- Laravel Version: 7.1.3
- Adldap2-Laravel Version: v6.0.9
- PHP Version: 7.4.3
- LDAP Type: OpenLDAP
Description:
When trying to authenticate users using the NoDatabaseUserProvider the package is not binding to the LDAP server but only trying to search for the specific record:
[2020年03月14日 15:47:42] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Search - Base DN: dc=domain,dc=com - Filter: (&(objectclass=inetorgperson)(objectclass=person)(uid=testuser)) - Selected: (*,entryuuid) - Time Elapsed: 0.55
However if I use the facade or inject the AdldapInterface the package seems to work just fine. The difference that I noticed is that the facade and the injected interface, when calling the search() method using the magic __call method on the Adldap instance, is trying to connect if the connection is not bound:
/**
* {@inheritdoc}
*/
public function __call($method, $parameters)
{
$provider = $this->getDefaultProvider();
if (!$provider->getConnection()->isBound()) {
// We'll make sure we have a bound connection before
// allowing dynamic calls on the default provider.
$provider->connect();
}
return call_user_func_array([$provider, $method], $parameters);
}
So right now if I try to search for a user, I see also on the log that the connection is bound before searching:
[2020年03月14日 17:52:18] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Binding - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 17:52:18] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Bound - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 17:52:18] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Search - Base DN: dc=domain,dc=com - Filter: (&(objectclass=inetorgperson)(objectclass=person)(uid=testuser)) - Selected: (*) - Time Elapsed: 0.32
But this is not the case with the UserResolver query method. Basically is just calling to get the provider, and executing the call without trying to establish the connection to the LDAP before checking if the user exists on the LDAP server, and then to authenticate with it. So after I did the change from the PR, I got in log:
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Binding - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Bound - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Search - Base DN: dc=domain,dc=com - Filter: (&(objectclass=inetorgperson)(objectclass=person)(uid=testuser)) - Selected: (*,entryuuid) - Time Elapsed: 0.28
[2020年03月14日 15:49:09] local.INFO: User 'Test User has been successfully found for authentication.
[2020年03月14日 15:49:09] local.INFO: User 'Test User'' is authenticating with username: 'uid=testuser,ou=People,dc=domain,dc=com'
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Attempting - Username: uid=testuser,ou=People,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Binding - Username: uid=testuser,ou=People,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Bound - Username: uid=testuser,ou=People,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Passed - Username: uid=testuser,ou=People,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Binding - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Bound - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: User 'Test User' has successfully passed LDAP authentication.
[2020年03月14日 15:49:09] local.INFO: User 'Test User' has been successfully logged in.
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Binding - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Bound - Username: cn=admin,dc=domain,dc=com
[2020年03月14日 15:49:09] local.INFO: LDAP (ldap://openldap:389) - Connection: default - Operation: Search - Base DN: dc=domain,dc=com - Filter: (&(objectclass=inetorgperson)(objectclass=person)(entryuuid=1e32ea48-fa48-1039-9595-2b51f8d2ca00)) - Selected: (*,entryuuid) - Time Elapsed: 0.43
So, am I missing something here in the configuration, or this is the way to go?
Description:
When trying to authenticate users using the
NoDatabaseUserProviderthe package is not binding to the LDAP server but only trying to search for the specific record:However if I use the facade or inject the
AdldapInterfacethe package seems to work just fine. The difference that I noticed is that the facade and the injected interface, when calling thesearch()method using the magic__callmethod on theAdldapinstance, is trying to connect if the connection is not bound:So right now if I try to search for a user, I see also on the log that the connection is bound before searching:
But this is not the case with the
UserResolverquerymethod. Basically is just calling to get the provider, and executing the call without trying to establish the connection to the LDAP before checking if the user exists on the LDAP server, and then to authenticate with it. So after I did the change from the PR, I got in log:So, am I missing something here in the configuration, or this is the way to go?