Symfony Login with LDAP

Question

I want to use LDAP in my Symfony (v3.0) Project to login my users. But it seems to me, that a search_password can be either "hardcoded" in security.yml or null.

I have a simple login form with username and password. I want the password, that was entered here to be the search_password to search through the ldap.

Is this possible or do I break any conceptions here?

Thanks in advance Max

Answer 1

I got it done with the following security.yml

providers:
    dashboard_users:
        ldap:
            service: myldapservice
            base_dn: OU=User,OU=Company,DC=domain,DC=local
            search_dn: mydesignatedsearchuser
            search_password: designatedsearchuserpassword
            default_roles: ROLE_USER

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        anonymous: ~
        form_login_ldap:
            login_path: myloginroute
            check_path: myloginroute
            service: myldapservice
            dn_string: 'OurCompaniesDomainPrefix\{username}'

        logout:
            path: mylogoutroute
            target: /

Not i can login with a sAMAccountName like john.wayne Hope this helps others.

Answer 2

Symfony uses a map-and-bind approach for LDAP authentication . Users are asked to provide the sAMAccountName (your choice) along with their password to login. Active Directory doesn't allow anonymous search - and you don't want to change that. So, you need a service account to retrieve the user's distinguished name that is needed for a subsequent bind operation which completes the authentication.