In many companies a LDAP server is the source from where information about user authentication is taken. I will install OpenLDAP and configure my applications to use it.
1. Install OpenLDAP and phpLDAPadmin
For installing OpenLDAP and phpLDAPadmin I followed this tutorials from DigitalOcean:
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-openldap-and-phpldapadmin-on-an-ubuntu-14-04-server
You will need to edit also the ldap.conf file, see this thread on StackOverflow
Also you may get an error when trying to login with phpLDAPadmin "Notice: Undefined variable: _SESSION in ..".
For me this solution from StackOverflow solved the problem:
"Just add the user wich is running Apache2 (or php5-fpm!) to the system group "www-data" (debian) and restart services apache AND if used php5-fpm both.
Get the User apache is running as:
~# sed -rn 's/^User (.+)/\1/p' /etc/apache2/apache2.conf"
Using phpLDAPadmin I've created two groups "admin" and "regular_users" and also I've created some users allocated to these two groups.
2. Modify SimpleLDAPphp to use OpenLDAP
The documentation for using LDAP authentication is found here: https://simplesamlphp.org/docs/stable/ldap:ldap
My settings are:
Select LDAP authentication to be used from /metadata/saml20-idp-hosted.php
/*
*Authentication source to use. Must be one that is configured in
* 'config/authsources.php'.
*/
'auth' => 'example-ldap',
3. Modify Symfony app
In the current Symfony application I am expecting an attribute roles containing an array of roles. From LDAP I will receive different attributes, one of them is gidNumber, which is a number identifying a group. My current groups: admin and regular_users have gidNumber 500 and 501.I will be using these gidNumbers to correctly create roles in the Symfony application.
The changes to be made are done in the UserCreator class:
Of course you need to change these mappings to fit your situation.
No comments:
Post a Comment