2

Currently I have two levels of user in my app. A standard user, which uses a Laravel's built-in database authentication; and an administrative user, which uses LDAP authentication via Adldap2.

config/auth.php:

...
"guards" => [
    "web" => [
        "driver" => "session",
        "provider" => "users",
    ],
    "admin" => [
        "driver" => "session",
        "provider" => "admins",
    ],

"providers" => [
    "users" => [
        "driver" => "eloquent",
        "model" => App\User::class,
    ],
    "admins" => [
        "driver" => "ldap",
        "model" => App\Admin::class,
    ],
],
...

No problems with this setup at all.

Now, there is the possibility of having administrative users from outside the company. These users would not be authenticated by LDAP, but from a database record in a new admins table. I could set up a third provider, but obviously going into the app and rewriting everywhere permissions are checked would not be fun, so I'm hoping there's another way.

Assuming that we had LDAP users login with an LDAP domain, e.g. username@corp.internal, is there a way to change the driver from "ldap" to "eleoquent" based on the provided user name?

miken32
  • 42,008
  • 16
  • 111
  • 154

1 Answers1

2

I'm pretty sure that with https://github.com/Adldap2/Adldap2-Laravel you can do what you want dynamcally, I did it in the past.

This library has this option:

'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', true), // While default is false

That option let you:

"/*
|--------------------------------------------------------------------------
| Login Fallback
|--------------------------------------------------------------------------
|
| The login fallback option allows you to login as a user located on the
| local database if active directory authentication fails.
|
| Set this to true if you would like to enable it.
|
| This option must be true or false and is only
| applicable to the DatabaseUserProvider.
|
*/"

And that's what you need: if the user has no credential on LDAP, search for that user on your local DB.

A whole thread about the priority order is here:

https://github.com/Adldap2/Adldap2-Laravel/issues/221

pmiranda
  • 7,602
  • 14
  • 72
  • 155
  • 1
    Damn, didn’t even think to check the LDAP package. I figured I’d be mucking around with Laravel’s guts. Thanks! – miken32 Jun 27 '19 at 13:37
  • 1
    Yup just enabled the option, inserted a DB entry into the table, and it worked perfectly for login. – miken32 Jun 27 '19 at 15:16