Symfony2 FOSUSER с LDAP FR3DLdapBundle

Я пытаюсь использовать LDAP-соединение для аутентификации своих пользователей, сохраняя FOSUser для управления ими, я точно использую это руководство http://blog.henriet.eu/authentification-ldap-avec-symfony-2.1-et-fosuserbundle.html

получил текущую конфигурацию

fr3d_ldap:
driver:
host:                dsti-dc1
port:                389    # Optional
#username:                # Optional
# password:                # Optional
bindRequiresDn:      true   # Optional
baseDn: dc=cm-funchal, dc=pt
#       accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
#       optReferrals:        false  # Optional
useSsl:              false   # Enable SSL negotiation. Optional
#       useStartTls:         true   # Enable TLS negotiation. Optional
#       accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
#       accountDomainName: HOST
#       accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
user:
baseDn: dc=cm-funchal, dc=pt
filter: (&(objectClass=user))
attributes:
- { ldap_attr: samaccountname,  user_method: setUsername } # champ login
#  - { ldap_attr: sn, user_method: setName }
#   - { ldap_attr: preferredlanguage, user_method: setLanguage }
#  - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser

#           - { ldap_attr: ...,  user_method: ... }         # Optional
#   service:
#       user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator
#       ldap_manager: fr3d_ldap.ldap_manager.default   # Overrides default ldap manager

когда я пытаюсь войти в систему, я всегда получаю «недействительные учетные данные», но при выполнении командной строки

ldapsearch -H ldap://dsti-dc1:389 -x -b DC=cm-funchal,DC=pt -D [email protected] -w 'tetst

я получаю ответ с тоннами данных. Любая идея, почему пакет не проверяет учетные данные?
ти

РЕДАКТИРОВАТЬ
я публикую свою полную конфигурацию

//security.yml

security:
# Preserve plain text password in token for refresh the user.
# Analyze the security considerations before turn off this setting.
erase_credentials: falseproviders:
chain_provider:
chain:
providers: [fos_userbundle, fr3d_ldapbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_manager

firewalls:
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: chain_provider
csrf_token_generator: security.csrf.token_manager
always_use_default_target_path: true
default_target_path: /
logout:     true
anonymous:  trueencoders:
LDAPCMF\AuthBundle\Entity\User: plaintext

//CONFIG.yml

imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }

# Put parameters here that don't need to change on each machine where the app is deployed
# http://symfony.com/doc/current/best_practices/configuration.html#application-related-configuration
parameters:
locale: en

framework:
#esi:             ~
#translator:      { fallbacks: ["%locale%"] }
secret:          "%secret%"router:
resource: "%kernel.root_dir%/config/routing.yml"strict_requirements: ~
form:            ~
csrf_protection: ~
validation:      { enable_annotations: true }
#serializer:      { enable_annotations: true }
templating:
engines: ['twig']
default_locale:  "%locale%"trusted_hosts:   ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id:  ~
fragments:       ~
http_method_override: true

# Twig Configuration
twig:
debug:            "%kernel.debug%"strict_variables: "%kernel.debug%"
# Doctrine Configuration
doctrine:
dbal:
driver:   pdo_mysql
host:     "%database_host%"port:     "%database_port%"dbname:   "%database_name%"user:     "%database_user%"password: "%database_password%"charset:  UTF8
# if using pdo_sqlite as your database driver:
#   1. add the path in parameters.yml
#     e.g. database_path: "%kernel.root_dir%/data/data.db3"#   2. Uncomment database_path in parameters.yml.dist
#   3. Uncomment next line:
#     path:     "%database_path%"
orm:
auto_generate_proxy_classes: "%kernel.debug%"naming_strategy: doctrine.orm.naming_strategy.underscore
auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
transport: "%mailer_transport%"host:      "%mailer_host%"username:  "%mailer_user%"password:  "%mailer_password%"spool:     { type: memory }fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: LDAPCMF\AuthBundle\Entity\User

fr3d_ldap:
driver:
host:                dsti-dc1
port:                389    # Optional
username:            [email protected]
password:            test    # Optional
bindRequiresDn:      true   # Optional
baseDn: dc=cm-funchal, dc=pt
#       accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
#       optReferrals:        false  # Optional
useSsl:              false   # Enable SSL negotiation. Optional
#       useStartTls:         true   # Enable TLS negotiation. Optional
#       accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
#       accountDomainName: HOST
#       accountDomainNameShort: HOST # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
user:
baseDn: dc=cm-funchal, dc=pt
filter: (&(objectClass=Person))
attributes:
- { ldap_attr: samaccountname,  user_method: setUsername } # champ login
#  - { ldap_attr: sn, user_method: setName }
#   - { ldap_attr: preferredlanguage, user_method: setLanguage }
#  - { ldap_attr: mail, user_method: setEmail } # setter dans BaseUser

#           - { ldap_attr: ...,  user_method: ... }         # Optional
#   service:
#       user_hydrator: fr3d_ldap.user_hydrator.default # Overrides default user hydrator
#       ldap_manager: fr3d_ldap.ldap_manager.default   # Overrides default ldap manager

и мой пользовательский класс:

namespace LDAPCMF\AuthBundle\Entity;use Doctrine\ORM\Mapping as ORM;
use FR3D\LdapBundle\Model\LdapUserInterface;
use FOS\UserBundle\Model\User as BaseUser;

/**
* User
*
* @ORM\Table()
* @ORM\Entity
*/
class User extends BaseUser implements LdapUserInterface
{

/**
* @ORM\Id
* @ORM\Column(type="integer")
* @ORM\GeneratedValue(strategy="AUTO")
*/
protected $id;

/**
* @ORM\Column(type="string", nullable=true)
*/
protected $name;

/**
* Ldap Object Distinguished Name
* @ORM\Column(type="string", length=128)
* @var string $dn
*/
private $dn;

public function __construct()
{
parent::__construct();
if (empty($this->roles)) {
$this->roles[] = 'ROLE_USER';
}
}

public function setName($name) {
$this->name = $name;
}

/**
* {@inheritDoc}
*/
public function setDn($dn)
{
$this->dn = $dn;
}

/**
* {@inheritDoc}
*/
public function getDn()
{
return $this->dn;
}

}

Я получаю в настоящее время

Authentication request could not be processed due to a system problem.

РЕДАКТИРОВАТЬ 2

Похоже, это проблема с сервером? попытался использовать комплект с http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/ и работал отлично, но когда я перехожу на свой сервер, я получаю ошибку. Возможно что-то с конфигурацией ldap?

РЕДАКТИРОВАТЬ 3

получил следующий dev.log

[2016-03-23 13:05:30] request.INFO: Matched route "fos_user_security_check". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::checkAction","_route":"fos_user_security_check"},"request_uri":"http://localhost:8000/login_check"} []
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928,"stack":[{"function":"handleError","class":"Symfony\\Component\\Debug\\ErrorHandler","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"function":"trigger_error"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/User/ChainUserProvider.php","line":49,"function":"loadUserByUsername","class":"FOS\\UserBundle\\Model\\UserManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php","line":55,"function":"loadUserByUsername","class":"Symfony\\Component\\Security\\Core\\User\\ChainUserProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php","line":70,"function":"retrieveUser","class":"FR3D\\LdapBundle\\Security\\Authentication\\LdapAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2667,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvider","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php","line":107,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\AuthenticationProviderManager","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php","line":146,"function":"attemptAuthentication","class":"Symfony\\Component\\Security\\Http\\Firewall\\UsernamePasswordFormAuthenticationListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":2582,"function":"handle","class":"Symfony\\Component\\Security\\Http\\Firewall\\AbstractAuthenticationListener","type":"->"},{"function":"onKernelRequest","class":"Symfony\\Component\\Security\\Http\\Firewall","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/WrappedListener.php","line":61,"function":"call_user_func"},{"function":"__invoke","class":"Symfony\\Component\\EventDispatcher\\Debug\\WrappedListener","type":"->"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1853,"function":"call_user_func"},{"file":"/home/sergio/Desktop/RSU/app/cache/dev/classes.php","line":1771,"function":"doDispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/Debug/TraceableEventDispatcher.php","line":132,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\EventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":120,"function":"dispatch","class":"Symfony\\Component\\EventDispatcher\\Debug\\TraceableEventDispatcher","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpKernel.php","line":62,"function":"handleRaw","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php","line":69,"function":"handle","class":"Symfony\\Component\\HttpKernel\\HttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Kernel.php","line":185,"function":"handle","class":"Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/web/app_dev.php","line":30,"function":"handle","class":"Symfony\\Component\\HttpKernel\\Kernel","type":"->"},{"file":"/home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Resources/config/router_dev.php","line":40,"args":["/home/sergio/Desktop/RSU/web/app_dev.php"],"function":"require"}]} []
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["[email protected]"] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))([email protected])), sAMAccountName,cn,mail) [] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] []
[2016-03-23 13:05:30] php.INFO: Using the UserManager as user provider is deprecated. Use FOS\UserBundle\Security\UserProvider instead. {"type":16384,"file":"/home/sergio/Desktop/RSU/vendor/friendsofsymfony/user-bundle/Model/UserManager.php","line":172,"level":28928} []
[2016-03-23 13:05:30] doctrine.DEBUG: SELECT t0.username AS username1, t0.username_canonical AS username_canonical2, t0.email AS email3, t0.email_canonical AS email_canonical4, t0.enabled AS enabled5, t0.salt AS salt6, t0.password AS password7, t0.last_login AS last_login8, t0.locked AS locked9, t0.expired AS expired10, t0.expires_at AS expires_at11, t0.confirmation_token AS confirmation_token12, t0.password_requested_at AS password_requested_at13, t0.roles AS roles14, t0.credentials_expired AS credentials_expired15, t0.credentials_expire_at AS credentials_expire_at16, t0.id AS id17, t0.name AS name18, t0.dn AS dn19 FROM user t0 WHERE t0.username_canonical = ? LIMIT 1 ["[email protected]"] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: ldap_search(dc=cm-funchal, dc=pt, (&(&(sAMAccountName=*))([email protected])), sAMAccountName,cn,mail) [] []
[2016-03-23 13:05:30] ldap_driver.DEBUG: Binding requires username in DN form [] []
[2016-03-23 13:05:30] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationServiceException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:94, FR3D\\LdapBundle\\Driver\\LdapDriverException(code: 0): An error occur with the search operation. at /home/sergio/Desktop/RSU/vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php:55)"} []
[2016-03-23 13:05:30] security.DEBUG: Authentication failure, redirect triggered. {"failure_path":"/login"} []
[2016-03-23 13:05:31] request.INFO: Matched route "fos_user_security_login". {"route_parameters":{"_controller":"FOS\\UserBundle\\Controller\\SecurityController::loginAction","_route":"fos_user_security_login"},"request_uri":"http://localhost:8000/login"} []
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-03-23 13:05:31] request.INFO: Matched route "_wdt". {"route_parameters":{"_controller":"web_profiler.controller.profiler:toolbarAction","token":"8a4680","_route":"_wdt"},"request_uri":"http://localhost:8000/_wdt/8a4680"} []
[2016-03-23 13:05:31] security.INFO: Populated the TokenStorage with an anonymous Token. [] []

0

Решение

Похоже, ваш LDAP не разрешает анонимный поиск, поэтому вы должны заполнить наборы настроек имени пользователя и пароля.

fr3d_ldap:
driver:
username: [email protected]
password: tetst
0

Другие решения

Исправлена ​​проблема, по умолчанию файл драйвера имеет cn = «XXX», моя среда не совпадает с именем samaaccount. Отредактировал файл драйвера и заменил cn на samaacount.

0

По вопросам рекламы [email protected]