diff options
| author | Grégoire Pineau <lyrixx@lyrixx.info> | 2015-09-25 11:30:03 +0200 |
|---|---|---|
| committer | Charles Sarrazin <charles@sarraz.in> | 2015-09-28 13:12:05 +0200 |
| commit | c2b112b6c8bb972bacb28ae38043b74ab47ae5f0 (patch) | |
| tree | 958195b8ec77045996a9fae3bdefacda81edd44b /Core/Authentication | |
| parent | 123c8df26a95bfb86c1dacea02778b1aa8432fbe (diff) | |
| download | symfony-security-c2b112b6c8bb972bacb28ae38043b74ab47ae5f0.zip symfony-security-c2b112b6c8bb972bacb28ae38043b74ab47ae5f0.tar.gz symfony-security-c2b112b6c8bb972bacb28ae38043b74ab47ae5f0.tar.bz2 | |
Implemented LDAP authentication and LDAP user provider
Diffstat (limited to 'Core/Authentication')
| -rw-r--r-- | Core/Authentication/Provider/LdapBindAuthenticationProvider.php | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/Core/Authentication/Provider/LdapBindAuthenticationProvider.php b/Core/Authentication/Provider/LdapBindAuthenticationProvider.php new file mode 100644 index 0000000..9ce3bd2 --- /dev/null +++ b/Core/Authentication/Provider/LdapBindAuthenticationProvider.php @@ -0,0 +1,76 @@ +<?php + +namespace Symfony\Component\Security\Core\Authentication\Provider; + +use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; +use Symfony\Component\Security\Core\Exception\BadCredentialsException; +use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; +use Symfony\Component\Security\Core\User\UserCheckerInterface; +use Symfony\Component\Security\Core\User\UserInterface; +use Symfony\Component\Security\Core\User\UserProviderInterface; +use Symfony\Component\Ldap\LdapClientInterface; +use Symfony\Component\Ldap\Exception\ConnectionException; + +/** + * LdapBindAuthenticationProvider authenticates a user against an LDAP server. + * + * The only way to check user credentials is to try to connect the user with its + * credentials to the ldap. + * + * @author Charles Sarrazin <charles@sarraz.in> + */ +class LdapBindAuthenticationProvider extends UserAuthenticationProvider +{ + private $userProvider; + private $ldap; + private $dnString; + + /** + * Constructor. + * + * @param UserProviderInterface $userProvider A UserProvider + * @param UserCheckerInterface $userChecker A UserChecker + * @param string $providerKey The provider key + * @param LdapClientInterface $ldap An Ldap client + * @param string $dnString A string used to create the bind DN + * @param bool $hideUserNotFoundExceptions Whether to hide user not found exception or not + */ + public function __construct(UserProviderInterface $userProvider, UserCheckerInterface $userChecker, $providerKey, LdapClientInterface $ldap, $dnString = '{username}', $hideUserNotFoundExceptions = true) + { + parent::__construct($userChecker, $providerKey, $hideUserNotFoundExceptions); + + $this->userProvider = $userProvider; + $this->ldap = $ldap; + $this->dnString = $dnString; + } + + /** + * {@inheritdoc} + */ + protected function retrieveUser($username, UsernamePasswordToken $token) + { + if ('NONE_PROVIDED' === $username) { + throw new UsernameNotFoundException('Username can not be null'); + } + + return $this->userProvider->loadUserByUsername($username); + } + + /** + * {@inheritdoc} + */ + protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token) + { + $username = $token->getUsername(); + $password = $token->getCredentials(); + + try { + $username = $this->ldap->escape($username, '', LdapClientInterface::LDAP_ESCAPE_DN); + $dn = str_replace('{username}', $username, $this->dnString); + + $this->ldap->bind($dn, $password); + } catch (ConnectionException $e) { + throw new BadCredentialsException('The presented password is invalid.'); + } + } +} |