ztec/security-active_directory

此包已被弃用,不再维护。作者建议使用 riper/security-active_directory 包。

这是一个允许通过 Active Directory 进行 symfony >= 2.6 认证的捆绑包

维护者

详细信息

github.com/ztec/ZtecSecurityActiveDirectoryBundle

主页

源代码

问题

安装数: 1,970

依赖者: 0

建议者: 0

安全: 0

星标: 16

关注者: 5

分支: 8

类型:symfony-bundle

v2.0.0 2016-04-13 07:59 UTC

Requires

Conflicts

CC-BY-4.0 a8da3c8963a92e626986ddec18b43d4e284f0931

  • Loïc Doubinine <ztec.woop@riper.fr>

symfonybundleldapactive directory

This package is not auto-updated.

Last update: 2022-02-01 12:22:09 UTC

README

此包是 Symfony 的一个捆绑包。它使用标准的 form_login 安全模型从 Active Directory 域认证用户。它使用 LDAP 作为通信层,因此您需要在服务器上安装 LDAP 扩展才能使其工作。

Scrutinizer Code Quality License CC-BY-4 php version symfony version

SensioLabsInsight

要求

php 5.3.0

php_ldap

LDAP 的 SSL 配置。请参阅 http://adldap.sourceforge.net/wiki/doku.php?id=ldap_over_ssl

从 2.6 版本的 Symfony 开始兼容

安装

您需要将包添加到依赖列表中

// composer.json
"riper/security-active_directory": "2.*"

您需要在内核中启用此捆绑包

// app/AppKernel.php
new Riper\Security\ActiveDirectoryBundle\RiperActiveDirectoryBundle(),

您需要配置特定于您域的信息

// app/config/config.yml or app/config/parameters.yml
parameters:
    riper.security.active_directory.settings:
        account_suffix : riper.fr # without the @ at the beginning
        base_dn : DC=RIPER,DC=FR #The DN of the domain
        domain_controllers : [ baudrive.kim.riper.fr ] #Servers to use for ldap connection (Random)
        admin_username: #Null to use the userConnection
        admin_password: #Null to use the userConnection
        keep_password_in_token: false #Set to true if you want to re-use the adldap instance to make further queries (This is a security issue because the password is kept in session)
        real_primarygroup : true #For Linux compatibility.
        use_ssl : false #Set it true need configuration of the server to be useful
        use_tls : false #Set it true need configuration of the server to be useful
        recursive_grouproles: false #recursive group roles
        username_validation_pattern: /^[a-z0-9-.]+$/i #Regex that check the final username value (extracted from patterns below). Must be compliant with your Active Directory username policy.
        username_patterns: #username is extracted from the string the user put into the login form
          - /([^@]*)@riper.fr/i  # like toto@riper.fr
          - /RIPER\\(.*)/i #like RIPER\toto
          - /RIPER.FR\\(.*)/i #like RIEPER.FR\toto
          - /(.*)/i #like toto

您需要添加安全参数

// app/config/security.yml
encoders:
    Riper\Security\ActiveDirectoryBundle\Security\User\AdUser : plaintext #Active directory does not support encrypted password yet

providers:
    my_active_directory_provider :
          id: riper.security.active.directory.user.provider

firewalls:
    secured_area:
        active_directory: #Replace the 'form_login' line with this
                check_path: /demo/secured/login_check
                login_path: /demo/secured/login

有用信息

角色从 Active Directory 获取。名称被转换为与 Symfony2 的 ROLE 系统相匹配

Domain User => ROLE_DOMAIN_USER
Administrators => ROLE_ADMINISTRATORS

嵌套组目前尚不支持。启用此选项不会影响角色检查。

lib 的 SSL 部分尚未使用,并且尚未与 Symfony 进行测试