Symfony2: Actually integrating FR3DLdapBundle with FOSUserBundle is problematic

Question

Has anybody actually integrated the two? I'm working on doing so now and I don't get how to get past the issues I'm having.

First, my versions:

• Symfony 2.0.15
• FOSUserBundle 1.2.0
• FR3DLdapBundle 1.5.x

What is not a problem at the moment is getting the ldap bundle to contact my ldap server and authenticate a user. That works fine.

The problem is when it comes time to persist the user. Here's what my user Entity looks like

<?php

namespace JWT\EufonyBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use FR3D\LdapBundle\Model\LdapUserInterface;
use FOS\UserBundle\Entity\User as BaseUser;

/**
 * JWT\EufonyBundle\Entity\User
 *
 * @ORM\Table(name="user")
 * @ORM\Entity(repositoryClass="JWT\EufonyBundle\Entity\UserRepository")
 */
class User extends BaseUser implements LdapUserInterface
{
  /**
   * Ldap Object Distinguished Name
   * @var string $dn
   */
  protected $dn;

  /**
   * @var integer $id
   *
   * @ORM\Column(name="id", type="integer")
   * @ORM\Id
   * @ORM\GeneratedValue(strategy="AUTO")
   */
  protected $id;

  /**
   * Get id
   *
   * @return integer
   */
  public function getId()
  {
      return $this->id;
  }

  /**
   * {@inheritDoc}
   */
  public function setDn($dn)
  {
    $this->dn = $dn;
  }

  /**
   * {@inheritDoc}
   */
  public function getDn()
  {
    return $this->dn;
  }
}

This is what the resulting MySQL table looks like

mysql> describe user;
+-----------------------+--------------+------+-----+---------+----------------+
| Field                 | Type         | Null | Key | Default | Extra          |
+-----------------------+--------------+------+-----+---------+----------------+
| id                    | int(11)      | NO   | PRI | NULL    | auto_increment |
| username              | varchar(255) | NO   |     | NULL    |                |
| username_canonical    | varchar(255) | NO   | UNI | NULL    |                |
| email                 | varchar(255) | NO   |     | NULL    |                |
| email_canonical       | varchar(255) | NO   | UNI | NULL    |                |
| enabled               | tinyint(1)   | NO   |     | NULL    |                |
| salt                  | varchar(255) | NO   |     | NULL    |                |
| password              | varchar(255) | NO   |     | NULL    |                |
| last_login            | datetime     | YES  |     | NULL    |                |
| locked                | tinyint(1)   | NO   |     | NULL    |                |
| expired               | tinyint(1)   | NO   |     | NULL    |                |
| expires_at            | datetime     | YES  |     | NULL    |                |
| confirmation_token    | varchar(255) | YES  |     | NULL    |                |
| password_requested_at | datetime     | YES  |     | NULL    |                |
| roles                 | longtext     | NO   |     | NULL    |                |
| credentials_expired   | tinyint(1)   | NO   |     | NULL    |                |
| credentials_expire_at | datetime     | YES  |     | NULL    |                |
+-----------------------+--------------+------+-----+---------+----------------+

The problem comes from all the columns inherited from FOS\UserBundle\Entity\User - specifically all the NOT NULL columns for which I'll never have values when a user authenticates with LDAP.

So what's the solution here? I can't "fake" values for columns like user.salt or user.password.

I checked the class hierarchy from FOS\UserBundle\Entity\User on up and the requirement for columns like password are in FOS\UserBundle\Model\UserInterface (hierarchy below)

FR3D\LdapBundle\Model\LdapUserInterface <------------------------+
                                                                 |
Symfony\Component\Security\Core\User\UserInterface               |
  ^                                                              |
  +- Symfony\Component\Security\Core\User\AdvancedUserInterface  |
       ^                                                         |
       +- FOS\UserBundle\Model\UserInterface <---+               |
                                                 |               |
FOS\UserBundle\Model\UserInterface <-------------+               |
                                                 |               |
                                      implements |               |
FOS\UserBundle\Model\User -----------------------+               |
  ^                                                              |
  +- FOS\UserBundle\Entity\User                                  |
       ^                                              implements |
       +- JWT\EufonyBundle\Entity\User --------------------------+

This tells me that I actually can't implement LDAP authentication for user's persisted by something that extends FOS\UserBundle\Entity\User, which feels like the same thing as saying "doesn't integrate with FOSUserBundle at all" despite the fact that this seems to be the whole purpose of FR3DLdapBundle.

And if my user class doesn't extends FOS\UserBundle\Entity\User, then I lose all the role/group goodies that FOSUserBundle provides out of the box.

Did I miss something in the documentation? I don't get how to make this work.

Answer 1

I don't understand what is your problem. If you set a password and storage it in the DB then the authentication will be against the DB instead of Ldap.

You should have the following providers under the "chain provider" key:

providers: [fos_userbundle, fr3d_ldapbundle]

The order of the providers matters, you can play omitting some of their but NEVER fr3d_ldapbundle can go before fos_userbundle

(https://github.com/Maks3w/FR3DLdapBundle/blob/master/Resources/doc/index.md#6-enable-fosuserbundle-as-user-provider)

If you have some special need to fill some user attribute when the user is created then you can follow this cookbook and setup your own values.

https://github.com/Maks3w/FR3DLdapBundle/blob/master/Resources/doc/cookbook/override_ldap-manager.md

Regards