LDAP, which stands for Lightweight Directory Access Protocol, is "an open standard for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network".
LDAP is used by lots of companies as a centralized repository for user information, including their security roles, and as an authentication service. That's why Symfony 2.8 includes a new LDAP component which provides seamless integration with the Symfony Security component.
Before enabling the LDAP authentication, define a new service to configure the connection settings, such as the host, the port, the LDAP version, etc.
1 2 3 4 5
# app/config/services.yml
services:
app.ldap:
class: Symfony\Component\Security\Ldap\Ldap
arguments: [ "ldap.example.com" ]Then, you can use the LDAP component both as a user provider and as the firewalls' authentication mechanism. These are the configurable fields for the LDAP user provider:
1 2 3 4 5 6 7 8 9 10 11 12 13
# app/config/security.yml
security:
# ...
providers:
app_users:
ldap:
service: app.ldap
base_dn: dc=example,dc=com
search_dn: CN=My User,OU=Users,DC=example,DC=com
search_password: p455w0rd
filter: (sAMAccountName={username})
default_roles: ROLE_USERWhen used as an authentication mechanism, you can configure it with a login form or with the HTTP basic mechanism:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
# app/config/security.yml
security:
# ...
firewalls:
api:
provider: app_users
stateless: true
pattern: ^/api
http_basic_ldap:
service: app.ldap
dn_string: "{username}@example"
backend:
provider: app_users
pattern: ^/admin
logout:
path: logout
target: login
form_login_ldap:
service: app.ldap
dn_string: CN={username},OU=Users,DC=example,DC=com
check_path: login_check
login_path: loginThis component relies on the PHP LDAP extension, so make sure to configure and enable that PHP extension before using this component.
Very nice! :-)
Is there any plan to extend the LDAP component into a more general component to interact with LDAP servers (just like Zend\Ldap for example) or will it continue to focus only on the authentication aspect?
@Stefan yes, there are plans to extend the LDAP component features according to this comment from Charles Sarrazin: https://github.com/symfony/symfony-docs/issues/5756#issuecomment-155817279
Oh Nice !
Was there a real need of including it into the core distribution? I am not sure it is a thing, that is used by really many users.
We have had a need for this at every job I have had. This is a good thing.
I'm really happy with this feature as most 3rd party bundles were not really maintained anymore.
On a side note, I miss the feature to convert ldap groups to roles :(
Great !
Awesome ! I have the same concern as @Lynn though, how is the authorization aspect handled ?
"symfony/symfony": "2.8.*" "symfony/ldap": "2.8"
Namespace from 'app/config/services.yml' different: NOT Symfony\Component\Security\Ldap\Ldap BUT Symfony\Component\Ldap\LdapClient
Has anyone gotten this to work successfully? I can get the user to auth, then the redirect to the secure page happens, then a failure to bind, then back to login.
http://stackoverflow.com/questions/34365482/ldap-authentication-with-symfony-2-8