riper/security-active_directory

这是一个允许通过Active Directory进行symfony >= 2.6认证的包

维护者

详细信息

github.com/RiperFr/Security-ActiveDirectoryBundle

主页

源代码

问题

安装数: 3,548

依赖: 0

建议者: 0

安全: 0

星标: 16

关注者: 5

分支: 7

开放问题: 3

类型:symfony-bundle

v2.0.0 2016-04-13 07:59 UTC

Requires

Conflicts

CC-BY-4.0 a8da3c8963a92e626986ddec18b43d4e284f0931

  • Loïc Doubinine <ztec.woop@riper.fr>

symfonybundleldapactive directory

This package is auto-updated.

Last update: 2024-09-20 23:39:02 UTC

README

本包是Symfony的扩展包。它使用标准的form_login安全模型,从Active Directory域认证用户。它使用LDAP作为通信层,因此您需要在服务器上安装LDAP扩展才能使其工作。

Scrutinizer Code Quality License CC-BY-4 php version symfony version

SensioLabsInsight

要求

php 5.3.0

php_ldap

LDAP的SSL配置。请参阅 http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl

从2.6版本开始兼容Symfony

安装

您需要将包添加到依赖列表中

// composer.json
"riper/security-active_directory": "2.*"

您需要在您的内核中启用该包

// app/AppKernel.php
new Riper\Security\ActiveDirectoryBundle\RiperActiveDirectoryBundle(),

您需要配置您特定的域信息

// app/config/config.yml or app/config/parameters.yml
parameters:
    riper.security.active_directory.settings:
        account_suffix : riper.fr # without the @ at the beginning
        base_dn : DC=RIPER,DC=FR #The DN of the domain
        domain_controllers : [ baudrive.kim.riper.fr ] #Servers to use for ldap connection (Random)
        admin_username: #Null to use the userConnection
        admin_password: #Null to use the userConnection
        keep_password_in_token: false #Set to true if you want to re-use the adldap instance to make further queries (This is a security issue because the password is kept in session)
        real_primarygroup : true #For Linux compatibility.
        use_ssl : false #Set it true need configuration of the server to be useful
        use_tls : false #Set it true need configuration of the server to be useful
        recursive_grouproles: false #recursive group roles
        username_validation_pattern: /^[a-z0-9-.]+$/i #Regex that check the final username value (extracted from patterns below). Must be compliant with your Active Directory username policy.
        username_patterns: #username is extracted from the string the user put into the login form
          - /([^@]*)@riper.fr/i  # like toto@riper.fr
          - /RIPER\\(.*)/i #like RIPER\toto
          - /RIPER.FR\\(.*)/i #like RIEPER.FR\toto
          - /(.*)/i #like toto

您需要添加安全参数

// app/config/security.yml
encoders:
    Riper\Security\ActiveDirectoryBundle\Security\User\AdUser : plaintext #Active directory does not support encrypted password yet

providers:
    my_active_directory_provider :
          id: riper.security.active.directory.user.provider

firewalls:
    secured_area:
        active_directory: #Replace the 'form_login' line with this
                check_path: /demo/secured/login_check
                login_path: /demo/secured/login

有用信息

角色从Active Directory获取。名称被转换为匹配Symfony2的ROLE系统

Domain User => ROLE_DOMAIN_USER
Administrators => ROLE_ADMINISTRATORS

嵌套组目前不支持。启用此选项不会影响角色检查。

lib中的SSL部分尚未使用,并且尚未与Symfony进行测试