magicmaster0511 / yii2-ldap-auth
Simple library to handle auth over LDAP in Yii 2 applications.
Installs: 9
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 4
Type:yii2-extension
Requires
- php: >= 8.3
- ext-ldap: *
- yiisoft/yii2: ~2.0.14
README
Simple extension to handle auth over LDAP in Yii 2 applications.
This extension intended for applications that rely only on LDAP authentication and does not support access tokens.
Installation
composer require "magicmaster05111/yii2-ldap-auth"
Example of configuration and a use case
Considering yii2-app-basic:
Configure the component in your configuration file and change user identity class
'components' => [ ... 'ldapAuth' => [ 'class' => '\stmswitcher\Yii2LdapAuth\LdapAuth', 'host' => 'your-ldap-hostname', 'baseDn' => 'dc=work,dc=group', 'searchUserName' => '<username for a search user>', 'searchUserPassword' => '<password for a search user>', // optional parameters and their default values 'ldapVersion' => 3, // LDAP version 'protocol' => 'ldaps://', // Protocol to use 'followReferrals' => false, // If connector should follow referrals 'port' => 636, // Port to connect to 'loginAttribute' => 'uid', // Identifying user attribute to look up for 'ldapObjectClass' => 'person', // Class of user objects to look up for 'timeout' => 10, // Operation timeout, seconds 'connectTimeout' => 5, // Connect timeout, seconds ], ... 'user' => [ 'identityClass' => '\stmswitcher\Yii2LdapAuth\Model\LdapUser', ], ... ]
Update methods in LoginForm class
use stmswitcher\Yii2LdapAuth\Model\LdapUser; ... public function validatePassword($attribute, $params) { if (!$this->hasErrors()) { $user = LdapUser::findIdentity($this->username); if (!$user || !Yii::$app->ldapAuth->authenticate($user->getDn(), $this->password)) { $this->addError($attribute, 'Incorrect username or password.'); } } } ... public function login() { if ($this->validate()) { return Yii::$app->user->login( LdapUser::findIdentity($this->username), $this->rememberMe ? 3600*24*30 : 0 ); } return false; }
Verify that user belongs to LDAP group
If you need also need to check if user is a member of certain LDAP group, use one more parameter
for the authenticate
function:
Yii::$app->ldapAuth->authenticate($user->getDn(), $this->password, 'cn=auth-user-group')
Now you can login with LDAP credentials to your application.
Using Access Control Filter
If you want to use the Access Control Filter, you can use the LdapManager class as an authentication manager:
return [ 'components' => [ 'authManager' => [ 'class' => 'stmswitcher\Yii2LdapAuth\LdapManager', ], ], ];
Next, specify the list of groups that need to be granted access to actions:
public function behaviors() { return [ 'access' => [ 'class' => AccessControl::class, 'rules' => [ [ 'allow' => true, 'roles' => ['group1', 'group2'], ], ], ], ]; }