在CakePHP的可选认证源(LDAP) [英] Alternative authentication sources in CakePHP (LDAP)
问题描述
我工作的一个项目的CakePHP和我目前正在建设它的用户身份验证的一部分。问题是,我的身份验证信息(如:密码)不存储在我的数据库 - 身份验证源是LDAP但我的问题也同样适用于任何非数据库源
I'm working on a CakePHP project and am currently building the user authentication part of it. The problem is that my authentication information (ie: the passwords) are not stored in my database -- the authentication source is LDAP but my question applies equally to any non-database source.
看来,当他们在本地数据库中存在的蛋糕虽然只处理密码。 蛋糕食谱建议,你可以告诉它不同的控制器/模型/对象Auth->授权变量,但是在看code(具体验证::启动()功能),它看起来像蛋糕将始终尝试查询数据库的第一,检查一个匹配的用户名/密码,在此之前看着你与 Auth-&GT规定的备选对象;授权。也就是说,改变批准只增加了一个二级过滤器,它不会取代数据库查询。
It appears as though Cake only handles passwords when they exist in the local database. The Cake Cookbook suggests that you can tell it a different controller/model/object to provide an authorization procedure by using the $this->Auth->authorize variable, however looking at the code (specifically the Auth::startup() function) it looks like Cake will always try to query the database first, checking for a matching username/password, before then looking at the alternative object you specified with Auth->authorize. That is, changing authorize only adds a second-level filter, it doesn't replace the database lookup.
// The process
1. User provides details
2. Cake checks the database
3. If OK, then check the custom object method
4. If OK, return true
// What I'd like:
1. User provides details.
2. Check the custom object method
3. If OK, return true
4. Profit.
这是如何做到这一点任何想法,希望没有黑客的核心文件?
Any ideas on how to do this, hopefully without hacking the core files?
推荐答案
假设你只是对LDAP结合并存储/从MySQL检索用户数据,这种方法将作为桥梁,它会自动创建成功的帐户登录:
Assuming you are simply binding against LDAP and are storing/retrieving User data from MySQL, this approach will work as a "bridge" which will automatically create accounts for successful logins:
// app/controllers/components/ldap_auth.php
<?php
App::import('Component', 'Auth');
class LdapAuthComponent extends AuthComponent {
/**
* Don't hash passwords
*/
function hashPasswords($data){
return $data;
}
/**
* We will initially identify the user
*/
function identify($user=null, $conditions=null) {
// bind credentials against ldap
$ldapUser = $this->_ldapAuth($user); // do your stuff
if (!$ldapUser) {
return null; // if bind fails, then return null (as stated in api)
}
// get the cake model you would normally be authenticating against
$model =& $this->getModel(); // default is User
// check for existing User in mysql
$user = $model->find('first', array('conditions' => array(
'username' => $ldapUser['cn']
));
// if no existing User, create a new User
if (!$user) {
$user = $model->save(array('User' => array(
'username' => $ldapUser['cn'],
// .. map needed ldap fields to mysql fields ..
)));
if (!$user) {
$this->cakeError('ldapCreateUser');
}
// pass the id of the newly created User to Auth's identify
return parent::identify($model->id, $conditions);
}
// pass the id of the existing User to Auth's identify
return parent::identify($user[$this->userModel][$model->primaryKey], $conditions);
}
/**
* Lets check LDAP
*
* @return mixed Array of user data from ldap, or false if bind fails
*/
function _ldapAuth($user) {
$username = $user[$this->userModel][$this->fields['username']];
$password = $user[$this->userModel][$this->fields['password']];
// use the php ldap functions here
return $ldapUser;
}
}
?>
要使用,在应用程序替换所有引用验证与 LdapAuth 或遵循的instructions这里。
To use, replace all references to Auth with LdapAuth in your application or follow the instructions here.
请注意,虽然保护 _ldapAuth()方法的可能的抽象出一个 LdapUser 模型,该模型的应的从 LdapSource ,和LDAP服务器连接设置应的在读 database.php中配置,而 LdapAuthComponent 的应的适应使用可配置字段映射,这些都不是要求只是完成它。 :)
Note that although the protected _ldapAuth() method could be abstracted out to an LdapUser model, and that model should read from an LdapSource, and the LDAP server connection settings should be in the database.php config, and the LdapAuthComponent should be adapted to use configurable field mappings, these aren't requirements to "just get it done". :)
这篇关于在CakePHP的可选认证源(LDAP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
