通过
搜索
搜索rubyan / ldap
CakePHP 3.x 的 LDAP 插件
3.6
2018-12-18 10:08 UTC
Requires
- php: >=5.4.16
- ext-ldap: *
- cakephp/cakephp: ~3.0
Requires (Dev)
README
CakePHP 3.x 和 AuthComponent 的 LDAP 认证插件。
基于 queencitycodefactory/ldap 的优秀工作
需求
- CakePHP 3.0
- php5-ldap 模块
安装
您可以使用 composer 将此插件安装到您的 CakePHP 应用程序中。
安装 composer 包的推荐方法是
composer require rubyan/ldap
您还可以将 "rubyan/ldap" : "dev-master" 添加到您的应用程序的 composer.json 文件中的 require 部分。
在 php.ini 中启用 ldap
extension=php_ldap.dll
用法
在您的应用程序的 config/bootstrap.php 中添加:Plugin::load('Rubyan/LDAP');
配置
设置认证类设置
AppController 设置
public function initialize() { parent::initialize(); $this->loadComponent('Flash'); $this->loadComponent('Auth', [ 'loginAction' => [ 'controller' => 'Users', 'action' => 'login' ], 'authError' => 'Insufficient privileges to view requested resources. Please login to continue!', 'authenticate' => [ 'Rubyan/LDAP.Ldap' => [ 'fields' => [ 'username' => 'username', 'password' => 'password' ], 'port' => Configure::read('Ldap.port'), 'host' => Configure::read('Ldap.host'), 'domain' => Configure::read('Ldap.domain'), 'baseDN' => Configure::read('Ldap.baseDN'), 'search' => Configure::read('Ldap.search'), 'errors' => Configure::read('Ldap.errors'), 'flash' => [ 'key' => 'ldap', 'element' => 'Flash/error', ] ] ] ]); }
设置基本 LDAP 设置
config/app.php
/** * LDAP Configuration. * * Contains an array of settings to use for the LDAP configuration. * * ## Options * * - `domain` - The domain name to match against or auto complete so user isn't * required to enter full email address * - `host` - The domain controller hostname. This can be a closure or a string. * The closure allows you to modify the rules in the configuration without the * need to modify the LDAP plugin. One host (string) should be returned when * using closure. You can find your ldap servers with the following command: * host -t srv _ldap._tcp.YOURDOMAIN.LOCAL * - `port` - The port to use. Default is 389 and is not required. * - `search` - The attribute to search against. Usually 'UserPrincipalName' * - `baseDN` - The base DN for directory - Closure must be used here, the plugin * is expecting a closure object to be set. * - `attributes` - An array of the required attributes, e.g. ["mail", "sn", "cn"]. * Note that the "dn" is always returned irrespective of which attributes types are * requested. * - `errors` - Array of errors where key is the error and the value is the error * message. Set in session to Flash.ldap for flashing * * @link https://php.ac.cn/manual/en/function.ldap-search.php - for more info on ldap search */ 'Ldap' => [ 'domain' => 'domain.local', 'host' => function() { $hosts = [ 'host1.domain.local', 'host2.domain.local' ]; shuffle($hosts); return $hosts[0]; }, 'port' => 389, 'search' => function($username, $domain) { if (strpos($username, $domain) !== false) { // remove the @domain from username $username = str_replace('@' . $domain, '', $username); } $search = '(&(objectCategory=person)(samaccountname=' . $username. '))'; return $search; }, 'baseDN' => function($username, $domain) { if (strpos($username, $domain) !== false) { $baseDN = 'OU=Domain,DC=domain,DC=local'; } else { $baseDN = 'CN=Users,DC=domain,DC=local'; } return $baseDN; }, 'attributes' => ['samaccountname','mail', 'displayname'], 'errors' => [ 'data 773' => 'Some error for Flash', 'data 532' => 'Some error for Flash', ] ],