如何对 ActiveDirectory 服务器的身份验证进行故障排除
[英]How to troubleshoot authentication with ActiveDirectory server
问题描述
I am trying to make authentication with ActiveDirectory using ldaprecord-laravel.
我正在尝试使用 ldaprecord-laravel 通过 ActiveDirectory 进行身份验证。 I followed the documentation and made required changes in files.我按照文档进行操作并对文件进行了必要的更改。 However, I ended up with only php artisan ldap:test working and php artisan ldap:import ldap showing that there are no users to import.但是,我最终只有php artisan ldap:test working 和php artisan ldap:import ldap显示没有要导入的用户。
When I use online LDAP test server, I can go further and make Auth::attempt(['uid' => 'einstein', 'password' => 'password']) in Tinker, and import works, but the web login still doesn't work.当我使用在线 LDAP 测试服务器时,我可以进一步 go 并在 Tinker 中进行Auth::attempt(['uid' => 'einstein', 'password' => 'password'])并导入工作,但 web 登录仍然不起作用。 With AD, I can't auth attempt using neither samaccountname , nor username , nor uid .使用 AD,我无法尝试既不使用samaccountname也不使用username也不使用uid 。 Though plain auth using ldap_connect and ldap_bind works.虽然使用ldap_connect和ldap_bind普通身份验证有效。
App/User.php应用/用户.php
<?php
namespace App;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Illuminate\Support\Facades\Hash;
use LdapRecord\Laravel\Auth\LdapAuthenticatable;
use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;
class User extends Authenticatable implements LdapAuthenticatable
{
use Notifiable, AuthenticatesWithLdap;
protected $table = 'users';
protected $primaryKey = 'id';
public $timestamps = false;
public $incrementing = false;
/*
public function getAuthPassword()
{
return Hash::make( $this->user_pass );
}
*/
/**
* Настройки пользователя.
*
* @return HasMany
*/
public function settings()
{
return $this->hasMany(Models\Settings::class, 'id', 'id');
}
}
App/Http/Controllers/Auth/LoginController.php应用程序/Http/Controllers/Auth/LoginController.php
<?php
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use LdapRecord\Laravel\Auth\ListensForLdapBindFailure;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers, ListensForLdapBindFailure;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/';
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
}
/**
* Переопределяем переменную, в которой хранится логин пользователя
*
* @return string
*/
public function username()
{
return 'user_login';
}
/**
* Валидация данных на сервере
*
* @param Request $request
*
* @return void
*/
protected function validateLogin(Request $request)
{
$request->validate([
$this->username() => 'required|string',
'password' => 'required|string',
]);
}
protected function credentials(Request $request)
{
return [
'uid' => $request->username,
'password' => $request->password,
];
}
}
How can I find out what causes the problem?我怎样才能找出导致问题的原因?
1 个解决方案
解决方案1
0 2021-08-26 06:07:03
Troubleshooting in Laravel is usually done with logging . Laravel 中的故障排除通常是通过日志记录来完成的。 According to the given document, you may log string using根据给定的文档,您可以使用记录字符串
use Illuminate\Support\Facades\Log;
// somewhere in the code
Log::debug('info string');
Laravel puts it's logs in storage/logs folder. Laravel 将它的日志放在storage/logs文件夹中。 There are such entries in the log:日志中有这样的条目:
[2021-08-24 10:41:13] local.INFO: LDAP (ldap://ldap.forumsys.com:389) - Operation: Bound - Username: cn=read-only-admin,dc=example,dc=com
[2021-08-24 10:35:54] local.INFO: LDAP (ldap://ldap.forumsys.com:389) - Operation: Search - Base DN: dc=example,dc=com - Filter: (&(objectclass=\74\6f\70)(objectclass=\70\65\72\73\6f\6e)(objectclass=\6f\72\67\61\6e\69\7a\61\74\69\6f\6e\61\6c\70\65\72\73\6f\6e)(objectclass=\69\6e\65\74\6f\72\67\70\65\72\73\6f\6e)(uid=)) - Selected: (entryuuid,*) - Time Elapsed: 471.78
We see that uid is not given, and it is because we use user_login instead of username , so the final decision was to change LoginController.php:我们看到没有给出uid ,这是因为我们使用user_login而不是username ,所以最终决定更改 LoginController.php:
protected function credentials(Request $request)
{
return [
'uid' => $request->user_login,
'password' => $request->password,
];
}
After doing that, logging in was successful.这样做之后,登录就成功了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.