Symfony2, how use $_POST values from FOSUser as bind credentials in Fr3d_ldap bundle?

1
votes

I've configured FOSUser + Fr3d/LdapBundle and now I've a config.yml like this: config.yml

Now I've the problem that previous implementations (in Symfony1) the user & password provided by the login form of FOSUser were used as credentials for the LDAP bind(), this was perfect because we needed to limit LDAP search() to whatever permissions they have.

Now I would like to do the same and intercept those $_POST variables and substitute the username & password parameters on each login.

How could I do this?

1
phpsymfonyldapfosuserbundle
It does it automatically. The username and password un the fr3d_ldap config are for the LDAP server rather than the actual individual user. Note: for security in the repo I have these all in my parameters.yml as things like ldap.driver.username and reference them in the config using %ldap.driver.username%. - qooplmao
The problem is that they don't want to create an LDAP user exclusive for the binding process, but they want that the bind is performed by the same user that it's trying to login :\ - Vladimir Hidalgo

1 Answers

0
votes

I've modified the Fr3d\LDAPBundle to suit my current needs, this solves my problem and hopefully help someone:

Edit: vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Ldap\LdapManager.php

Add this function:

<?php
public function setOptions($options) {
    $this->driver->setOptions($options);
}

Edit: vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Driver\ZendLdapDriver.php

Add this function:

<?php
public function setOptions($options)
{
    $this->driver->setOptions(array_merge($this->driver->getOptions(), $options));
}

Edit: vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Security\Authentication\LdapAuthenticationProvider.php

Modify the function retrieveUser( ... ):

<?php
     protected function retrieveUser($username, UsernamePasswordToken $token)
{
    $user = $token->getUser();
    if ($user instanceof UserInterface) {
        return $user;
    }

    $this->ldapManager->setOptions(array( 'username' => $token->getUser(), 'password' => $token->getCredentials()));

    try {
        $user = $this->userProvider->loadUserByUsername($username);

        return $user;
    } catch (UsernameNotFoundException $notFound) {
        throw $notFound;
    } catch (\Exception $repositoryProblem) {
        if (Kernel::MINOR_VERSION <= 1) {
            throw new AuthenticationServiceException($repositoryProblem->getMessage(), $token, (int)$repositoryProblem->getCode(), $repositoryProblem);
        } else {
            $e = new AuthenticationServiceException($repositoryProblem->getMessage(), (int)$repositoryProblem->getCode(), $repositoryProblem);
            $e->setToken($token);
            throw $e;
        }
    }
}

That's all!, now the FOSUser login credentials are used for Bind()ing to the server.

Maybe a config parameter would be nicer, but for now this solves my problem.

Thanks Qoop!