New in Symfony 2.8: LDAP component

LDAP, which stands for Lightweight Directory Access Protocol, is "an open standard for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network".

LDAP is used by lots of companies as a centralized repository for user information, including their security roles, and as an authentication service. That's why Symfony 2.8 includes a new LDAP component which provides seamless integration with the Symfony Security component.

Before enabling the LDAP authentication, define a new service to configure the connection settings, such as the host, the port, the LDAP version, etc.

1
2
3
4
5
# app/config/services.yml
services:
    app.ldap:
        class: Symfony\Component\Security\Ldap\Ldap
        arguments: [ "ldap.example.com" ]

Then, you can use the LDAP component both as a user provider and as the firewalls' authentication mechanism. These are the configurable fields for the LDAP user provider:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# app/config/security.yml
security:
    # ...

    providers:
        app_users:
            ldap:
                service: app.ldap
                base_dn: dc=example,dc=com
                search_dn: CN=My User,OU=Users,DC=example,DC=com
                search_password: p455w0rd
                filter: (sAMAccountName={username})
                default_roles: ROLE_USER

When used as an authentication mechanism, you can configure it with a login form or with the HTTP basic mechanism:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# app/config/security.yml
security:
    # ...

firewalls:
    api:
        provider:  app_users
        stateless: true
        pattern:   ^/api
        http_basic_ldap:
            service: app.ldap
            dn_string: "{username}@example"
    backend:
        provider: app_users
        pattern:  ^/admin
        logout:
            path:   logout
            target: login
        form_login_ldap:
            service: app.ldap
            dn_string: CN={username},OU=Users,DC=example,DC=com
            check_path: login_check
            login_path: login

This component relies on the PHP LDAP extension, so make sure to configure and enable that PHP extension before using this component.

Comments

Very nice! :-)
Is there any plan to extend the LDAP component into a more general component to interact with LDAP servers (just like Zend\Ldap for example) or will it continue to focus only on the authentication aspect?
@Stefan yes, there are plans to extend the LDAP component features according to this comment from Charles Sarrazin: https://github.com/symfony/symfony-docs/issues/5756#issuecomment-155817279
Oh Nice !
Was there a real need of including it into the core distribution? I am not sure it is a thing, that is used by really many users.
We have had a need for this at every job I have had. This is a good thing.
I'm really happy with this feature as most 3rd party bundles were not really maintained anymore.
On a side note, I miss the feature to convert ldap groups to roles :(
Great !
Awesome ! I have the same concern as @Iltar though, how is the authorization aspect handled ?
"symfony/symfony": "2.8.*"
"symfony/ldap": "2.8"

Namespace from 'app/config/services.yml' different:
NOT
Symfony\Component\Security\Ldap\Ldap
BUT
Symfony\Component\Ldap\LdapClient
Has anyone gotten this to work successfully? I can get the user to auth, then the redirect to the secure page happens, then a failure to bind, then back to login.

http://stackoverflow.com/questions/34365482/ldap-authentication-with-symfony-2-8

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.