Sunday, February 20, 2022

[FIXED] CakePHP 3 Ldap authentication issue and clarification

      , , ,      No comments   

Issue

I am working on integrating LDAP authentication in my project. and I followed the tutorial from official CakePHP site that guides through how to create a custom object in application src path and using those custom objects in AuthController.

So I created a folder called Auth in src with the file name called LdapAuthorize.php. The path looks like this src/Auth/LdapAuthorize.php

Here is my LdapAuthorize.php code:

namespace App\Auth;

use Cake\Auth\BaseAuthorize;
use Cake\Network\Request;

class LdapAuthorize extends BaseAuthorize {
    public function authorize($user, Request $request) {
        if ($user == 'username') { // where username is logged on ldap user on a computer.
            return true;
        }
    }
}

I also called the object in AppController.php file. Here is my code:

public function initialize()
{
    parent::initialize();
    $this->loadComponent('Flash');
    $this->loadComponent('Auth', [
        'loginRedirect' => [
            'controller' => 'Customers',
            'action' => 'index'
        ],
        'logoutRedirect' => [
            'controller' => 'Pages',
            'action' => 'display',
            'home'
        ]
    ]);      
    $this->Auth->config('authenticate', [
        'Ldap'
    ]);
}

So when I access the url http://localhost/AppPath/Dashboard/index I get Authentication adapter "Ldap" was not found.

Since this is my first experience with CakePHP, I couldn't find that many solution online that help troubleshoot any issues.

Adding additional code for LdapAuthenticate.php:

namespace App\Auth;

use Cake\Auth\BaseAuthenticate;
use Cake\Network\Request;
use Cake\Network\Response;

class OpenidAuthenticate extends BaseAuthenticate
{
    public function authenticate(Request $request, Response $response)
    {
        $users = ["john", "ray"];
        return $users;
    }
}

Solution

What you need is a custom authentication adapter, your LdapAuthorize is a custom authorize adapter:

// in src/Auth/LdapAuthenticate.php

namespace App\Auth;

use Cake\Auth\BaseAuthenticate;
use Cake\Network\Request;
use Cake\Network\Response;

class LdapAuthenticate extends BaseAuthenticate {

    protected $_host = 'your_ldap_server' ;

    public function authenticate(Request $request, Response $response) {
        $username = $request->data['username'] ;
        $password = $request->data['password'] ;
        $ds = @ldap_connect($this->_host) ;
        if (!$ds) {
            throw \Cake\Error\FatalErrorException ('Unable to connect to LDAP host.') ;
        }
        $basedn = "your ldap query... "
        $dn = "uid=$username, ".$basedn;
        $ldapbind = @ldap_bind($ds, $dn, $password);
        if (!$ldapbind) {
            return false ;
        }
        // Do whatever you want with your LDAP connection... 
        $entry = ldap_first_entry ($ldapbind) ;
        $attrs = ldap_get_attributes ($ldapbind, $entry) ;
        $user  = [] ;
        // Loop
        for ($i = 0 ; $i < $attrs["count"] ; $i++) {
            $user[$attrs[$i]] = ldap_values ($ldapbind, $entry, $attrs[$i])[0] ;
        }
        // Then close it and return the authenticated user
        ldap_unbind ($ldapbind) ;
        ldap_close ($ldapbind);
        return $user ;
    }

}


Answered By - Holt

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...