New in Symfony 2.8: LDAP component

November 11, 2015 · Published by Avatar of Javier Eguiluz Javier Eguiluz

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

Charles Sarrazin Grégoire Pineau

Contributed by
Charles Sarrazin and Grégoire Pineau in #14602.

LDAP, which stands for Lightweight Directory Access Protocol, is "an open standard for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network".

LDAP is used by lots of companies as a centralized repository for user information, including their security roles, and as an authentication service. That's why Symfony 2.8 includes a new LDAP component which provides seamless integration with the Symfony Security component.

Before enabling the LDAP authentication, define a new service to configure the connection settings, such as the host, the port, the LDAP version, etc.

1
2
3
4
5
# app/config/services.yml
services:
    app.ldap:
        class: Symfony\Component\Security\Ldap\Ldap
        arguments: [ "ldap.example.com" ]

Then, you can use the LDAP component both as a user provider and as the firewalls' authentication mechanism. These are the configurable fields for the LDAP user provider:

1
2
3
4
5
6
7
8
9
10
11
12
13
# app/config/security.yml
security:
    # ...

    providers:
        app_users:
            ldap:
                service: app.ldap
                base_dn: dc=example,dc=com
                search_dn: CN=My User,OU=Users,DC=example,DC=com
                search_password: p455w0rd
                filter: (sAMAccountName={username})
                default_roles: ROLE_USER

When used as an authentication mechanism, you can configure it with a login form or with the HTTP basic mechanism:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# app/config/security.yml
security:
    # ...

firewalls:
    api:
        provider:  app_users
        stateless: true
        pattern:   ^/api
        http_basic_ldap:
            service: app.ldap
            dn_string: "{username}@example"
    backend:
        provider: app_users
        pattern:  ^/admin
        logout:
            path:   logout
            target: login
        form_login_ldap:
            service: app.ldap
            dn_string: CN={username},OU=Users,DC=example,DC=com
            check_path: login_check
            login_path: login

This component relies on the PHP LDAP extension, so make sure to configure and enable that PHP extension before using this component.

Published in #Living on the edge

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.

Comments

Avatar of Raphael Schumacher
Raphael Schumacher said on Nov 11, 2015
Very nice! :-)
Avatar of Stefan Gehrig
Stefan Gehrig Certified said on Nov 11, 2015
Is there any plan to extend the LDAP component into a more general component to interact with LDAP servers (just like Zend\Ldap for example) or will it continue to focus only on the authentication aspect?
Avatar of Javier Eguiluz
Javier Eguiluz Certified said on Nov 11, 2015
@Stefan yes, there are plans to extend the LDAP component features according to this comment from Charles Sarrazin: https://github.com/symfony/symfony-docs/issues/5756#issuecomment-155817279
Avatar of Nicolas Dewez
Nicolas Dewez Certified said on Nov 11, 2015
Oh Nice !
Avatar of Vladislav Rastrusny
Vladislav Rastrusny said on Nov 12, 2015
Was there a real need of including it into the core distribution? I am not sure it is a thing, that is used by really many users.
Avatar of Thomas Bennett
Thomas Bennett said on Nov 12, 2015
We have had a need for this at every job I have had. This is a good thing.
Avatar of Lynn van der Berg
Lynn van der Berg said on Nov 13, 2015
I'm really happy with this feature as most 3rd party bundles were not really maintained anymore.
Avatar of Lynn van der Berg
Lynn van der Berg said on Nov 13, 2015
On a side note, I miss the feature to convert ldap groups to roles :(
Avatar of Quentin Fahrner
Quentin Fahrner Certified said on Nov 13, 2015
Great !
Avatar of Assil SMAILI EL ALAOUI
Assil SMAILI EL ALAOUI said on Nov 15, 2015
Awesome ! I have the same concern as @Lynn though, how is the authorization aspect handled ?
Avatar of Ilya Frolov
Ilya Frolov said on Dec 1, 2015
"symfony/symfony": "2.8.*"
"symfony/ldap": "2.8"

Namespace from 'app/config/services.yml' different:
NOT
Symfony\Component\Security\Ldap\Ldap
BUT
Symfony\Component\Ldap\LdapClient
Avatar of Dan Morphis
Dan Morphis said on Dec 21, 2015
Has anyone gotten this to work successfully? I can get the user to auth, then the redirect to the secure page happens, then a failure to bind, then back to login.

http://stackoverflow.com/questions/34365482/ldap-authentication-with-symfony-2-8

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.