stmswitcher/yii2-ldap-auth

stmswitcher/yii2-ldap-auth Simple library to handle auth over LDAP in Yii 2 applications.

Yii2 LDAP Auth ¶

Simple extension to handle auth over LDAP in Yii 2 applications.

This extension intended for applications that rely only on LDAP authentication and does not support access tokens.

Installation ¶

composer require "stmswitcher/yii2-ldap-auth"

Example of configuration and a use case ¶

Considering yii2-app-basic:

Configure the component in your configuration file and change user identity class ¶

'components' => [
    ...
    'ldapAuth' => [
        'class' => '\stmswitcher\Yii2LdapAuth\LdapAuth',
        'host' => 'your-ldap-hostname',
        'baseDn' => 'dc=work,dc=group',
        'searchUserName' => '<username for a search user>',
        'searchUserPassword' => '<password for a search user>',

        // optional parameters and their default values
        'ldapVersion' => 3,             // LDAP version
        'protocol' => 'ldaps://',       // Protocol to use           
        'followReferrals' => false,     // If connector should follow referrals
        'port' => 636,                  // Port to connect to
        'loginAttribute' => 'uid',      // Identifying user attribute to look up for
        'ldapObjectClass' => 'person',  // Class of user objects to look up for
        'timeout' => 10,                // Operation timeout, seconds
        'connectTimeout' => 5,          // Connect timeout, seconds
    ],
    ...
    
    'user' => [
        'identityClass' => '\stmswitcher\Yii2LdapAuth\Model\LdapUser',
    ],
    ...
]

Update methods in LoginForm class ¶

use stmswitcher\Yii2LdapAuth\Model\LdapUser;

...

public function validatePassword($attribute, $params)
{
    if (!$this->hasErrors()) {
        $user = LdapUser::findIdentity($this->username);

        if (!$user || !Yii::$app->ldapAuth->authenticate($user->getDn(), $this->password)) {
            $this->addError($attribute, 'Incorrect username or password.');
        }
    }
}

...

public function login()
{
    if ($this->validate()) {
        return Yii::$app->user->login(
            LdapUser::findIdentity($this->username),
            $this->rememberMe
                ? 3600*24*30 : 0
        );
    }
    return false;
}

Verify that user belongs to LDAP group ¶

If you need also need to check if user is a member of certain LDAP group, use one more parameter for the authenticate function: `php Yii::$app->ldapAuth->authenticate($user->getDn(), $this->password, 'cn=auth-user-group') `

Now you can login with LDAP credentials to your application.

0 0

1 follower

2 446 downloads

Yii Version: 2.0

License: MIT

Category: Auth

Tags: ldap

Developed by: Denis Alexandrov

Created on: Jul 2, 2020

Last updated: (not set)

Packagist Profile
Github Repository

Related Extensions

User Contributed Notes 2

#21130

it's not working from my side , giving error

Unknown Property – yii\base\UnknownPropertyException
Getting unknown property: yii\web\Application::ldapAuth

please share solution regarding that.

Saurabh Arora at Feb 12, 2023, 4:08:54 PM

#21196

aurabh Arora at Feb 12, 2023, 4:08:54 PM
Getting unknown property: yii\web\Application::ldapAuth

Check if you have the php extension enabled - ldap (php.ini)

Solv at Feb 22, 2024, 7:34:14 AM

Please only use comments to help explain the above extension.
If you have any questions, please ask in the forum instead.

Signup or Login in order to comment.

Categories

Popular Tags