[英]How to troubleshoot authentication with ActiveDirectory server
I am trying to make authentication with ActiveDirectory using ldaprecord-laravel.我正在尝试使用 ldaprecord-laravel 通过 ActiveDirectory 进行身份验证。 I followed the documentation and made required changes in files.
我按照文档进行操作并对文件进行了必要的更改。 However, I ended up with only
php artisan ldap:test
working and php artisan ldap:import ldap
showing that there are no users to import.但是,我最终只有
php artisan ldap:test
working 和php artisan ldap:import ldap
显示没有要导入的用户。
When I use online LDAP test server, I can go further and make Auth::attempt(['uid' => 'einstein', 'password' => 'password'])
in Tinker, and import works, but the web login still doesn't work.当我使用在线 LDAP 测试服务器时,我可以进一步 go 并在 Tinker 中进行
Auth::attempt(['uid' => 'einstein', 'password' => 'password'])
并导入工作,但 web 登录仍然不起作用。 With AD, I can't auth attempt using neither samaccountname
, nor username
, nor uid
.使用 AD,我无法尝试既不使用
samaccountname
也不使用username
也不使用uid
。 Though plain auth using ldap_connect
and ldap_bind
works.虽然使用
ldap_connect
和ldap_bind
普通身份验证有效。
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Support\Facades\Hash;
use LdapRecord\Laravel\Auth\LdapAuthenticatable;
use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;
class User extends Authenticatable implements LdapAuthenticatable
{
use Notifiable, AuthenticatesWithLdap;
protected $table = 'users';
protected $primaryKey = 'id';
public $timestamps = false;
public $incrementing = false;
/*
public function getAuthPassword()
{
return Hash::make( $this->user_pass );
}
*/
/**
* Настройки пользователя.
*
* @return HasMany
*/
public function settings()
{
return $this->hasMany(Models\Settings::class, 'id', 'id');
}
}
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use LdapRecord\Laravel\Auth\ListensForLdapBindFailure;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers, ListensForLdapBindFailure;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Переопределяем переменную, в которой хранится логин пользователя
*
* @return string
*/
public function username()
{
return 'user_login';
}
/**
* Валидация данных на сервере
*
* @param Request $request
*
* @return void
*/
protected function validateLogin(Request $request)
{
$request->validate([
$this->username() => 'required|string',
'password' => 'required|string',
]);
}
protected function credentials(Request $request)
{
return [
'uid' => $request->username,
'password' => $request->password,
];
}
}
How can I find out what causes the problem?我怎样才能找出导致问题的原因?
Troubleshooting in Laravel is usually done with logging . Laravel 中的故障排除通常是通过日志记录来完成的。 According to the given document, you may log string using
根据给定的文档,您可以使用记录字符串
use Illuminate\Support\Facades\Log;
// somewhere in the code
Log::debug('info string');
Laravel puts it's logs in storage/logs
folder. Laravel 将它的日志放在
storage/logs
文件夹中。 There are such entries in the log:日志中有这样的条目:
[2021-08-24 10:41:13] local.INFO: LDAP (ldap://ldap.forumsys.com:389) - Operation: Bound - Username: cn=read-only-admin,dc=example,dc=com
[2021-08-24 10:35:54] local.INFO: LDAP (ldap://ldap.forumsys.com:389) - Operation: Search - Base DN: dc=example,dc=com - Filter: (&(objectclass=\74\6f\70)(objectclass=\70\65\72\73\6f\6e)(objectclass=\6f\72\67\61\6e\69\7a\61\74\69\6f\6e\61\6c\70\65\72\73\6f\6e)(objectclass=\69\6e\65\74\6f\72\67\70\65\72\73\6f\6e)(uid=)) - Selected: (entryuuid,*) - Time Elapsed: 471.78
We see that uid
is not given, and it is because we use user_login
instead of username
, so the final decision was to change LoginController.php:我们看到没有给出
uid
,这是因为我们使用user_login
而不是username
,所以最终决定更改 LoginController.php:
protected function credentials(Request $request)
{
return [
'uid' => $request->user_login,
'password' => $request->password,
];
}
After doing that, logging in was successful.这样做之后,登录就成功了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.