0

私はlaravelでまったく新しいものであり、AD認証でさらに詳しくなっています。私はこれらのチュートリアルに従ってきましたが、アプリケーションを起動しようとしたときに解決策が見つからない次の問題に遭遇しました。

を設定しましたが' auto_connect '=> true、このエラーは、自分のページから任意の方向にアクセスしようとすると表示されます。bindまた、これら 2 つの機能とbindAsAdministratorベースがどのように機能し、どのアイテムをリンクしたいのか を説明していただければ、とても助かります。

BindException: ローカル エラー ブラウザー イメージ

私のテーブルにはusernameフィールドがあることに言及する価値があります。

私のconfig/adldap.php

 /*
|--------------------------------------------------------------------------
| Connections
|--------------------------------------------------------------------------
|
| This array stores the connections that are added to Adldap. You can add
| as many connections as you like.
|
| The key is the name of the connection you wish to use and the value is
| an array of configuration settings.
|
*/

'connections' => [

    'default' => [

        /*
        |--------------------------------------------------------------------------
        | Auto Connect
        |--------------------------------------------------------------------------
        |
        | If auto connect is true, anytime Adldap is instantiated it will automatically
        | connect to your AD server. If this is set to false, you must connect manually
        | using: Adldap::connect().
        |
        */

        'auto_connect' => true,

        /*
        |--------------------------------------------------------------------------
        | Connection
        |--------------------------------------------------------------------------
        |
        | The connection class to use to run operations on.
        |
        | You can also set this option to `null` to use the default connection class.
        |
        | Custom connection classes must implement \Adldap\Contracts\Connections\ConnectionInterface
        |
        */

        'connection' => Adldap\Connections\Ldap::class,

        /*
        |--------------------------------------------------------------------------
        | Schema
        |--------------------------------------------------------------------------
        |
        | The schema class to use for retrieving attributes and generating models.
        |
        | You can also set this option to `null` to use the default schema class.
        |
        | Custom schema classes must implement \Adldap\Contracts\Schemas\SchemaInterface
        |
        */

        'schema' => Adldap\Schemas\ActiveDirectory::class,

        /*
        |--------------------------------------------------------------------------
        | Connection Settings
        |--------------------------------------------------------------------------
        |
        | This connection settings array is directly passed into the Adldap constructor.
        |
        | Feel free to add or remove settings you don't need.
        |
        */

        'connection_settings' => [

            /*
            |--------------------------------------------------------------------------
            | Account Prefix
            |--------------------------------------------------------------------------
            |
            | The account prefix option is the prefix of your user accounts in AD.
            |
            | For example, if you'd prefer your users to use only their username instead
            | of specifying a domain ('ACME\jdoe'), enter your domain name.
            |
            */

            'account_prefix' => '',

            /*
            |--------------------------------------------------------------------------
            | Account Suffix
            |--------------------------------------------------------------------------
            |
            | The account suffix option is the suffix of your user accounts in AD.
            |
            | For example, if your domain DN is DC=corp,DC=acme,DC=org, then your
            | account suffix would be @corp.acme.org. This is then appended to
            | then end of your user accounts on authentication.
            |
            */

            'account_suffix' => '',

            /*
            |--------------------------------------------------------------------------
            | Domain Controllers
            |--------------------------------------------------------------------------
            |
            | The domain controllers option is an array of servers located on your
            | network that serve Active Directory. You can insert as many servers or
            | as little as you'd like depending on your forest (with the
            | minimum of one of course).
            |
            | These can be IP addresses of your server(s), or the host name.
            |
            */

            'domain_controllers' => ['190.168.124.147'],

            /*
            |--------------------------------------------------------------------------
            | Port
            |--------------------------------------------------------------------------
            |
            | The port option is used for authenticating and binding to your AD server.
            |
            */

            'port' => 80,

            /*
            |--------------------------------------------------------------------------
            | Timeout
            |--------------------------------------------------------------------------
            |
            | The timeout option allows you to configure the amount of time in
            | seconds that your application waits until a response
            | is received from your LDAP server.
            |
            */

            'timeout' => 5,

            /*
            |--------------------------------------------------------------------------
            | Base Distinguished Name
            |--------------------------------------------------------------------------
            |
            | The base distinguished name is the base distinguished name you'd like
            | to perform operations on. An example base DN would be DC=corp,DC=acme,DC=org.
            |
            | If one is not defined, then Adldap will try to find it automatically
            | by querying your server. It's recommended to include it to
            | limit queries executed per request.
            |
            */

            'base_dn' => '',

            /*
            |--------------------------------------------------------------------------
            | Administrator Account Suffix
            |--------------------------------------------------------------------------
            |
            | This option allows you to set a different account suffix for your
            | configured administrator account upon binding.
            |
            | If left empty, your `account_suffix` option will be used.
            |
            */

            'admin_account_suffix' => '',

            /*
            |--------------------------------------------------------------------------
            | Administrator Username & Password
            |--------------------------------------------------------------------------
            |
            | When connecting to your AD server, a username and password is required
            | to be able to query and run operations on your server(s). You can
            | use any user account that has these permissions. This account
            | does not need to be a domain administrator unless you
            | require changing and resetting user passwords.
            |
            */

            'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'foo\saaa'),
            'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'kaa@taa'),

            /*
            |--------------------------------------------------------------------------
            | Follow Referrals
            |--------------------------------------------------------------------------
            |
            | The follow referrals option is a boolean to tell active directory
            | to follow a referral to another server on your network if the
            | server queried knows the information your asking for exists,
            | but does not yet contain a copy of it locally.
            |
            | This option is defaulted to false.
            |
            */

            'follow_referrals' => false,

            /*
            |--------------------------------------------------------------------------
            | SSL & TLS
            |--------------------------------------------------------------------------
            |
            | If you need to be able to change user passwords on your server, then an
            | SSL or TLS connection is required. All other operations are allowed
            | on unsecured protocols. One of these options are definitely recommended
            | if you have the ability to connect to your server securely.
            |
            */

            'use_ssl' => false,
            'use_tls' => false,

問題のある私のAuth\Guard.php行:

 public function bind($username, $password, $prefix = null, $suffix = null)
{
    // We'll allow binding with a null username and password
    // if their empty. This will allow us to anonymously
    // bind to our servers if needed.
    $username = $username ?: null;
    $password = $password ?: null;

    if ($username) {
        // If the username isn't empty, we'll append the configured
        // account prefix and suffix to bind to the LDAP server.
        $prefix = is_null($prefix) ? $this->configuration->getAccountPrefix() : $prefix;
        $suffix = is_null($suffix) ? $this->configuration->getAccountSuffix() : $suffix;

        $username = $prefix.$username.$suffix;
    }

    // We'll mute any exceptions / warnings here. All we need to know
    // is if binding failed and we'll throw our own exception.
    if (!@$this->connection->bind($username, $password)) {
        throw new BindException($this->connection->getLastError(), $this->connection->errNo());
    }
}

私のconfig\auth.php

 /*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/

'defaults' => [
    'guard' => 'web',
    'passwords' => 'users',
],

/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session", "token"
|
*/

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],

    'api' => [
        'driver' => 'token',
        'provider' => 'users',
    ],
],

/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/

'providers' => [
    'users' => [
        'driver' => 'adldap',
        'model' => App\User::class,
    ],

    // 'users' => [
    //     'driver' => 'database',
    //     'table' => 'users',
    // ],
],

/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| Here you may set the options for resetting passwords including the view
| that is your password reset e-mail. You may also set the name of the
| table that maintains all of the reset tokens for your application.
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expire time is the number of minutes that the reset token should be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
*/

'passwords' => [
    'users' => [
        'provider' => 'users',
        'email' => 'auth.emails.password',
        'table' => 'password_resets',
        'expire' => 60,
    ],
],

私のUser.php

<?php

namespace App;

use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = [
        'name', 'email', 'password','username'
    ];

    /**
     * The attributes that should be hidden for arrays.
     *
     * @var array
     */
    protected $hidden = [
        'password', 'remember_token',
    ];
}

私のAuthController.php

namespace App\Http\Controllers\Auth;

use App\User;
use Validator;

use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Request;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ThrottlesLogins;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;

use Adldap\Contracts\AdldapInterface;

class AuthController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Registration & Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles the registration of new users, as well as the
    | authentication of existing users. By default, this controller uses
    | a simple trait to add these behaviors. Why don't you explore it?
    |
    */

    use AuthenticatesAndRegistersUsers, ThrottlesLogins;

    /**
     * Where to redirect users after login / registration.
     *
     * @var string
     */
    protected $redirectTo = '/tickets';

    /**
     * @var Adldap
     */
    protected $adldap;

    /**
     * Create a new authentication controller instance.
     *
     * @return void
     */
    public function __construct(AdldapInterface $adldap)
    {
        $this->middleware($this->guestMiddleware(), ['except' => 'logout']);
        $this->adldap = $adldap;
    }

    /**
     * Get a validator for an incoming registration request.
     *
     * @param  array  $data
     * @return \Illuminate\Contracts\Validation\Validator
     */
    protected function validator(array $data)
    {
        return Validator::make($data, [
            'name' => 'required|max:255',
            'email' => 'required|email|max:255|unique:users',
            'password' => 'required|min:6|confirmed',
        ]);
    }

    /**
     * Create a new user instance after a valid registration.
     *
     * @param  array  $data
     * @return User
     */
    protected function create(array $data)
    {
        return User::create([
            'name' => $data['name'],
            'email' => $data['email'],
            'password' => bcrypt($data['password']),
        ]);
    }

    /**
     * Handle a login request to the application.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Illuminate\Http\Response
     */
    public function login(Request $request)
    {
        if ($this->adldap->auth()->attempt($request->email, $request->password, TRUE )) {
            return 'entro';            


            // $this->validateLogin($request);

            // // If the class is using the ThrottlesLogins trait, we can automatically throttle
            // // the login attempts for this application. We'll key this by the username and
            // // the IP address of the client making these requests into this application.
            // $throttles = $this->isUsingThrottlesLoginsTrait();

            // if ($throttles && $lockedOut = $this->hasTooManyLoginAttempts($request)) {
            //     $this->fireLockoutEvent($request);

            //     return $this->sendLockoutResponse($request);
            // }

            // $credentials = $this->getCredentials($request);

            // if (Auth::guard($this->getGuard())->attempt($credentials, $request->has('remember'))) {
            //     return $this->handleUserWasAuthenticated($request, $throttles);
            // }

            // // If the login attempt was unsuccessful we will increment the number of attempts
            // // to login and redirect the user back to the login form. Of course, when this
            // // user surpasses their maximum number of attempts they will get locked out.
            // if ($throttles && ! $lockedOut) {
            //     $this->incrementLoginAttempts($request);
            // }

            // return $this->sendFailedLoginResponse($request);
        }
    }

}
4

1 に答える 1

1

最初に私の英語で申し訳ありません。私は解決策を見つけました。私のようにlaravel、Adldap2 / Adldap2、およびActive Directoryの世界に慣れていない同僚がいると確信しているので、答えを共有します:)。

重要なメッセージ エラー Adldap2 / Adldap2 の説明から始めます。

LDAP サーバーに接続できません:これは、ライブラリに提供する IP アドレス (おそらく AD サーバー) に到達できない場合に発生します。AD サーバーであるかどうかに関係なく、アクセス可能な IP を指定すると、このエラーは表示されなくなることを強調する必要があります。要するに、完全に間違った IP を持つ可能性があり、ライブラリはこれを明示的に示したり、以下で説明するエラーを表示したりしません。

BindException: ローカル エラー:多くのユーザーがこのエラーに遭遇する可能性は十分にありますが、ライブラリが提供する他のエラーとは異なり、明示的な説明がありません。このエラーは、前のエラーで説明した結果です。これは、ライブラリに到達可能な IP を与えたが、AD サーバーがないか、その上に構成されていない場合に発生します。私の特定のケースでは、AD サーバーが設定されていませんでした。

于 2016-10-23T22:09:59.923 に答える