l3/ldap-user-bundle

LDAP (分支 ou=people) 用户提供者

维护者

详细信息

github.com/l3-team/LdapUserBundle

主页

源代码

问题

安装: 249

依赖: 0

建议者: 0

安全: 0

星标: 3

关注者: 2

分支: 1

开放问题: 0

类型:symfony-bundle

1.1.18 2023-12-28 11:55 UTC

Requires

LGPL-3.0-or-later d50725f01a035e2abaa28c0bfe3bc15ddad1c801

  • Pierre Pélisset <pierre.pelisset.woop@univ-lille3.fr>
  • Mathieu Hétru <mathieu.hetru.woop@univ-lille.fr>

This package is auto-updated.

Last update: 2024-09-28 13:30:24 UTC

README

Symfony 2/3/4/5/6/7 从 LDAP 获取用户提供者

(作者:里尔大学)

允许在用 Symfony2/3/4/5/6 编写的应用程序中使用 LDAP 作为用户提供者和安全

安装包

使用以下命令安装包

composer require l3/ldap-user-bundle:~1.0

运行 composer update 命令以安装包

对于 Symfony 2 和 3:在 AppKernel.php 中添加 Bundle

<?php
// app/AppKernel.php

// ...
class AppKernel extends Kernel
{
    public function registerBundles()
    {
        $bundles = array(
            // ...
            new OpenLdapObject\Bundle\LdapObjectBundle\OpenLdapObjectLdapObjectBundle(),
            new L3\Bundle\LdapUserBundle\L3LdapUserBundle(),
        );

        // ...
    }

    // ...
}

对于 Symfony 4 和 5 和 6 和 7:检查 config/bundles.php 文件中是否存在这些行(如果不存在,只需添加这些行)

# config/bundles.php
...
L3\Bundle\LdapUserBundle\L3LdapUserBundle::class => ['all' => true],
OpenLdapObject\Bundle\LdapObjectBundle\OpenLdapObjectLdapObjectBundle::class => ['all' => true],
...

包的配置

对于 Symfony 2 和 Symfony 3:在配置文件 app/config/parameters.yml.dist 和 app/config/parameters.yml 中,在 parameters 下添加以下内容

# app/config/parameters.yml.dist
# app/config/parameters.yml
...
parameters:
    ldap_hostname: ldap.univ.fr				# the ldap host of your server ldap
    ldap_base_dn: 'dc=univ,dc=fr'			# the base dn of your server ldap which contains the users
    ldap_dn: 'uid=login,ou=ldapusers,dc=univ,dc=fr'	# the login of your server ldap
    ldap_password: password				# the password of your server ldap
...

并在 parameters.yml 文件中配置值。

接下来在配置文件 app/config/config.yml 中,在文件末尾添加以下内容

# app/config/config.yml
...
# Ldap
open_ldap_object_ldap_object:
    host:     "%ldap_hostname%"
    dn:       "%ldap_dn%"
    password: "%ldap_password%"
    base_dn:  "%ldap_base_dn%"

(可选) 如果用户在 memberOf ldap 字段中具有 ldap 组,则可以自动将特定角色分配给用户。在 app/config/config.yml 文件末尾添加以下内容

# app/config/config.yml
...
# LdapUser
l3_ldap_user:
    roles:
        user: SPEALLPERS		# if the user got the group SPEALLPERS in this memberOf ldap field, he obtains automatically the role "ROLE_USER"
        admin: DSIAPP			# if the user got the group DSIAPP in this memberOf ldap field, he obtains automatically the role "ROLE_ADMIN"

并配置防火墙以使用此包的用户提供者

# app/config/security.yml
...
security:
    providers:
            ldap:
                id: ldap_user_provider

对于 Symfony 4 和 5 和 6 和 7:在配置文件 .env.local 和 .env 中添加以下内容

# .env.local 
# .env
...
###> l3/ldap-user-bundle ###
LDAP_HOSTNAME=ldap.univ.fr
LDAP_BASE_DN=dc=univ,dc=fr
LDAP_DN=cn=login,dc=univ,dc=fr
LDAP_PASSWORD=password
###< l3/ldap-user-bundle ###
...

并在 .env.local 文件中配置值

接下来在 config/services.yaml 文件中添加以下内容(在 parameters 下)

# config/services.yaml
...
parameters:
...
    ldap_hostname: '%env(string:LDAP_HOSTNAME)%'
    ldap_base_dn: '%env(string:LDAP_BASE_DN)%'
    ldap_dn: '%env(string:LDAP_DN)%'
    ldap_password: '%env(string:LDAP_PASSWORD)%'
...

接下来在配置文件 config/services.yaml 中,在文件末尾添加以下内容

# config/services.yaml

# Ldap
open_ldap_object_ldap_object:
    host:     "%ldap_hostname%"
    dn:       "%ldap_dn%"
    password: "%ldap_password%"
    base_dn:  "%ldap_base_dn%"

(可选) 如果用户在 memberOf ldap 字段中具有 ldap 组,则可以自动将特定角色分配给用户。在 config/services.yaml 文件末尾添加以下内容

# config/services.yaml
...
# LdapUser
l3_ldap_user:
    roles:
        user: SPEALLPERS                # if the user got the group SPEALLPERS in this memberOf ldap field, he obtains automatically the role "ROLE_USER"
        admin: DSIAPP                   # if the user got the group DSIAPP in this memberOf ldap field, he obtains automatically the role "ROLE_ADMIN"
...

并配置防火墙以使用此包的用户提供者

# config/packages/security.yaml
security:
    providers:
            ldap:
                id: ldap_user_provider

对于 Symfony 6

# config/packages/security.yaml
security:
    providers:
            ldap_user_provider:
                id: ldap_user_provider

并指定 ldap_user_provider 作为 security.yaml 文件中 firewalls 的 provider

用于控制用户是否存在于 ROLE_USER LDAP 组中的 Twig 页面

如果用户不在 ROLE_USER LDAP 组中,可以显示一个页面 twig,只需创建文件 app/Resources/TwigBundle/views/Exception/error.html.twig 并添加以下内容

{% extends '::base.html.twig' %}

{% block title %}
    Error
{% endblock %}

{% block body %}
    {% set role_user = 'ROLE_USER' %}
    {% if status_code == 500 and app.user is not null and role_user not in app.user.roles %}
        <h2>You are not authorized to access to this application.</h2>
    {% elseif status_code == 404 %}
        <h2>Page not found.</h2>
    {% else %}
        <h2>The application returns an error "{{ status_code }} {{ status_text }}".</h2>
    {% endif %}
{% endblock %}

ORM LDAP 函数

您可以通过 Doctrine ORM 创建自定义 ORM LDAP 实体。只需在您的应用程序 Bundle 中创建类似于这样的 Entity People

# src/YourApplicationBundle/Entity/People.php
<?php

namespace YourApplicationBundle\Entity;

use OpenLdapObject\Entity;
use OpenLdapObject\Annotations as OLO;

/**
 * @OLO\Dn(value="ou=people")
 * @OLO\Entity({"inetOrgPerson"})
 */
class People extends Entity {
    /**
     * @OLO\Column(type="string")
     * @OLO\Index
     */
    protected $uid;

    /**
     * @OLO\Column(type="array")
     */
    protected $cn;

    /**
     * @OLO\Column(type="array")
     */
    protected $sn;

    /**
     * @OLO\Column(type="string")
     */
    protected $givenName;

    /**
     * @OLO\Column(type="string")
     */
    protected $mail;

    /**
     * @OLO\Column(type="array")
     */
    protected $memberOf;
    
    /**
     * @OLO\Column(type="string")
     */
    protected $eduPersonPrimaryAffiliation;

    public function getFirstCn() {
        return $this->cn[0];
    }

    public function getUid() {
        return $this->uid;
    }

    public function setUid($value) {
        $this->uid = $value;
        return $this;
    }

    public function getCn() {
        return $this->cn;
    }

    public function addCn($value) {
        $this->cn->add($value);
        return $this;
    }

    public function removeCn($value) {
        $this->cn->removeElement($value);
        return $this;
    }

    public function getSn() {
        return $this->sn;
    }

    public function addSn($value) {
        $this->sn->add($value);
        return $this;
    }

    public function removeSn($value) {
        $this->sn->removeElement($value);
        return $this;
    }

    public function getGivenName() {
        return $this->givenName;
    }

    public function setGivenName($value) {
        $this->givenName = $value;
        return $this;
    }

    public function getMail() {
        return $this->mail;
    }

    public function setMail($value) {
        $this->mail = $value;
        return $this;
    }

    public function addMemberOf($value) {
        $this->memberOf->add($value);
        return $this;
    }

    public function removeMemberOf($value) {
        $this->memberOf->removeElement($value);
        return $this;
    }

    public function getMemberOf() {
        return $this->memberOf;
    }

    public function getEduPersonPrimaryAffiliation() {
        return $this->eduPersonPrimaryAffiliation;
    }

    public function setEduPersonPrimaryAffiliation($value) {
        $this->eduPersonPrimaryAffiliation = $value;
        return $this;
    }

}
?>
  • Dn:使用此注解以 twig 语法构建 dn
  • Entity:使用此注解将 ldapObjectClass 分配给 PHP 实体类
  • Column:使用此注解为 PHP 变量设置类型
  • Index:使用此注解设置实体的索引

然后,在您的控制器中,您可以通过调用您的实体来读取 LDAP,如下所示

# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\People;
...
class DefaultController extends Controller {

    /**
     * @Route("/", name="homepage")
     */
    public function indexAction(Request $request)
    {
     	...
        // type of the people (student ? employee ? ..etc)
	$profil = $this->get('ldap_object.manager')->getRepository('YourApplicationBundle\Entity\People')->find($this->getUser()->getUid());     
        
        if ($profil != null){
            $profil = $profil->getEduPersonPrimaryAffiliation();
        }
	...
    }
}

对于 Symfony 7

# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\People;
...
class DefaultController extends Controller {
    /**
     * @Route("/", name="homepage")
     */
    #[Route('/', name='homepage')]
    public function indexAction(Request $request)
    {
        ...
        // type of the people (student ? employee ? ..etc)
        $profil = $this->get('ldap_object.manager')->getRepository('YourApplicationBundle\Entity\People')->find($this->getUser()->getUid());
        if ($profil != null){
            $profil = $profil->getEduPersonPrimaryAffiliation();
        }
        ...
    }
}

对于写入 LDAP,调用您的实体如下所示

# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\People;
...
class DefaultController extends Controller {

    /**
     * @Route("/", name="homepage")
     */
    public function indexAction(Request $request)
    {
        ...
        $p = new People();
        $p->setUid('P7279');
        $p->setGivenName('Mathieu');
        $p->addSn('Hetru');
        $em = $this->get('ldap_object.manager');
        $em->persist($p);
        $em->flush();
        ...
    }
}

对于 symfony 7

# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\People;
...
class DefaultController extends Controller {
    #[Route('/', name='homepage')]
    public function indexAction(Request $request)
    {
        ...
        $a = new People();
        $a->setUid('1940');
        $a->setGivenName('Mathieu');
        $a->addSn('Hetru');
        $em = $this->get('ldap_object.manager');
        $em->persist($a);
        $em->flush();
        ...
    }
}

注解

如果安装了此包,则运行路由注解

composer require doctrine/annotations