Security Fundamentals
…really powerful. Honestly,
it’s also really complex. It can connect with other authentication systems
like Facebook or LDAP - or load user information from anywhere, like a
database or even across an API.The bummer is that hooking all this up can be tough. But…
Creating the User Class
…if our User needs a password... huh? Is a password really optional?
Kind of. With things like SSO or LDAP, Symfony doesn't actually need
to store or check a password at all. Instead, an external system handles the login, and once it's happy…
composer require security
…about how many ways there are to authenticate! Login forms,
API token authentication, social authentication with OAuth, SSO's, LDAP, putting
on a fake mustache and walking confidently passed a security guard. I mean... the
possibilities are endless. But I also think that authentication is…
Security & the User Class
…an easy yes... because most apps store user data in a local
database table. But, what if your user data is stored on some other server,
like an LDAP server or a single sign-on server? Well, even in those cases, if
you want to…
I solved this by moving the LDAP lookup and authentication into authenticate rather than doing it in onAuthenticationSuccess. I also had to move adding a new user to the database into authenticate. In my case I could not create a new user when creating a…
…ldap security, because i used 'symfony serve'.
But on production, it was much harder to make it work.
So i decided to dockerize everything. Apache, php, composer etc. to make a container and never worry about configuration again.
But i just can't get ldap…
If one wanted to use LDAP to do the password checking but otherwise have a normal symfony user (and not an LdapUser) would you do the password checking in the custom credentials? That's kind of what I took it to mean by "whatever that…
Are you planning on doing a Ldap tutorial? The docs on Symfony's site is not that clear and there're not that many resources online on this. :/
Hi Ryan,
Thank you for your very comprehensive answer.
The LDAP authentication is performed using two connections. First connection is created (using the search_dn and search_password parameters from the configuration) to query whether the user exists in the LDAP database. If the given…
…login ldap authenticator, except that in my case I need some more logic, where I first find the user in a local database, then based on the App type of the user, either auth against the database password, or auth against an external LDAP server…
Hey Annemieke-B,
Symfony Docs have some examples about authenticating against an LDAP server, you can check it here: https://symfony.com/doc/current/security/ldap.html - unfortunately, I have never used this before, so can't help with examples, but I hope the official…
Hi Diego,
Do do you have some base example of a working ldap authentication program with symfony 6?
I have it working with symfony 5 and with symfony 3 for the last 4 years.
And what code do you need exactly?
Thanks in advance.
With…
Hello MolloKhan,
Thank you for the quick response.
We only use `http_basic_ldap`.
It goes wrong when i want to start a session, when we have no `PHP_AUTH_USER`.
If i turn of `enable_authenticator_manager` everything works fine.
When I start a…
Hey Nitrox,
Yeah, this tutorial is missing that LDAP, but we already complicated it a lot with 2FA authentication, so no LDAP this time as well, sorry! I'll add this topic to our ideas pool, but fairly speaking I'm not sure we will…
This is simply taking the code from the course and trying to modify it for LDAP as the back-end auth. Of course I do actually want to store some information about the user locally and update from LDAP as necessary. So one obvious thing…
Hi truuslee!
I'm far from an LDAP expert (more of a novice really!, but since you seem to know it well, let's see if we can figure this out together ;).
The first question that comes to mind is: does the Symfony application *ever…
…the LDAP for internal users in a Guard Authentication System configured by ddbb.
I already have build my Guard Authentication System and works really nice thanks to https://knpuniversity.com/screencast/symfony-security.
But I need also to try to log in previously via LDAP…
Hey Artur,
Yes, I do remember a few more LDAP requests, so definitely not alone on it ;)
Cheers!
Many thanks! I really think I am not alone waiting for LDAP authentication tutorial, as in today world authentication against Active Directory is must-have in many apps.
Hey truuslee!
I can't remember exactly what token class would be used for http_basic_ldap (it's up to the "authenticator" to choose the token class). But you should be able to see it after logging in: hover over the security icon on…
x
85