php – 使用Symfony 2.8和3.1进行LDAP HTTP身份验证

2019年7月21日 116次阅读

我看过这个文档,但它没有帮助我：
http://symfony.com/doc/2.8/cookbook/security/ldap.html

我有一个问题,我无法与任何用户登录.

日志文件旧：

[2016-07-06 16:56:11] request.INFO: Matched route "company_threesoccer_default_soccerfacebook". {"route_parameters":{"_controller":"company\\ThreeSoccerBundle\\Controller\\DefaultController::soccerFacebookAction","_route":"company_threesoccer_default_soccerfacebook"},"request_uri":"http://iadevelopment.instance/app_dev.php/three/soccer/facebook"} []
[2016-07-06 16:56:11] php.INFO: The Symfony\Component\Ldap\LdapClient class is deprecated since version 3.1 and will be removed in 4.0. Use the Ldap class directly instead. {"type":16384,"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/ldap/LdapClient.php","line":14,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/ldap/LdapClient.php","line":14,"function":"trigger_error"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/Debug/DebugClassLoader.php","line":169,"args":["/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/ldap/LdapClient.php"],"function":"require_once"},{"function":"loadClass","class":"Symfony\\Component\\Debug\\DebugClassLoader","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/appDevDebugProjectContainer.php","line":1592,"function":"spl_autoload_call"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":314,"function":"getLdapService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/appDevDebugProjectContainer.php","line":3639,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":314,"function":"getSecurity_Authentication_ManagerService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/appDevDebugProjectContainer.php","line":2133,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":314,"function":"getSecurity_Firewall_Map_Context_MainService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/classes.php","line":2944,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/classes.php","line":2586,"function":"getListeners","class":"Symfony\\Bundle\\SecurityBundle\\Security\\FirewallMap","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/classes.php","line":1858,"function":"call_user_func"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/app/cache/dev/classes.php","line":1773,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":140,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":125,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":64,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php","line":69,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":193,"function":"handle","class":"Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/IA_Development_Instance/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"}]} []
[2016-07-06 16:56:11] security.INFO: Basic authentication Authorization header found for user. {"username":"rov"} []
[2016-07-06 16:56:11] security.INFO: Basic authentication failed for user. {"username":"rov","exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException(code: 0): Bad credentials. at /Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:73, Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException(code: 0): Username \"rov\" does not exist. at /Applications/MAMP/htdocs/IA_Development_Instance/vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/InMemoryUserProvider.php:109)"} []

日志文件已更新：

[2016-07-07 15:33:13] request.INFO: Matched route "{route}". {"route":"homepage","route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::testAction","_route":"homepage"},"request_uri":"http://ldap.test/app_dev.php/test","method":"GET"} []
[2016-07-07 15:33:13] php.INFO: The Symfony\Component\Ldap\LdapClient class is deprecated since version 3.1 and will be removed in 4.0. Use the Ldap class directly instead. {"type":16384,"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":14,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":14,"function":"trigger_error"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Debug/DebugClassLoader.php","line":142,"args":["/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php"],"function":"require_once"},{"function":"loadClass","class":"Symfony\\Component\\Debug\\DebugClassLoader","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":1659,"function":"spl_autoload_call"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getLdapService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":3549,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getSecurity_User_Provider_Concrete_MyLdapService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":3477,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getSecurity_Authentication_ManagerService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":2164,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getSecurity_Firewall_Map_Context_MainService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":3353,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":3019,"function":"getListeners","class":"Symfony\\Bundle\\SecurityBundle\\Security\\FirewallMap","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":2144,"function":"call_user_func"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":2059,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":136,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":129,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":68,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":177,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"}]} []
[2016-07-07 15:33:13] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationCredentialsNotFoundException(code: 0): A Token was not found in the TokenStorage. at /Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:53)"} []
[2016-07-07 15:33:13] security.DEBUG: Calling Authentication entry point. [] []
[2016-07-07 15:33:20] request.INFO: Matched route "{route}". {"route":"homepage","route_parameters":{"_controller":"AppBundle\\Controller\\DefaultController::testAction","_route":"homepage"},"request_uri":"http://ldap.test/app_dev.php/test","method":"GET"} []
[2016-07-07 15:33:20] php.INFO: The Symfony\Component\Ldap\LdapClient class is deprecated since version 3.1 and will be removed in 4.0. Use the Ldap class directly instead. {"type":16384,"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":14,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":14,"function":"trigger_error"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Debug/DebugClassLoader.php","line":142,"args":["/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php"],"function":"require_once"},{"function":"loadClass","class":"Symfony\\Component\\Debug\\DebugClassLoader","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":1659,"function":"spl_autoload_call"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getLdapService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":3549,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getSecurity_User_Provider_Concrete_MyLdapService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":3477,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getSecurity_Authentication_ManagerService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/appDevDebugProjectContainer.php","line":2164,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/DependencyInjection/Container.php","line":275,"function":"getSecurity_Firewall_Map_Context_MainService","class":"appDevDebugProjectContainer","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":3353,"function":"get","class":"Symfony\\Component\\DependencyInjection\\Container","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":3019,"function":"getListeners","class":"Symfony\\Bundle\\SecurityBundle\\Security\\FirewallMap","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":2144,"function":"call_user_func"},{"file":"/Applications/MAMP/htdocs/ldapTest/var/cache/dev/classes.php","line":2059,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":136,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":129,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":68,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":177,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/Applications/MAMP/htdocs/ldapTest/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"}]} []
[2016-07-07 15:33:20] security.INFO: Basic authentication Authorization header found for user. {"username":"rov"} []
[2016-07-07 15:33:20] php.DEBUG: ldap_bind(): Unable to bind to server: Invalid credentials {"type":2,"file":"/Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php","line":53,"level":28928} []
[2016-07-07 15:33:20] security.INFO: Basic authentication failed for user. {"username":"rov","exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException(code: 0): Bad credentials. at /Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:73, Symfony\\Component\\Security\\Core\\Exception\\UsernameNotFoundException(code: 0): User \"rov\" not found. at /Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/LdapUserProvider.php:69, Symfony\\Component\\Ldap\\Exception\\ConnectionException(code: 0): Invalid credentials at /Applications/MAMP/htdocs/ldapTest/vendor/symfony/symfony/src/Symfony/Component/Ldap/Adapter/ExtLdap/Connection.php:54)"} []

security.yml代码旧：

providers:
    in_memory:
        memory: ~
    my_ldap:
        ldap:
            service: ldap
            base_dn: DC=company,DC=de
            search_dn: "cn=Users, DC=company,DC=de"
            search_password: MyBestPasswordEver
            default_roles: ROLE_USER
            uid_key: sAMAccountName
firewalls:
    main:
        http_basic_ldap:
            service: ldap
            dn_string: 'sAMAccountName={username},DC=company,DC=de'

security.yml代码已更新：

providers:
#   in_memory:
#        memory: ~
    my_ldap:
        ldap:
            service: ldap
            base_dn: DC=company,DC=de
            search_dn: "cn=symfony, DC=company,DC=de"  # symfony is a user in ldap
            search_password: MyBestPasswordEver
            default_roles: ROLE_USER
            uid_key: sAMAccountName

firewalls:
   main:
        http_basic_ldap:
            provider: my_ldap
            service: ldap
            dn_string: "{username}"
  #          dn_string: "sAMAccountname={username},DC=company,DC=de, cn=Users"

services.yml代码旧：

services:
    ldap:
        class: 'Symfony\Component\Ldap\LdapClient'
        arguments:
            - ldaps://adc1.company.de   # host
            - 389                       # port
            - 3                         # version
            - true                      # SSL
            - false                     # TLS

services.ymlcode已更新：

services:
  ldap:
    class: 'Symfony\Component\Ldap\LdapClient'
    arguments:
        - adc1.company.de   # host
#            - 636                           # port, without ssl 389, with 636
#            - 2                             # version
#            - true                          # SSL
#            - false                         # TLS

我究竟做错了什么？有没有我错过的东西？

我也安装了

 "symfony/ldap": "^3.1"

最好的祝福

最佳答案您应该能够将dn_string更改为{username}.您还将其设置为LDAP用户提供程序：

firewalls:
    main:
        http_basic_ldap:
            provider: my_ldap 
            service: ldap
            dn_string: "{username}"

这实际上是dn_string的默认值,所以从技术上讲,你可以完全放弃它.

编辑：

此外,您的search_dn：“cn = Users,DC = company,DC = de”需要是用户的DN.现在它指向用户的容器.它应该是执行搜索用户所需的LDAP查询的用户的完整DN.