Switch the context of the LdapManager by passing a domain name (ie. 'example.local').
| public switchDomain ( string $domain ) | ||
| $domain | string | |
/**
* {@inheritdoc}
*/
public function warmUp($cacheDir)
{
$domain = $this->ldap->getDomainContext();
foreach ($this->config->getDomainConfiguration() as $domainConfig) {
$this->ldap->switchDomain($domainConfig->getDomainName());
$schemaFactory = $this->ldap->getSchemaFactory();
$parser = $this->ldap->getSchemaParser();
$schema = empty($domainConfig->getSchemaName()) ? $domainConfig->getLdapType() : $domainConfig->getSchemaName();
$ldapObjects = $parser->parseAll($schema);
$this->cacheAllLdapSchemaObjects($schemaFactory, ...$ldapObjects);
}
$this->ldap->switchDomain($domain);
}
/**
* @param \Symfony\Component\Security\Core\User\UserProviderInterface $up
*/
function it_should_throw_bad_credentials_if_a_specified_domain_doesnt_exist_on_user_load_or_authenticate($up)
{
$credentials = $this->credentials;
$credentials['ldap_domain'] = 'foo.local';
$user = new LdapUser(new LdapObject(['username' => 'foo']));
$this->ldap->switchDomain('foo.local')->willThrow(new InvalidArgumentException('invalid'));
$this->shouldThrow('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException')->duringCheckCredentials($credentials, $user);
$this->shouldThrow('Symfony\\Component\\Security\\Core\\Exception\\BadCredentialsException')->duringGetUser($credentials, $up);
}
function it_should_switch_the_domain_if_the_token_has_the_ldap_domain_set()
{
// It first grabs a copy of the domain context, then checks against it, then checks it at the end...
$this->ldap->getDomainContext()->willReturn('foo.bar', 'foo.bar', 'example.local');
$this->token->hasAttribute('ldap_domain')->willReturn(true);
$this->token->getAttribute('ldap_domain')->willReturn('example.local');
$this->ldap->switchDomain('example.local')->shouldBeCalledTimes(1);
$this->ldap->switchDomain('foo.bar')->shouldBeCalledTimes(1);
$this->authenticate($this->token)->shouldReturnAnInstanceOf('\\Symfony\\Component\\Security\\Core\\Authentication\\Token\\UsernamePasswordToken');
}
/**
* Based on an array of IDs for LDAP objects, set the property to either a LdapObject for LdapObjectCollection.
*
* @param \ReflectionProperty $property
* @param LdapObjectAnnotation $annotation
* @param $entity
*/
protected function setLdapObjectForProperty(\ReflectionProperty $property, LdapObjectAnnotation $annotation, $entity)
{
if (empty($property->getValue($entity))) {
return;
}
$domain = $this->ldap->getDomainContext();
$switchDomain = $annotation->domain ?: null;
if ($switchDomain) {
$this->ldap->switchDomain($annotation->domain);
}
$results = $this->queryLdapForObjects($property, $annotation, $entity);
$property->setValue($entity, $results);
if ($switchDomain) {
$this->ldap->switchDomain($domain);
}
}
/**
* If the passed domain is not the current context, then switch back to it.
*
* @param string $domain
*/
protected function switchDomainBackIfNeeded($domain)
{
if ($domain !== $this->ldap->getDomainContext()) {
$this->ldap->switchDomain($domain);
}
}
