aravind-zrx / cakephp-ldap
LDAP utility plugin for cakephp
Installs: 8
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:cakephp-plugin
Requires
- cakephp/cakephp: >3.1
This package is auto-updated.
Last update: 2024-04-23 01:53:20 UTC
README
Requirements
- CakePHP 3.1+
Installation
You can install this plugin into your CakePHP application using composer.
The recommended way to install composer packages is:
composer require aravind-zrx/Cakephp-ldap
Usage
In your app's config/bootstrap.php add:
// In config/bootstrap.php Plugin::load('LdapUtility');
or using cake's console:
./bin/cake plugin load LdapUtility
Configuration:
Basic configuration for creating ldap handler instance
$config = [ 'host' => 'ldap.example.com', 'port' => 389, 'baseDn' => 'dc=example,dc=com', 'startTLS' => true, 'hideErrors' => true, 'commonBindDn' => 'cn=readonly.user,ou=people,dc=example,dc=com', 'commonBindPassword' => 'secret' ] $ldapHandler = new LdapUtility\Ldap($config);
Config parameters
| Parameter | Description |
|---|---|
host |
Host name of LDAP server |
port |
Port to connect with LDAP server. Defaults to 389 |
baseDn |
Base Distinguished name (DN) |
startTLS |
Boolean to decide on connection with/without TLS. Defaults to false |
hideErrors |
Boolean to show/hide LDAP errors. Defaults to false |
commonBindDn |
Common bind DN. Used in the case of readonly operations |
commonBindPassword |
Passowrd for common bind DN |
Setup Ldap authentication config in Controller
Parameters for setting LDAP authentication has all the parameters of LDAP handler connection except commonBindDn and commonBindPassowrd
// In your controller, for e.g. src/Api/UsersController.php public function initialize() { parent::initialize(); $this->loadComponent('Auth', [ 'storage' => 'Memory', 'authenticate', [ LdapUtility/Ldap => [ 'host' => 'ldap.example.com', 'port' => 389, 'baseDn' => 'dc=example,dc=com', 'startTLS' => true, 'hideErrors' => true, 'queryDatasource' => true, 'userModel' => 'Users', 'fields' => ['username' => 'email'], 'auth' => [ 'searchFilter' => '(cn={username})', 'bindDn' => 'cn={username},ou=people,dc=example,dc=com' ] ] ], 'unauthorizedRedirect' => false, 'checkAuthIn' => 'Controller.initialize', ]); }
Auth specific configs
| Parameter | Description |
|---|---|
auth.searchFilter |
search filter syntax with username placeholder. The placeholder will be replaced by username data from request. This is used to read LDAP data entry of the authenticated user |
auth.bindDn |
bind DN syntax with username placeholder between braces. The placeholder will be replaced by username data from request |
queryDataSource |
Boolean to decide whether to query app datasource after successful LDAP authentication |
userModel |
If queryDataSource is set, userModel table will be used for base authentication |
fields.username |
If queryDataSource is set, authenticate class will use field.username as field condition for base authentication |
Example:
Search for entry with cn starting with test
$ldapHandler->find('search', [ 'baseDn' => 'ou=people,dc=example,dc=com', 'filter' => 'cn=test*', 'attributes' => ['cn', 'sn', 'mail'] ]);
Read a particular entry with cn=test.user
$ldapHandler->find('read', [ 'baseDn' => 'ou=people,dc=example,dc=com', 'filter' => 'cn=test.user', 'attributes' => ['cn', 'sn', 'mail'] ]);
TLS connections in development environment
To connect an LDAP server over TLS connection, check ldap.conf file
* For mac, conf file is located in /etc/openldap/ldap.conf
* For unix, conf file is located in /etc/ldap/ldap.conf
To disable certificate verification change TLS_REQCERT to 'never' in ldap.conf file