使用LDAP的Symfony身份验证 [英] Symfony authentication with LDAP

问题描述

如果有人可以帮助我在symfony2 Framework上使用LDAP身份验证，我将非常感谢.主要思想是正确使用LDAP来了解所有用户，而无需使用interne表并且无需登录(插入用户名/密码)，比方说，我想成为自动识别之类的人.

I really appreciate if someone could help me to use LDAP authentication at symfony2 Framework. The main idea is to use properly LDAP to know all users without using an interne table and without login (insert username/password), let's say that I want to be something like automatic identification.

推荐答案

您正在寻找单点登录.您确实不必处理LDAP，但必须正确配置Web服务器. Web服务器正在处理身份验证，而不是您的应用程序.然后，您可以从REMOTE_USER环境变量获取用户登录名.您可以信任的凭据. 在Symfony中，这是特殊的安全提供程序(从2.6版开始).

You are looking for single sign on. You really do not have to deal with LDAP but your web server must be configured properly. Web server is dealing with authenticating instead your app. Then you can get user login from REMOTE_USER enviroment variable. It is credentials for you that you can trust. In Symfony is special security provider for that (starting from version 2.6).

更新:为IIS添加了更多具体信息

Update: Added more specific info for IIS

1. 在IIS上启用Windows身份验证(

1. Enable Windows Authentication on IIS (some maybe helpful link and make sure your server and clients are in domain).
2. Try to catch $_SERVER['REMOTE_USER'] in easy PHP script - you should see your domain login.

如果一切顺利，您可以从上面的链接使用Symfony remote_user提供程序.您还需要在数据库中拥有用户(例如，只有域登录名，电子邮件和一些标志)才能使用角色，登录等.另外，请确保您的服务器位于本地Intranet区域中.

If everything will going well you can play with Symfony remote_user provider from link above. You also need to have users in database (ie. only domain login, email and maybe some flags) for using roles, logging etc. Also be sure that your server is in local intranet zone.

更新2 :添加了Symfony配置示例

Update 2: Added Symfony configuration example

security.yml

security:
  role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  providers:
    in_memory:
      memory:
        users:
          - { name: 'DOMAIN\login', roles: [ 'ROLE_USER' ] }

  firewalls:
    dev:
      pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    secured_area:
      pattern: ^/demo
      remote_user:
        provider: in_memory

  access_control:
    - { path: ^/demo/secured/login, roles: ROLE_ADMIN }

这是使用AcmeDemoBundle进行全新Symfony 2.6安装的示例.尝试自己玩.在主页上，您根本没有登录.如果Windows身份验证有效并且您的登录名为DOMAIN \ login，则在单击运行演示"按钮后将登录.如果您尝试访问/demo/secured/login，您将获得403.我希望作为介绍，Symfony可以为您完成的工作就足够了.

This is example for clean Symfony 2.6 installation with AcmeDemoBundle. Try to play with it on your own. On homepage you are not logged in at all. If windows authentication is working and your login is DOMAIN\login you will be logged in after clicking on Run the demo button. If you try to access /demo/secured/login you will get 403. I hope it is enough as introduction what Symfony could do for you.

这篇关于使用LDAP的Symfony身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！