Active Directory LDAP v3 authentication adapter for CakePHP 3.x
-
user inputs 'username' and 'password' fields and send request to controller
-
we use a service account to do @ldap_bind() and then search for login 'username'
-
after a match, we use ldap_get_dn to get the 'dn' attribute for this user
-
we use the 'password' from first step and 'dn' from previous step to bind again and validate the user
Put LdapAuthenticate.php into cakephp_project_root\src\Auth folder, and then setup the following settings.
public function initialize()
{
parent::initialize();
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
$this->loadComponent('Auth', [
'loginAction' => [
'controller' => 'Users',
'action' => 'login'
],
'flash' => [
'element' => 'Flash/error',
],
'authError' => 'Please login to continue any further operations.',
'authenticate' => [
'Ldap' => [
'fields' => [
'username' => 'username',
'password' => 'password'
],
]
]
]);
}
config/app.php:
/**
* LDAP Configuration.
*
* Contains an array of settings to use for the LDAP configuration.
*
* ## Options
*
* - host - The domain controller hostname.
* - port - The port to use. Default is 636 and is optional.
* - bindAccount - The service account to bind ldap server.
* - bindPassword - The password to bind ldap server.
* - baseDN - The base DN for directory
* - filter - The attribute to search against.
* - return - The attributes to return'
* - errors - Array of errors where key is the error and the value is the error message.
*/
'Ldap' => [
'host' => 'SOMESERVER.SOMEROOT.NET',
'port' => 636, /** ldaps:// port */
'version' => 3,
'baseDN' => 'DC=SOMETHING,DC=YOUR_ROOT,DC=YOUR_NET',
'bindAccount' => 'CN=YOUR_LOGIN,OU=YOUR_ORG,DC=SOMETHING,DC=YOUR_ROOT,DC=YOUR_NET',
'bindPassword' => 'PASSWORD',
'filter'=>function($username) {
return "(|(sn=*$username*)(givenname=*$username*)(sAMAccountName=*$username*)(displayname=*$username*))";
},
'return' => array("ou", "sAMAccountName", "givenname", "mail", "dn"),
'errors' => []
],