Authentication with ADldap2 and fallback with local database; Use same table
danbgh opened this issue · 4 comments
- Laravel Version: 7.22.4
- Adldap2-Laravel Version: 6.1
- PHP Version: 7.2.11
- LDAP Type: ActiveDirectory
Description:
Hello
I have successfully configured and used Laravel / Adldap2, thanks for this interface!
What I can't seem to do is make a two-pronged connection; (1) LDAP connection test (as a priority) and then automatically switch to authentication in the (2) local database, same tables and USER class
I have correctly configured the Fallback in the config and I have created an additional guard
Here, some configuration :
*** ldap_auth.php ***
'login_fallback' => env ('LDAP_LOGIN_FALLBACK', true),
*** auth.php ***
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'webdb' => [
'driver' => 'session',
'provider' => 'usersdb',
],
'providers' => [
'users' => [
'driver' => 'ldap',
'model' => App \ User :: class,
'table' => 'users',
],
'usersdb' => [
'driver' => 'eloquent',
'model' => App \ User :: class,
],
*** web.php ***
Auth :: routes ([
'reset' => false,
'verify' => false,
'register' => false,
]);
Route :: get ('/', 'HomeController @ index') -> name ('home');
*** HomeController.php ***
class HomeController extends Controller
{
/ **
* Create a new controller instance.
*
* @return void
* /
public function __construct ()
{
$ this-> middleware ('auth: web, webdb');
}
/ **
* Show the dashboard application.
*
* @return \ Illuminate \ Contracts \ Support \ Renderable
* /
public function index ()
{
return view ('home');
}
}
I have a local account in the database (with a hashing password)
Ldap authentication works, but when I try the local account to the Database (not LDAP), it does not authenticate me and goes back to login
What am I missing ?
Is it possible to do it this way (without a specific controller and model) ?
Is this the correct way to specify guards in homecontroller.php ?
and does my route fit in web.php ?
Can you specify the right way to achieve this operation that I want to set up, please?
Thank you very much for your help !
Dany
Hello
I have a functional and best-practice solution that works well.
The base above remains, simply changed the authentication sequence (local DB followed by ldap), use two tables / migration for authentication and redefined / modify the login method of the trait in my loginController
if you need details, please feel free
Dany
Hi @danbgh,
There's no need to create an additional guard.
You should:
- Enable the Adldap2
fallbackconfiguration option - Set your authentication provider to use the
ldapdriver
It should then allow you to authenticate with existing users in your database that do not exist in your LDAP server.
For example, if you have a local database user with the email address jdoe@email.com, and a user with that email address does not exist in your LDAP server, or LDAP server connectivity fails, then Adldap2 will attempt to authenticate the user using the eloquent authentication driver.
Thank you for that answer !
The authentication required (legal aspect), should not save the password from the AD. And in both cases, I'm not using the email address, but a specific field (AD) as the username. (however, this aspect does not change your explanation)
Thanks again !
Happy to help @danbgh!
The authentication required (legal aspect), should not save the password from the AD.
This is the default operation of Adldap2-Laravel. It will only synchronize the users password if you have it enabled. 👍