通过 
搜索
搜索l3 / ldap-user-udl-bundle
来自LDAP UDL/ULille的用户提供者(分支ou=accounts)
1.0.14
2023-12-26 17:23 UTC
Requires
- php: >=8.2
- openldapobject/ldapobjectbundle: 1.1.5
- symfony/framework-bundle: ~7.0
- symfony/http-foundation: ~7.0
- symfony/routing: ~7.0
- symfony/security-bundle: ~7.0
Replaces
- l3/ldap-user-bundle: 1.*
README
Symfony 2/3/4/5/6/7 用户提供者来自LDAP
允许在用Symfony2/3/4/5编写的应用程序中使用LDAP作为用户提供者和安全
安装包
使用以下命令安装包
composer require l3/ldap-user-udl-bundle:~1.0
运行命令 composer update 安装包
对于Symfony 2和3:在AppKernel.php中添加Bundle
<?php
// app/AppKernel.php
// ...
class AppKernel extends Kernel
{
public function registerBundles()
{
$bundles = array(
// ...
new OpenLdapObject\Bundle\LdapObjectBundle\OpenLdapObjectLdapObjectBundle(),
new L3\Bundle\LdapUserBundle\L3LdapUserBundle(),
);
// ...
}
// ...
}
对于Symfony 4和5和6和7:检查config/bundles.php文件中是否存在这些行(如果不存在,只需添加这些行)
# config/bundles.php
...
L3\Bundle\LdapUserBundle\L3LdapUserBundle::class => ['all' => true],
OpenLdapObject\Bundle\LdapObjectBundle\OpenLdapObjectLdapObjectBundle::class => ['all' => true],
...
配置包
对于Symfony 2和Symfony 3:在app/config/parameters.yml.dist和app/config/parameters.yml配置文件中,在参数下添加以下内容
# app/config/parameters.yml.dist
# app/config/parameters.yml
...
parameters:
ldap_hostname: ldap.univ.fr # the ldap host of your server ldap
ldap_base_dn: 'dc=univ,dc=fr' # the base dn of your server ldap which contains the users
ldap_dn: 'uid=login,ou=ldapusers,dc=univ,dc=fr' # the login of your server ldap
ldap_password: password # the password of your server ldap
...
并在parameters.yml文件中配置值。
接下来,在app/config/config.yml配置文件中,在文件末尾添加以下行
# app/config/config.yml
...
# Ldap
open_ldap_object_ldap_object:
host: "%ldap_hostname%"
dn: "%ldap_dn%"
password: "%ldap_password%"
base_dn: "%ldap_base_dn%"
(可选)如果用户在其memberOf ldap字段中具有ldap组,则可以自动将特定角色分配给用户。在app/config/config.yml文件末尾添加以下内容
# app/config/config.yml
...
# LdapUser
l3_ldap_user:
roles:
user: SPEALLPERS # if the user got the group SPEALLPERS in this memberOf ldap field, he obtains automatically the role "ROLE_USER"
admin: DSIAPP # if the user got the group DSIAPP in this memberOf ldap field, he obtains automatically the role "ROLE_ADMIN"
并配置防火墙以使用此包的用户提供者
# app/config/security.yml
...
security:
providers:
ldap:
id: ldap_user_provider
对于Symfony 4和5和6和7:在.env.local和.env配置文件中添加以下内容
# .env.local
# .env
...
###> l3/ldap-user-udl-bundle ###
LDAP_HOSTNAME=ldap.univ.fr
LDAP_BASE_DN=dc=univ,dc=fr
LDAP_DN=cn=login,dc=univ,dc=fr
LDAP_PASSWORD=password
###< l3/ldap-user-udl-bundle ###
...
并在.env文件中配置值
接下来,在config/services.yaml文件(在参数下)添加以下行
# config/services.yaml
...
parameters:
...
ldap_hostname: '%env(string:LDAP_HOSTNAME)%'
ldap_base_dn: '%env(string:LDAP_BASE_DN)%'
ldap_dn: '%env(string:LDAP_DN)%'
ldap_password: '%env(string:LDAP_PASSWORD)%'
...
接下来,在config/services.yaml配置文件中,在文件末尾添加以下行
# config/services.yaml
# Ldap
open_ldap_object_ldap_object:
host: "%ldap_hostname%"
dn: "%ldap_dn%"
password: "%ldap_password%"
base_dn: "%ldap_base_dn%"
(可选)如果用户在其memberOf ldap字段中具有ldap组,则可以自动将特定角色分配给用户。在config/services.yaml文件末尾添加以下内容
# config/services.yaml
...
# LdapUser
l3_ldap_user:
roles:
user: SPEALLPERS # if the user got the group SPEALLPERS in this memberOf ldap field, he obtains automatically the role "ROLE_USER"
admin: DSIAPP # if the user got the group DSIAPP in this memberOf ldap field, he obtains automatically the role "ROLE_ADMIN"
...
并配置防火墙以使用此包的用户提供者
# config/packages/security.yaml
security:
providers:
ldap:
id: ldap_user_provider
对于Symfony 6和7
# config/packages/security.yaml
security:
providers:
ldap_user_provider:
id: ldap_user_provider
并在security.yaml文件中为您的防火墙指定ldap_user_provider作为provider的键
控制用户是否存在于ROLE_USER的LDAP组中的Twig页面
如果用户不在ROLE_USER的ldap组中,可以显示一个页面,只需创建文件app/Resources/TwigBundle/views/Exception/error.html.twig并添加以下内容
{% extends '::base.html.twig' %}
{% block title %}
Error
{% endblock %}
{% block body %}
{% set role_user = 'ROLE_USER' %}
{% if status_code == 500 and app.user is not null and role_user not in app.user.roles %}
<h2>You are not authorized to access to this application.</h2>
{% elseif status_code == 404 %}
<h2>Page not found.</h2>
{% else %}
<h2>The application returns an error "{{ status_code }} {{ status_text }}".</h2>
{% endif %}
{% endblock %}
ORM LDAP函数
您可以通过Doctrine ORM创建自定义ORM LDAP实体。只需在应用程序Bundle中创建类似于Entity Account的实体即可
# src/YourApplicationBundle/Entity/Account.php
<?php
namespace YourApplicationBundle\Entity;
use OpenLdapObject\Entity;
use OpenLdapObject\Annotations as OLO;
/**
* @OLO\Dn(value="ou=accounts")
* @OLO\Entity({"inetOrgPerson"})
*/
class Account extends Entity {
/**
* @OLO\Column(type="string")
* @OLO\Index
*/
protected $uid;
/**
* @OLO\Column(type="array")
*/
protected $cn;
/**
* @OLO\Column(type="array")
*/
protected $sn;
/**
* @OLO\Column(type="string")
*/
protected $givenName;
/**
* @OLO\Column(type="string")
*/
protected $mail;
/**
* @OLO\Column(type="array")
*/
protected $memberOf;
/**
* @OLO\Column(type="string")
*/
protected $eduPersonPrimaryAffiliation;
public function getFirstCn() {
return $this->cn[0];
}
public function getUid() {
return $this->uid;
}
public function setUid($value) {
$this->uid = $value;
return $this;
}
public function getCn() {
return $this->cn;
}
public function addCn($value) {
$this->cn->add($value);
return $this;
}
public function removeCn($value) {
$this->cn->removeElement($value);
return $this;
}
public function getSn() {
return $this->sn;
}
public function addSn($value) {
$this->sn->add($value);
return $this;
}
public function removeSn($value) {
$this->sn->removeElement($value);
return $this;
}
public function getGivenName() {
return $this->givenName;
}
public function setGivenName($value) {
$this->givenName = $value;
return $this;
}
public function getMail() {
return $this->mail;
}
public function setMail($value) {
$this->mail = $value;
return $this;
}
public function addMemberOf($value) {
$this->memberOf->add($value);
return $this;
}
public function removeMemberOf($value) {
$this->memberOf->removeElement($value);
return $this;
}
public function getMemberOf() {
return $this->memberOf;
}
public function getEduPersonPrimaryAffiliation() {
return $this->eduPersonPrimaryAffiliation;
}
public function setEduPersonPrimaryAffiliation($value) {
$this->eduPersonPrimaryAffiliation = $value;
return $this;
}
}
?>
- Dn:使用此注解使用Twig语法构建dn
- 实体:使用此注解将ldapObjectClass属性分配给PHP实体类
- 列:使用此注解为PHP变量指定类型
- 索引:使用此注解设置实体的索引
然后在您的控制器中,您可以调用您的实体以读取LDAP,如下所示
# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\Account;
...
class DefaultController extends Controller {
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request)
{
...
// type of the people (student ? employee ? ..etc)
$profil = $this->get('ldap_object.manager')->getRepository('YourApplicationBundle\Entity\Account')->find($this->getUser()->getUid());
if ($profil != null){
$profil = $profil->getEduPersonPrimaryAffiliation();
}
...
}
}
对于Symfony 7
# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\Account;
...
class DefaultController extends Controller {
/**
* @Route("/", name="homepage")
*/
#[Route('/', name='homepage')]
public function indexAction(Request $request)
{
...
// type of the people (student ? employee ? ..etc)
$profil = $this->get('ldap_object.manager')->getRepository('YourApplicationBundle\Entity\Account')->find($this->getUser()->getUid());
if ($profil != null){
$profil = $profil->getEduPersonPrimaryAffiliation();
}
...
}
}
写入LDAP时,调用您的实体如下
# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\Account;
...
class DefaultController extends Controller {
/**
* @Route("/", name="homepage")
*/
public function indexAction(Request $request)
{
...
$a = new Account();
$a->setUid('1940');
$a->setGivenName('Mathieu');
$a->addSn('Hetru');
$em = $this->get('ldap_object.manager');
$em->persist($a);
$em->flush();
...
}
}
对于symfony 7
# src/YourApplicationBundle/Controller/DefaultController.php
<?php
namespace YourApplicationBundle\Controller;
...
use YourApplication\Entity\Account;
...
class DefaultController extends Controller {
#[Route('/', name='homepage')]
public function indexAction(Request $request)
{
...
$a = new Account();
$a->setUid('1940');
$a->setGivenName('Mathieu');
$a->addSn('Hetru');
$em = $this->get('ldap_object.manager');
$em->persist($a);
$em->flush();
...
}
}
注解
如果安装了此包,则运行路由注解
composer require doctrine/annotations
故障排除
如果您遇到此错误“类“Doctrine\ORM\Mapping\Driver\AnnotationDriver”未找到”,请将composer.json中的doctrine/orm包降级,如下所示
...
"doctrine/orm": "^2.11",
...
"conflict": {
"symfony/symfony": "*",
"doctrine/orm": "2.12.0"
},
...
然后
composer update