lcstudios / ldap-bundle
Symfony LCStudiosLdapBundle
Installs: 54
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 3
Forks: 2
Open Issues: 0
Type:symfony-bundle
Requires
- symfony/config: >2.3
- symfony/dependency-injection: >2.3
- symfony/security: >2.3
- symfony/security-bundle: >2.3
README
==== LCStudiosLdapBundle
This bundle is forked from DapsBundle which is based on the pull request accepted by Symfony2 for LDAP support. While it has been accepted, some of us would like to use this code sooner than the version of Symfony natively supporting it will provide.
This project is intended to take these code changes and silo them into a bundle so that we can easily extend these changes for our own purposes.
The fork fixes some issues in DapsBundle, which needs to be copied into the src folder and does not allow being configured from the central config. Role handling has been changed, too.
Documentation
LdapBundle Setup Instructions
To setup the LdapBundle, follow these steps:
-
Install via composer
-
Modify
app/config/security.yml
and add your ldap user providersecurity: providers: lc_studios_ldap: id: lc_studios_ldap_user_provider
also tell Symfony how to encode passwords. For example
security: encoders: LCStudios\LdapBundle\Security\User\LdapUser: plaintext
You can now also ensure that you define the parts of your app that will be under LDAP protection. e.g
lc_studios_ldap: host: 'ldap://example.com' port: 389 uid: 'uid' authenticated_role: 'ROLE_USER' base_dn: 'cn=users,dc=example,dc=com' bind_user: dn: 'cn=ldapbind,cn=serviceusers,dc=example,dc=com' password: ldapbinduserpw
Add your LDAP server specific configs. e.g
secured_area: pattern: ^/ form-login-ldap: true
-
Setup your
SecurityController
, routes and templates as detailed in the Security Chapter of the Symfony Documentation. -
Add Bundle to AppKernel.
Every authenticated user gets the role defined as 'authenticated_role'. Additionally they get roles determined by OUs and groups, e.g.:
- ROLE_ADMIN if they are in the OU 'admin'
- ROLE_MAILUSER if they are in the group mailuser