fschwaiger / laravel-ldap by fschwaiger

Simple LDAP integration for Laravel 5. Comes with file based ACL.
54
1
1
Package Data
Maintainer Username: fschwaiger
Maintainer Contact: fschwaiger@gmail.com (Florian Schwaiger)
Package Create Date: 2016-12-22
Package Last Update: 2017-03-07
Language: PHP
License: MIT
Last Refreshed: 2019-11-10 15:42:33
Package Statistics
Total Downloads: 54
Monthly Downloads: 4
Daily Downloads: 0
Total Stars: 1
Total Watchers: 1
Total Forks: 0
Total Open Issues: 0

Simple LDAP Integration for Laravel 5

This module provides a simple user provider for Laravel's auth system that connects to an LDAP server, imports users and groups and then maps the group identifiers to privilege roles in a config file.

This extension is originally written for use in a couple of webservices for Fachschaft Maschinenbau e.V., but is generic enough to be used in a variety of other projects as well. My focus here is to really keep the logic as simple as possible, this is why I stripped all unnecessary properties and methods.

Installation

First, import the package into your laravel project via composer:

composer require fschwaiger/laravel-ldap

Second, copy and paste this line to add its service provider to config/app.php:

Fschwaiger\Ldap\LdapServiceProvider::class,

Last, publish the config files and migrations to your project with php artisan vendor:publish. This will create the following files:

config/ldap.php
config/privileges.php
database/migrations/2016_12_17_000000_extend_users_table.php
database/migrations/2016_12_17_100000_create_groups_table.php
database/migrations/2016_12_17_200000_create_group_user_table.php

Integration

To tell Laravel to use this module for providing users, go to config/auth.php and replace the user provider driver eloquent for ldap:

'providers' => [
    'users' => [
        'driver' => 'ldap',
        'model' => App\User::class,
    ],
],

Your App\User class should then inherit from Fschwaiger\Ldap\User. The same goes for your group model, should you choose to extend it. It is up to you to add the Notifiable trait.

namespace App;

use Fschwaiger\Ldap\User as LdapUser;

class User extends LdapUser;
{
    ...
}

To connect to your directory server, edit the file config/ldap.php to match your setup. Simply follow the instructions present in the config file.

Finally, edit your .env file to include:

LDAP_USERNAME=binduser
LDAP_PASSWORD=bindpass

If you did not modify the default migration for the users table, migration should work out of the box. Else make sure you review the migration changes first.

php artisan migrate

Once the setup is complete, the following command should import all your user groups.

php artisan ldap:import-groups

Importing Users and Groups

With above setup, login should now use the LDAP server instead of the local database to authenticate users. This imports unknown users on their first successful login on-the-fly. Note that importing users does NOT import groups automatically! This means that you need to run ldap:import-users every time your groups change.

Option A: Import manually after changes with php artisan ldap:import-groups. This is good enough for mostly static directory structures. If your groups change more often, check out Option B.

Option B: Schedule the import in app/Console/Kernel.php:

/**
 * Define the application's command schedule.
 *
 * @param  \Illuminate\Console\Scheduling\Schedule  $schedule
 * @return void
 */
protected function schedule(Schedule $schedule)
{
    $schedule->command('ldap:import-groups')->daily();
}

Authorize Actions with Group Privileges

The privileges you define in config/privileges.php are automatically mapped to the authorization gate, so that you can check for them in all parts of your application.

In code:

Gate::authorize('privilege')
// or
$allowed = $user->can('privilege')

Using middleware:

$this->middleware('can:privilege')
// or
Route::get('action', ['middleware' => 'can:privilege', 'uses' => 'MyController@action'])

In Blade files:

@can('privilege')
    ...
@endcan