0

私はSymfonyでアプリを持っています。ユーザーは Oauth で FOS を使用してログインします。ここで、Active Directory を使用してログインするオプションを追加する必要があります。だから私はこのバンドルをインストールしました:https://github.com/Maks3w/FR3DLdapBundleしかし、それでも動作するように構成できません。私の設定とセキュリティファイルを投稿しています。何を変更すればよいですか?

security.yml

security:

  erase_credentials: false

  encoders:
    FOS\UserBundle\Model\UserInterface: sha512
    #FOS\UserBundle\Model\UserInterface: plaintext
    FR3D\LdapBundle\User\LdapUser: plaintext
  providers:
    chain_provider:
      chain:
        providers: [fos_userbundle, fr3d_ldapbundle]
    fr3d_ldapbundle:
      id: fr3d_ldap.security.user.provider
    fos_userbundle:
      id: fos_user.user_provider.username_email

  role_hierarchy:
    ROLE_USER: ~
    ROLE_ADMIN: [ROLE_USER]
    ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  firewalls:
    dev:
      pattern: ^/(_(profiler|wdt)|css|images|js)/
      security: false

    doc:
      pattern: ^/api/doc/$
      security: false

    oauth_token:
      pattern:  ^/oauth/v2/token
      security:   false

    passwords:
      pattern: ^/api/password
      security: false

    # Poniżej są metory autoryzacji.
    oauth_authorize:
      pattern:   ^/site|^/fos|^/api
      fr3d_ldap: ~
      fos_oauth: true
      form_login:
        provider: fos_userbundle
        check_path: /fos/login_check
        login_path: /fos/login
      logout:
        path:   /fos/logout
        target: /
      anonymous: true

  access_control:
    - { path: ^/oauth/v2/auth_login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/api/users/[0-9]+/(avatar|wallpaper), roles: [ IS_AUTHENTICATED_FULLY ] }
    - { path: ^/api/users, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api/groups, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api/menus, roles: [ ROLE_ADMIN ], methods: [POST, PUT] }
    - { path: ^/api, roles: [ IS_AUTHENTICATED_FULLY ] }
    - { path: ^/ /, roles: IS_AUTHENTICATED_ANONYMOUSLY }

config.yml

imports:
  - { resource: parameters.yml }
  - { resource: security.yml }
  - { resource: doctrine_extensions.yml }
  - { resource: services.yml }

framework:
  #esi:       ~
  #translator:    { fallback: "%locale%" }
  secret:      "%secret%"
  router:
    resource: "%kernel.root_dir%/config/routing.yml"
    strict_requirements: ~
  form:      ~
  csrf_protection: ~
  validation:    { enable_annotations: true }
  templating:
    engines: ['twig']
    #assets_version: SomeVersionScheme
  default_locale:  "%locale%"
  trusted_hosts:   ~
  trusted_proxies: ~
  session:
    # handler_id set to null will use default session handler from php.ini
    handler_id:  ~
  fragments:     ~
  http_method_override: true

# Twig Configuration
twig:
  debug:      "%kernel.debug%"
  strict_variables: "%kernel.debug%"

# Assetic Configuration
assetic:
  debug:      "%kernel.debug%"
  use_controller: false
  bundles:    [ ]
  #java: /usr/bin/java
  filters:
    cssrewrite: ~
    #closure:
    #  jar: "%kernel.root_dir%/Resources/java/compiler.jar"
    #yui_css:
    #  jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"

# Doctrine Configuration
doctrine:
  dbal:
    default_connection: default
    connections:
      default:
        driver:   "%database_driver%"
        host:   "%database_host%"
        port:   "%database_port%"
        dbname:   "%database_name%"
        user:   "%database_user%"
        password: "%database_password%"
        charset:  UTF8
      axp:
        driver_class:   Realestate\MssqlBundle\Driver\PDODblib\Driver
#driver:   "%database_driver2%"
        host:   "%database_host2%"
        #server:   "%database_host2%"
        #port:   "%database_port2%"
        #dbname:   "%database_name2%"
        user:   "%database_user2%"
        password: "%database_password2%"
        #charset:  UTF8

  orm:
    default_entity_manager: default
    entity_managers:
      default:
        connection: default
        auto_mapping: true
      axp:
        connection: axp
        mappings:
          XtrdAxpPeopleBundle: ~

    auto_generate_proxy_classes: "%kernel.debug%"


# Swiftmailer Configuration
swiftmailer:
  transport: "%mailer_transport%"
  host:    "%mailer_host%"
  username:  "%mailer_user%"
  password:  "%mailer_password%"
  spool:   { type: memory }


fos_rest:
  serializer:
    serialize_null: true
  routing_loader:
    default_format: json
  param_fetcher_listener: true
  body_converter:
    enabled: true
    validate: true
  body_listener:
    array_normalizer: fos_rest.normalizer.camel_keys
    decoders:
      json: fos_rest.decoder.jsontoform
  format_listener:
    rules:
       - { path: ^/api, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
       - { path: ^/axp, priorities: [ html, json, xml ], fallback_format: html, prefer_extension: true }
       - { path: ^/, priorities: [ html ], fallback_format: html, prefer_extension: false }
  view:
    serialize_null: true
    view_response_listener: force
    failed_validation: HTTP_UNPROCESSABLE_ENTITY
    formats:
      json: true
      xml: true


nelmio_cors:
  defaults:
    allow_credentials: false
    allow_origin: [ 'http://localhost:4200' ]
    allow_headers: []
    allow_methods: []
    expose_headers: []
    max_age: 0
    hosts: []
  paths:
    '^/':
      origin_regex: true
      allow_origin: ['^http://localhost:[0-9]+', '^http://.*.Xtrd.com', '^http://localhost:8000+']
      allow_headers: ['*']
      allow_methods: ['POST', 'PUT', 'GET', 'DELETE', 'OPTIONS']
      max_age: 3600

fos_oauth_server:
  db_driver: orm
  client_class: Xtrd\IntranetApiBundle\Entity\Client
  access_token_class: Xtrd\IntranetApiBundle\Entity\AccessToken
  refresh_token_class: Xtrd\IntranetApiBundle\Entity\RefreshToken
  auth_code_class: Xtrd\IntranetApiBundle\Entity\AuthCode
  service:
    user_provider: fos_user.user_manager
    #user_provider: fr3d_ldap.security.user.provider

fos_user:
  db_driver: orm
  firewall_name: oauth_authorize
  user_class: Xtrd\IntranetApiBundle\Entity\User
  group:
    group_class: Xtrd\IntranetApiBundle\Entity\Group


parameters:
  jms_serializer.camel_case_naming_strategy.class: JMS\Serializer\Naming\IdenticalPropertyNamingStrategy

jms_serializer:
  handlers:
    datetime:
      default_format: "c" # ISO8601
      default_timezone: "UTC" # defaults to whatever timezone set in php.ini or via date_default_timezone_set

  property_naming:
    separator:
    lower_case: false

  metadata:
    cache: file
    debug: "%kernel.debug%"
    file_cache:
      dir: "%kernel.cache_dir%/serializer"
    auto_detection: true
    directories:
      FOSUserBundle:
        namespace_prefix: "FOS\\UserBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer/fos"
      XtrdExchangeWebServicesBundle:
        namespace_prefix: "Xtrd\\ExchangeWebServicesBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer/ews"
      XtrdIntranetApiBundle:
        namespace_prefix: "Xtrd\\IntranetApiBundle"
        path: "@XtrdIntranetApiBundle/Resources/config/serializer"

  visitors:
    json:
      options: 128 # json_encode options bitmask

fr3d_ldap:
  driver:
    host: xtrd.com
    #port: 389 # Optional
    #username:   # Optional
    #password: # Optional
#    bindRequiresDn: true
    #baseDn: DC=Xtrd,DC=com
#    accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
    #accountFilterFormat: (&(samaccountname=%s))
#     optReferrals:    false  # Optional
    #useSsl: false # Enable SSL negotiation. Optional
#     useStartTls:     true   # Enable TLS negotiation. Optional
#     accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
    #accountDomainName: 
    #accountDomainNameShort:  # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
  user:
    baseDn: dc=xtrd,dc=com
    filter: (&(objectClass=Person))
    # filter: (&(objectClass=user))
    attributes:
     - { ldap_attr: samaccountname, user_method: setUsername }
#      - { ldap_attr: userprincipalname, user_method: setUsername }
    # - { ldap_attr: mail, user_method: setEmail }
    # - { ldap_attr: givenname, user_method: setFirstName }
    # - { ldap_attr: sn, user_method: setLastName }
    # - { ldap_attr: description, user_method: setDescription }
    # - { ldap_attr: password, user_method: setPassword }
  #service:
    #user_manager: fos_user.user_manager      # Overrides default user manager
    #ldap_manager: fr3d_ldap.ldap_manager.default # Overrides default ldap manager
4

1 に答える 1

1

私の Symfony AD Integration の投稿をご覧になりましたか?

https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/

REST API を使用しているようですので、私の設定とは少し異なるかもしれません。私が提案するのは、新しい Symphony プロジェクトを作成し、最初に LDAP 認証を機能させ、次に AD 認証を機能させることです。

ところで、これを機能させるには多くの時間を費やさなければならなかったので、ブログの投稿が役に立てば幸いです。

于 2016-07-13T15:52:43.490 に答える