Integrating Active Directory in Windows Server with Laravel 5 for multiple user roles

Question

I am working in a laravel application with multiple type of users.

Users

• Admin
• User-I
• User-II
• User-III

I have already made CRUD feature for user in my App and roles are assigned during user creation. I have following structure of User and Role table.

Role Table

    Schema::create('roles', function (Blueprint $table) {

        $table->increments('id');

        $table->string('role');

        $table->string('description');

        $table->timestamps();

    });

And,

User Table

    Schema::create('users', function (Blueprint $table) {

        $table->increments('id');

        $table->integer('role_id');

        $table->string('name');

        $table->string('email')->unique();

        $table->string('password');

        $table->rememberToken();

        $table->timestamps();

    });

Admin user is created using Seeder and other users are created from application.

I have nearly completed my application and at the end I've got problem with user authentication .

For my application, I need to sync User-I type from Active Directory . So, I have limited CRUD facility to User-II and User-III . I don't want to create new User-I type user and want to import such user details from active directory. Any changes made to User-I should be reflected in my app.

This feature is required in my app lately.

I've already visited Adldap2 - Laravel and I haven't understand how to use this in my case.

Is there any way to import such user details to my application ?

And another problem is,

After importing such user details, I need to authenticate User-I from Active Directory and other users from my application users table. Is it possible in Laravel ?

I'm new to Windows Server and use of Active directory . Any Kind of suggestion is appreciated.

Answer 1

Yes, this is possible, but it's a little messy.

I would suggest you set up all users accounts within Laravel. You can add a flag to the Laravel user if it is an AD user (in which case authentication would be based on LDAP) or a CRUD user (in which case you would need to touch the Laravel database to check if the stored password works). You'll need to write an extra step in the login process to either AJAX the username immediately or a two step screen where the user only enters his username and clicks enter. This way you can know which way to authenticate based on the user's flag.

If all you need to do is authenticate against AD based on a set of users KNOWN as user-I type, this is easy with straight php - just check to see if you can bind with username & password. If it binds, they are authenticated and can be let into your app.

However, if you are looking to sync with AD on some timeline where you would actually pull data on some subset of the AD userbase, in order to make a decision on who will be a user, you have to get more involved. It is also a separate process from the login/authentication.

If this is the case, you will need a Windows service account within AD. Using those credentials, log in to AD from Larvel and do your ldap_searches to pull a set of entries from AD. Pseudo code to illustrate direction for PHP search/filter:

$filter = "(&($extLocField=$extLocName)(|(objectCategory=person)(mail=*)))";
$result = ldap_search($ldap_con,"dc=mycompany,dc=local",$filter) or exit("Unable to search");

Once you have the entries (ldap_get_entries from your search result) you can then pick your new users based on the filtering criteria

 $entries = ldap_get_entries($ldap_con, $result);

Once you have a new group of users, your code will need to batch create new users and add the AD flag to the user.

Trying to sync with AD using a service account is not bad with straight PHP. You don't really need another package ( Adldap2 - Laravel ). However, trying to sync, and have two different login methods AND trying to create new users from AD based on some timeline scenario seems like it's trying to do a lot. The above is one answer as to how.