Active Directory User Authentication?

M

mukhinkv2020-05-19 22:54:21

symfony

mukhinkv, 2020-05-19 22:54:21

Began to study symfony 5. Authentication, if the user is in the database, works. I decided to redo it so that the login / password is taken from AD. I do according to the documentation . Added to security.yaml

providers:
        my_ldap:
             ldap:
                service: Symfony\Component\Ldap\Ldap
                base_dn: dc=gcd,dc=local
                search_dn: "cn=for_sync,cn=Users,dc=gcd,dc=local"
                search_password: pass123
                default_roles: ROLE_USER
                uid_key: sAMAccountName

firewalls:
        main:
            anonymous: ~
            guard:
                authenticators:
                    - App\Security\LoginFormAuthenticator
            logout:
                path:   app_logout
            form_login_ldap:
                provider:  my_ldap
                login_path: login
                check_path: login
                service: Symfony\Component\Ldap\Ldap
                dn_string: '{username}'

In services.yaml added to the end

Symfony\Component\Ldap\Ldap:
        arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
    Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
        arguments:
            -   host: 192.168.1.250
                port: 389
                encryption: none
                options:
                    protocol_version: 3
                    referrals: false

LoginFormAuthenticator class

class LoginFormAuthenticator extends AbstractFormLoginAuthenticator

{


    private $userRepository;
    private $passwordEncoder;
    private $router;
    private $csrfTokenManager;


    public function __construct(UserRepository $userRepository, RouterInterface $router, CsrfTokenManagerInterface $csrfTokenManager, UserPasswordEncoderInterface $passwordEncoder)
    {
        $this->userRepository = $userRepository;
        $this->router = $router;
        $this->csrfTokenManager = $csrfTokenManager;
        $this->passwordEncoder = $passwordEncoder;
    }
    public function supports(Request $request)
    {
        return $request->attributes->get('_route') === 'app_login' && $request->isMethod('POST');
    }

    public function getCredentials(Request $request)
    {
        $credentials = [
            'username' => $request->request->get('username'),
            'password' => $request->request->get('password'),
            'csrf_token' => $request->request->get('_csrf_token')
        ];

        $request->getSession()->set(
            Security::LAST_USERNAME,
            $credentials['username']
        );

        return $credentials;
    }

    public function getUser($credentials, UserProviderInterface $userProvider)
    {
        $token = new CsrfToken('authenticate', $credentials['csrf_token']);
        if(!$this->csrfTokenManager->isTokenValid($token)){
            throw new InvalidCsrfTokenException();
        }

        return $this->userRepository->findOneBy(['username' => $credentials['username']]);

    }

    public function checkCredentials($credentials, UserInterface $user)
    {

        return $this->passwordEncoder->isPasswordValid($user, $credentials['password']);
    }

    public function onAuthenticationSuccess(Request $request, TokenInterface $token, $providerKey)
    {
        // todo
        return new RedirectResponse($this->router->generate('home'));
    }

    public function getLoginUrl()
    {
        return $this->router->generate('app_login');
    }

As a result, when trying to log in, it gives a message that the user was not found.
What have I done wrong?