0

I have both my ldap server set up (with adldap2/adldap2-laravel) and my JWT set up (with tymon/jwt-auth) for a SPA built with Vue/Vuetify and Laravel api backend. The JWT is all set up to the point where if I leave my provider as eloquent, I can get a successful login attempt with my eloquent users:

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model' => App\User::class,
    ]
],

As soon as I change the driver to adldap and attempt a username/password that is known to be valid in our ldap system, I am stuck on an unauthorized error. Does anyone have any advice or resources to marry these two? I know that there are a lot of differences with laravel/passport sessions and JWT, but I'm not seeing a simple solution. Here is my AuthController: 

<?php

namespace App\Http\Controllers;

use Illuminate\Support\Facades\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

class AuthController extends Controller
{
    use AuthenticatesUsers;

    /**
     * Create a new AuthController instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('jwt', ['except' => ['login']]);
    }

    public function login()
    {
        $credentials = request(['username', 'password']);

        if (! $token = auth()->attempt($credentials)) {
            return response()->json(['error' => 'Unauthorized'], 401);
        }

        return $this->respondWithToken($token);
    }

    public function me()
    {
        return response()->json(auth()->user());
    }

    public function logout()
    {
        auth()->logout();

        return response()->json(['message' => 'Successfully logged       out']);
    }

    public function refresh()
    {
        return $this->respondWithToken(auth()->refresh());
    }

    protected function respondWithToken($token)
    {
        return response()->json([
            'access_token' => $token,
            'token_type' => 'bearer',
            'expires_in' => auth()->factory()->getTTL() * 60,
            'user' => auth()->user()->name
        ]);
    }
}
Matt Larsuma
  • 1,456
  • 4
  • 20
  • 52
  • Where's the code that speaks to LDAP? Is it LDAP (OpenLDAP, FreeIPA) or ActiveDirectory that you're dealing with? Where's the LDAP config? I've done entirely custom work with Laravel and LDAP authentication so the reason I'm asking these questions is because I too don't know if there's an out of the box solution with Laravel. So far, I've dealt with some 50 LDAP instances and each and single one was different and pain in the butt to get to work when it comes to authentication. – N.B. Jul 30 '18 at 21:10
  • It's ActiveDirectory. The code is all over the place. Someone else set it up, but I do know they followed the docs https://github.com/Adldap2/Adldap2-Laravel, so it's fairly standard. What I'm having a hard time finding are any examples out there of using Adldap2 without Laravel/Passport or laravel sessions, but rather using in with JWT. I'm attempting to avoid using a blade login form just to have a valid laravel session. – Matt Larsuma Jul 30 '18 at 21:20
  • Did you check if Laravel speaks to AD at all by running some sample code? That's usually the first thing I deal with as I often get invalid bind credentials. Then if Laravel is able to spit out info about someone who's in AD, I work my way up by checking what the correct bind approach is - often there's this problem where I have to edit `/etc/ldap.conf` and set `TLS_REQCERT=NEVER` to get bind to work, if your AD requires TLS. Those AD servers never have a cert issued by cert authority so it's often where bind fails. – N.B. Jul 30 '18 at 21:27

0 Answers0