[FIXED] LDAP Authentication with Cakephp 3.x

Issue

I'm new to Cakephp and working on implementation of LDAP-authentication in my application now. Many things in the "bookmarker" tutorial on the official website works automatically, so it didn't give me enough information about how to implement some specific authentication. I've already checked this post CakePHP 3 Ldap authentication issue and clarification and tried to implement my authentication this way, but still have some understanding problems.

In my database I have a table "Students" which has an attribute "id" as a primary key. My AppController looks as follows:

 public function initialize()
{
    parent::initialize();

    $this->loadComponent('Flash');
    $this->loadComponent('Auth', ['authenticate' =>
        ['Form' =>
            ['fields' =>
                ['username' => 'email',
                    'password' => 'password']
            ]
        ], 'loginAction' => [
        'controller' => 'Students',
        'action' => 'login'
    ]
    ]);

    $this->Auth->config('authenticate', ['Ldap']);
}

public function isAuthorized()
{
    if($this->Auth->user('departmentnumber') == "***") { return true; }
}

The LdapAuthenticate class is like in the post I mentioned above:

namespace App\Auth;

use Cake\Auth\BaseAuthenticate;
use Cake\Network\Request;
use Cake\Network\Response;

class LdapAuthenticate extends BaseAuthenticate {

protected $_host = '***' ;

public function authenticate(Request $request, Response $response) {
    $username = $request->data['username'] ;
    $password = $request->data['password'] ;
    $ds = @ldap_connect($this->_host) ;
    if (!$ds) {
        throw \Cake\Error\FatalErrorException ('Unable to connect to LDAP host.') ;
    }
    $basedn = "cn=Users,dc=***";
    $dn = "cn=$username, " . $basedn;
    $ldapbind = @ldap_bind($ds, $dn, $password);
    if (!$ldapbind) {
        return false ;
    }

    $entry = ldap_first_entry ($ldapbind) ;
    $attrs = ldap_get_attributes ($ldapbind, $entry) ;
    $user  = [] ;
    // Loop
    for ($i = 0 ; $i < $attrs["count"] ; $i++) {
        $user[$attrs[$i]] = ldap_values ($ldapbind, $entry, $attrs[$i])[0] ;
    }
    // Then close it and return the authenticated user
    ldap_unbind ($ldapbind) ;
    return $user ;
}
}

In the StudentsController I've implemented functions login and logout like in the "bookmarker" tutorial:

public function login(){
    if ($this->request->is('post')){
        $user = $this->Auth->identify();
        if ($user) {
            $this->Auth->setUser($user);
            return $this->redirect($this->Auth->redirectUrl());
        }

        // user is not identified
        $this->Flash->error('Your username or password is not correct');
    }
}

public function logout(){
    $this->Flash->success('You are now logged out');
    return $this->redirect($this->Auth->logout());
}

When I open any page, I'm successfully landing in my login.ctp page. After I enter my credentials and click "login", I'm getting an error "SQLSTATE[42S02]: Base table or view not found: 1146 Table '***_db.users' doesn't exist". So I think I made something wrong, but don't have enough understanding to find where - have no idea why it tries to find a "users" table in my database which doesn't exist.

Thank to everyone who helps me with ideas in advance!

Solution

Because of incorrect configuration. Instead of using Form in your Auth config, use Ldap:

 $this->loadComponent('Auth', ['authenticate' =>
        ['Ldap' =>
            ['fields' =>
                ['username' => 'email',
                    'password' => 'password']
            ]
        ], 'loginAction' => [
        'controller' => 'Students',
        'action' => 'login'
    ]
    ]);

Answered By - José Lorenzo Rodríguez