README

此包提供了 LDAP 认证功能。它还可以通过检索用户所属的组并将它们设置为角色来实现授权。它依赖于标准的 ldap php 扩展。

依赖项

- it should be compliant with Symfony 3.4, 4.4 and 5.4
- ext-ldap
- symfony/ldap

使用 composer 获取包

composer require wiser/ldap-user-provider-bundle

配置 services.yaml

# config/services.yaml
parameters:
    ldap.host: 'dc.company.com'
    ldap.port: '389'
    ldap.user: 'user'               # administrative account used to bind user/password
    ldap.password: 'password'
    ldap.base_dn: 'dc=COMPANY,dc=ORG'
    ldap.roles_ou_filter: 'OU=APPLICATIONS,OU=GROUPS'

services:
    Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
        arguments:
            -   host: '%ldap.host%'
                port: '%ldap.port%'

    Symfony\Component\Ldap\Ldap:
        arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']

配置 security.yaml

# config/packages/security.yaml

security:
    providers:
        my_ldap:
            wiser_ldap: # this is the configuration key that matches this bundle
                service: Symfony\Component\Ldap\Ldap
                base_dn: '%ldap.base_dn%'
                search_dn: '%ldap.user%'
                search_password: '%ldap.password%'
                roles_ou_filter: '%ldap.roles_ou_filter%'
# there are other configuration settings, check the code (LdapUserProviderFactory.php) to find them by yourself ;)

    firewalls:
        restricted_area:
            anonymous: true
            form_login_ldap: ldap
                login_path: login
                    check_path: login
                    csrf_token_generator: security.csrf.token_manager
                    service: Symfony\Component\Ldap\Ldap
                    dn_string: '%ldap.base_dn%'
                    search_dn: '%ldap.user%'
                    search_password: '%ldap.password%'
                    query_string: (&(ObjectClass=Person)(sAMAccountName={username}))
                    provider: my_ldap

注意

您可以参考官方的 Symfony 文档： https://symfony.com.cn/doc/current/security/ldap.html