我试图通过带有Symfony 3.4的ldap(窗口活动目录)验证用户,并使用此documentation
请帮我!!!!
但是我收到了错误:
php.DEBUG:警告:ldap_bind():无法绑定到服务器:无效凭据{“exception”:“[object](Symfony \ Component \ Debug \ Exception \ SilencedErrorContext:{\”severity \“:2,\”文件\ “:\” C:\ OSPanel \域\ warcsymfony \厂商\ symfony的\的symfony \ SRC \的Symfony \元器件\的Ldap \适配器\ ExtLdap \ Connection.php \ “\ ”行\“:53,\ ”跟踪\“:[{\ ”文件\“:\” C:\ OSPanel \域\ warcsymfony \厂商\ symfony的\的symfony \ SRC \ \ Symfony的\元器件\的Ldap \ Ldap.php \ “\ ”行\“:38,\ ”功能\“:\ ”绑定\“,\ ”级\“:\” 的Symfony \元器件\ Ldap \ Adapter \ ExtLdap \ Connection \“,\”type \“:\” - > \“}],\”count \“:1})”} [] [2018-03-14 10:27 :03] security.INFO:身份验证请求失败 . {“exception”:“[object](Symfony \ Component \ Security \ Core \ Exception \ BadCredentialsException(code:0):凭据错误 . 位于C:\ OSPanel \ domains \ warcsymfony \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Security \ Core \ Authentication \ Provider \ UserAuthenticationProvider.php:71,Symfony \ Component \ Security \ Core \ Exception \ UsernameNotFoundException(code:0):找不到用户\“testusername \” . 在C:\ OSPanel \ domains \ warcsymfony \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Security \ Core \ User \ LdapUserProvider.php:75,Symfony \ Component \ Ldap \ Exception \ ConnectionException(code:0):C:\ OSPanel \ domains中的凭据无效\ warcsymfony \ vendor \ symfony \ symfony \ src \ Symfony \ Component \ Ldap \ Adapter \ ExtLdap \ Connection.php:54)“} [] [2018-03-14 10:27:03] security.DEBUG:身份验证失败,重定向触发 . {“failure_path”:“登录”} []
我尝试改变参数,但它没有用
security.yml
security:
providers:
my_ldap:
ldap:
service: Symfony\Component\Ldap\Ldap
base_dn: DC=example,DC=com
search_dn: 'OU=all-users-accounts,DC=example,DC=com'
search_password: password
default_roles: ROLE_USER
uid_key: sAMAccountName
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
anonymous: ~
form_login_ldap:
login_path: login
check_path: login
service: Symfony\Component\Ldap\Ldap
dn_string: 'sAMAccountName={username},DC=example,DC=com'
service.yml
services:
Symfony\Component\Ldap\Ldap:
arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter']
Symfony\Component\Ldap\Adapter\ExtLdap\Adapter:
arguments:
- host: **.**.**.**
port: 389
encryption: 'none'
options:
protocol_version: 3
referrals: false
SecurityController
/**
* @Route("/login", name="login")
*/
public function loginAction(Request $request, AuthenticationUtils $authenticationUtils){
$error = $authenticationUtils->getLastAuthenticationError();
$username = $authenticationUtils->getLastUsername();
return $this->render('security/login.html.twig', array(
'last_username' => $username,
'error' => $error
));
}
2 回答
经过测试和工作 . 我认为你的错误是search_dn,search_password和query_string .
在表单示例中,我使用查询字符串 - 它检查sAMAccoutName和是否为SystemGroup的成员 .
用ldap_search http://php.net/manual/en/function.ldap-search.php#112191测试你的query_string
我相信这是你的search_dn不正确,这一行:
它必须是有权浏览Active Directory的管理员的dn . 您可以使用Softerra's free LDAP Browser浏览活动目录并找出它 .
这些都在我的Symfony LDAP Component AD Authentication文章中列出 . 请注意,您需要进行大量调试才能使其正常工作,但一旦您开始工作就很容易 .