appreciate if anyone could shed some light on this.
Update
The usernames in the AD that I am authenticating against have the domain 'global' so this means the username will be in the following format: 'global\firstname.lastname'
I feel the backslash in the username string is the source of my issue. I 'var_dump'-ed the username that is being passed in the bind(), the characters '5c' are being added just after the backslash; 'global\5cfirstname.lastname'. How can I ensure that backslash is handled correctly?
