Yii:如何使用userprincipalname而不是samaccountname与Edvlerblog \ Adldap2验证密码 [英] Yii: How to validatePassword with Edvlerblog\Adldap2 using userprincipalname instead of samaccountname
问题描述
当前正在寻找其他人需要使用userprincipalname进行身份验证而不是使用samaccountname的Edvlerblog \ Adldap2 validatePassword函数进行身份验证时的处理方式.
Currently looking for how other people handled the validate password function when they need to authenticate with the userprincipalname instead of the Edvlerblog\Adldap2 validatePassword function which uses samaccountname.
如果您正在努力,请在评论中提供反馈 任何具体的内容,以便我们更新文档.
Please provide feedback in the comments if you are struggling with anything specific so we can update the documentation.
当前实施
对于app/common/model/LoginForm
getUser
Edvlerblog \ Adldap2 getUser()函数可以运行,甚至可以缓存queryLdapUserObject,从而允许您获取任何AD属性.
The Edvlerblog\Adldap2 getUser() function works, and even caches the queryLdapUserObject, allowing you to fetch any of the AD attributes.
protected function getUser()
{
if ($this->_user === null) {
$this->_user = \Edvlerblog\Adldap2\model\UserDbLdap::findByUsername($this->username);
}
return $this->_user;
}
validatePassword()
当前,以下validatePassword函数对我不起作用,因为在我的实例中,AD必须针对userprincipalname而不是samaccount名称进行身份验证.
Currently, the following validatePassword function does not work for me because in my instance AD must authenticate against the userprincipalname instead of the samaccount name.
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user || !$user->validatePassword($this->password)) {
$this->addError($attribute, 'Incorrect username or password.');
}
}
}
推荐答案
解决方案
这是一个变通方法,这要感谢Edvlerblog \ Adldap2最近发布了3.0.5版,该版本解决了几个问题并在其自述文档中提供了一些示例.
A solution
Here is one workaround thanks to the Edvlerblog\Adldap2 who recently released 3.0.5 addressing a couple issues and providing some examples in his readme docs.
请注意添加了findByAttribute(),允许以下操作:
Please note the addition of findByAttribute(), allowing the following:
$this->_user = \Edvlerblog\Adldap2\model\UserDbLdap::findByUsername($this->username);
validatePassword()w/userprincipalname
更新您的登录模型:common\models\LoginForm.php
public function validatePassword($attribute, $params)
{
if (!$this->hasErrors()) {
$user = $this->getUser();
if (!$user) {
$this->addError('username', 'Incorrect username.');
} else {
// Note: queryLdapUserObject is a cached object,
// so the ldap fetch does not get called :-).
$userprincipalname = $this->_user->queryLdapUserObject()->getAttribute('userprincipalname');
$auth = Yii::$app->ad->auth()->attempt($userprincipalname[0], $this->password);
if (!$auth) {
$this->addError('password', 'Incorrect password.');
}
}
}
}
getUser() w/userprincipalname
getUser() w/userprincipalname
/**
* Finds user by [[username]]
*
* @return User|null
*/
protected function getUser()
{
if ($this->_user === null) {
$this->_user = \Edvlerblog\Adldap2\model\UserDbLdap::findByUsername($this->username);
}
return $this->_user;
}
Yii2 ldap组件配置
参考: https://github.com/Adldap2/Adldap2/blob/master/docs/configuration.md
在frontend\config\main中配置:
'components' => [
'log' => [... ],
'authManager' => [... ],
'ad' => [
'class' => 'Edvlerblog\Adldap2\Adldap2Wrapper',
'providers' => [
'default' => [
'autoconnect' => true,
'config' => [
'domain_controllers' => ['your.ldap.domain.com'],
'base_dn' => "OU=XXX,OU=XXX,DC=ccccccc,DC=xxxx,DC=com",
'admin_username' => "your_username",
'admin_password' => "your_password",
'port' => 389,
],
],
],
],
],
这篇关于Yii:如何使用userprincipalname而不是samaccountname与Edvlerblog \ Adldap2验证密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
