0

I'm haveing app in Symfony. Users login there using FOS with Oauth. Now i need to add option to login using active directory. So i have installed this bundle: https://github.com/Maks3w/FR3DLdapBundle but still cannot configure it to work. Im posting my config and security file. Any ideas what should i change?

security.yml

security:

  erase_credentials: false

  encoders:
    FOS\UserBundle\Model\UserInterface: sha512
    #FOS\UserBundle\Model\UserInterface: plaintext
    FR3D\LdapBundle\User\LdapUser: plaintext
  providers:
    chain_provider:
      chain:
        providers: [fos_userbundle, fr3d_ldapbundle]
    fr3d_ldapbundle:
      id: fr3d_ldap.security.user.provider
    fos_userbundle:
      id: fos_user.user_provider.username_email

  role_hierarchy:
    ROLE_USER: ~
    ROLE_ADMIN: [ROLE_USER]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  firewalls:
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false

    doc:
      pattern: ^/api/doc/$
      security: false

    oauth_token:
      pattern:  ^/oauth/v2/token
      security:   false

    passwords:
      pattern: ^/api/password
      security: false

    # Poniżej są metory autoryzacji.
    oauth_authorize:
      pattern:   ^/site|^/fos|^/api
      fr3d_ldap: ~
      fos_oauth: true
      form_login:
        provider: fos_userbundle
        check_path: /fos/login_check
        login_path: /fos/login
      logout:
        path:   /fos/logout
        target: /
      anonymous: true

  access_control:
    - { path: ^/oauth/v2/auth_login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/users/[0-9]+/(avatar|wallpaper), roles: [ IS_AUTHENTICATED_FULLY ] }
    - { path: ^/api/users, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api/groups, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api/menus, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
    - { path: ^/ /, roles: IS_AUTHENTICATED_ANONYMOUSLY }

config.yml

imports:
  - { resource: parameters.yml }
  - { resource: security.yml }
  - { resource: doctrine_extensions.yml }
  - { resource: services.yml }

framework:
  #esi:       ~
  #translator:    { fallback: "%locale%" }
  secret:      "%secret%"
  router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
  form:      ~
  csrf_protection: ~
  validation:    { enable_annotations: true }
  templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
  default_locale:  "%locale%"
  trusted_hosts:   ~
  trusted_proxies: ~
  session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
  fragments:     ~
  http_method_override: true

# Twig Configuration
twig:
  debug:      "%kernel.debug%"
  strict_variables: "%kernel.debug%"

# Assetic Configuration
assetic:
  debug:      "%kernel.debug%"
  use_controller: false
  bundles:    [ ]
  #java: /usr/bin/java
  filters:
    cssrewrite: ~
    #closure:
    #  jar: "%kernel.root_dir%/Resources/java/compiler.jar"
    #yui_css:
    #  jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"

# Doctrine Configuration
doctrine:
  dbal:
    default_connection: default
    connections:
      default:
        driver:   "%database_driver%"
        host:   "%database_host%"
        port:   "%database_port%"
        dbname:   "%database_name%"
        user:   "%database_user%"
        password: "%database_password%"
        charset:  UTF8
      axp:
        driver_class:   Realestate\MssqlBundle\Driver\PDODblib\Driver
#driver:   "%database_driver2%"
        host:   "%database_host2%"
        #server:   "%database_host2%"
        #port:   "%database_port2%"
        #dbname:   "%database_name2%"
        user:   "%database_user2%"
        password: "%database_password2%"
        #charset:  UTF8

  orm:
    default_entity_manager: default
    entity_managers:
      default:
        connection: default
        auto_mapping: true
      axp:
        connection: axp
        mappings:
          XtrdAxpPeopleBundle: ~

    auto_generate_proxy_classes: "%kernel.debug%"


# Swiftmailer Configuration
swiftmailer:
  transport: "%mailer_transport%"
  host:    "%mailer_host%"
  username:  "%mailer_user%"
  password:  "%mailer_password%"
  spool:   { type: memory }


fos_rest:
  serializer:
    serialize_null: true
  routing_loader:
    default_format: json
  param_fetcher_listener: true
  body_converter:
    enabled: true
    validate: true
  body_listener:
    array_normalizer: fos_rest.normalizer.camel_keys
    decoders:
      json: fos_rest.decoder.jsontoform
  format_listener:
    rules:
       - { path: ^/api, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
       - { path: ^/axp, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
       - { path: ^/, priorities: [ html ], fallback_format: html, prefer_extension: false }
  view:
    serialize_null: true
    view_response_listener: force
    failed_validation: HTTP_UNPROCESSABLE_ENTITY
    formats:
      json: true
      xml: true


nelmio_cors:
  defaults:
    allow_credentials: false
    allow_origin: [ 'http://localhost:4200' ]
    allow_headers: []
    allow_methods: []
    expose_headers: []
    max_age: 0
    hosts: []
  paths:
    '^/':
      origin_regex: true
      allow_origin: ['^http://localhost:[0-9]+', '^http://.*.Xtrd.com', '^http://localhost:8000+']
      allow_headers: ['*']
      allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
      max_age: 3600

fos_oauth_server:
  db_driver: orm
  client_class: Xtrd\IntranetApiBundle\Entity\Client
  access_token_class: Xtrd\IntranetApiBundle\Entity\AccessToken
  refresh_token_class: Xtrd\IntranetApiBundle\Entity\RefreshToken
  auth_code_class: Xtrd\IntranetApiBundle\Entity\AuthCode
  service:
    user_provider: fos_user.user_manager
    #user_provider: fr3d_ldap.security.user.provider

fos_user:
  db_driver: orm
  firewall_name: oauth_authorize
  user_class: Xtrd\IntranetApiBundle\Entity\User
  group:
    group_class: Xtrd\IntranetApiBundle\Entity\Group


parameters:
  jms_serializer.camel_case_naming_strategy.class: JMS\Serializer\Naming\IdenticalPropertyNamingStrategy

jms_serializer:
  handlers:
    datetime:
      default_format: "c" # ISO8601
      default_timezone: "UTC" # defaults to whatever timezone set in php.ini or via date_default_timezone_set

  property_naming:
    separator:
    lower_case: false

  metadata:
    cache: file
    debug: "%kernel.debug%"
    file_cache:
      dir: "%kernel.cache_dir%/serializer"
    auto_detection: true
    directories:
      FOSUserBundle:
        namespace_prefix: "FOS\\UserBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer/fos"
      XtrdExchangeWebServicesBundle:
        namespace_prefix: "Xtrd\\ExchangeWebServicesBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer/ews"
      XtrdIntranetApiBundle:
        namespace_prefix: "Xtrd\\IntranetApiBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer"

  visitors:
    json:
      options: 128 # json_encode options bitmask

fr3d_ldap:
  driver:
    host: xtrd.com
    #port: 389 # Optional
    #username:   # Optional
    #password: # Optional
#    bindRequiresDn: true
    #baseDn: DC=Xtrd,DC=com
#    accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
    #accountFilterFormat: (&(samaccountname=%s))
#     optReferrals:    false  # Optional
    #useSsl: false # Enable SSL negotiation. Optional
#     useStartTls:     true   # Enable TLS negotiation. Optional
#     accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
    #accountDomainName: 
    #accountDomainNameShort:  # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
  user:
    baseDn: dc=xtrd,dc=com
    filter: (&(objectClass=Person))
    # filter: (&(objectClass=user))
    attributes:
     - { ldap_attr: samaccountname, user_method: setUsername }
#      - { ldap_attr: userprincipalname, user_method: setUsername }
    # - { ldap_attr: mail, user_method: setEmail }
    # - { ldap_attr: givenname, user_method: setFirstName }
    # - { ldap_attr: sn, user_method: setLastName }
    # - { ldap_attr: description, user_method: setDescription }
    # - { ldap_attr: password, user_method: setPassword }
  #service:
    #user_manager: fos_user.user_manager      # Overrides default user manager
    #ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager
BigBazooka007
  • 107
  • 12
  • Which version of Symfony are you using? Why not using the new 2.8 LDAP component? http://symfony.com/blog/new-in-symfony-2-8-ldap-component – LBA Jul 08 '16 at 13:18
  • I'm using 2.6.11. Im using FOS so thats why i'm trying to use class based on FOS. – BigBazooka007 Jul 28 '16 at 11:13

1 Answers1

1

Have you taken a look at my Symfony AD Integration post:

https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/

I see you are using REST API, so your configuration might be a bit different than mine. What I would suggest is create a new Symphony project and make sure that you can 1st get LDAP authentication working, and then next get AD authentication working.

By the way, I had to spend a lot of time to get this working, so hoepfully the blog post helps you.

Alvin Bunk
  • 7,621
  • 3
  • 29
  • 45
  • Thanks Alvin. Your post is very usefull. Unfortunately it didnt helped me because i still cannot login as LDAP user. I'm getting {"error":"invalid_grant","error_description":"Invalid username and password combination"} every time. I have made simple php script to check my login data - all works fine so its something with configuration. I need to use rest api because my frontend is based in JS rest framework. – BigBazooka007 Jul 28 '16 at 11:15