[Ldap] Add users extra_fields in ldap component
This commit is contained in:
parent
63d730920b
commit
bcfff04797
@ -36,6 +36,7 @@ class LdapFactory implements UserProviderFactoryInterface
|
|||||||
->replaceArgument(5, $config['uid_key'])
|
->replaceArgument(5, $config['uid_key'])
|
||||||
->replaceArgument(6, $config['filter'])
|
->replaceArgument(6, $config['filter'])
|
||||||
->replaceArgument(7, $config['password_attribute'])
|
->replaceArgument(7, $config['password_attribute'])
|
||||||
|
->replaceArgument(8, $config['extra_fields'])
|
||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -52,6 +53,9 @@ class LdapFactory implements UserProviderFactoryInterface
|
|||||||
->scalarNode('base_dn')->isRequired()->cannotBeEmpty()->end()
|
->scalarNode('base_dn')->isRequired()->cannotBeEmpty()->end()
|
||||||
->scalarNode('search_dn')->end()
|
->scalarNode('search_dn')->end()
|
||||||
->scalarNode('search_password')->end()
|
->scalarNode('search_password')->end()
|
||||||
|
->arrayNode('extra_fields')
|
||||||
|
->prototype('scalar')->end()
|
||||||
|
->end()
|
||||||
->arrayNode('default_roles')
|
->arrayNode('default_roles')
|
||||||
->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
|
->beforeNormalization()->ifString()->then(function ($v) { return preg_split('/\s*,\s*/', $v); })->end()
|
||||||
->requiresAtLeastOneElement()
|
->requiresAtLeastOneElement()
|
||||||
|
@ -184,6 +184,7 @@
|
|||||||
<argument /> <!-- uid key -->
|
<argument /> <!-- uid key -->
|
||||||
<argument /> <!-- filter -->
|
<argument /> <!-- filter -->
|
||||||
<argument /> <!-- password_attribute -->
|
<argument /> <!-- password_attribute -->
|
||||||
|
<argument /> <!-- extra_fields (email etc) -->
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
<service id="security.user.provider.chain" class="Symfony\Component\Security\Core\User\ChainUserProvider" abstract="true" />
|
<service id="security.user.provider.chain" class="Symfony\Component\Security\Core\User\ChainUserProvider" abstract="true" />
|
||||||
|
@ -21,6 +21,7 @@ security:
|
|||||||
search_password: ''
|
search_password: ''
|
||||||
default_roles: ROLE_USER
|
default_roles: ROLE_USER
|
||||||
uid_key: uid
|
uid_key: uid
|
||||||
|
extra_fields: ['email']
|
||||||
|
|
||||||
firewalls:
|
firewalls:
|
||||||
main:
|
main:
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
CHANGELOG
|
CHANGELOG
|
||||||
=========
|
=========
|
||||||
|
|
||||||
|
4.4.0
|
||||||
|
-----
|
||||||
|
|
||||||
|
* Added the "extra_fields" option, an array of custom fields to pull from the LDAP server
|
||||||
|
|
||||||
4.3.0
|
4.3.0
|
||||||
-----
|
-----
|
||||||
|
|
||||||
|
@ -334,6 +334,7 @@ class LdapUserProviderTest extends TestCase
|
|||||||
->will($this->returnValue(new Entry('foo', [
|
->will($this->returnValue(new Entry('foo', [
|
||||||
'sAMAccountName' => ['foo'],
|
'sAMAccountName' => ['foo'],
|
||||||
'userpassword' => ['bar'],
|
'userpassword' => ['bar'],
|
||||||
|
'email' => ['elsa@symfony.com'],
|
||||||
]
|
]
|
||||||
)))
|
)))
|
||||||
;
|
;
|
||||||
@ -353,7 +354,7 @@ class LdapUserProviderTest extends TestCase
|
|||||||
->will($this->returnValue($query))
|
->will($this->returnValue($query))
|
||||||
;
|
;
|
||||||
|
|
||||||
$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword');
|
$provider = new LdapUserProvider($ldap, 'ou=MyBusiness,dc=symfony,dc=com', null, null, [], 'sAMAccountName', '({uid_key}={username})', 'userpassword', ['email']);
|
||||||
$this->assertInstanceOf(
|
$this->assertInstanceOf(
|
||||||
'Symfony\Component\Security\Core\User\User',
|
'Symfony\Component\Security\Core\User\User',
|
||||||
$provider->loadUserByUsername('foo')
|
$provider->loadUserByUsername('foo')
|
||||||
|
@ -34,8 +34,9 @@ class LdapUserProvider implements UserProviderInterface
|
|||||||
private $uidKey;
|
private $uidKey;
|
||||||
private $defaultSearch;
|
private $defaultSearch;
|
||||||
private $passwordAttribute;
|
private $passwordAttribute;
|
||||||
|
private $extraFields;
|
||||||
|
|
||||||
public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null)
|
public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = [])
|
||||||
{
|
{
|
||||||
if (null === $uidKey) {
|
if (null === $uidKey) {
|
||||||
$uidKey = 'sAMAccountName';
|
$uidKey = 'sAMAccountName';
|
||||||
@ -53,6 +54,7 @@ class LdapUserProvider implements UserProviderInterface
|
|||||||
$this->uidKey = $uidKey;
|
$this->uidKey = $uidKey;
|
||||||
$this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
|
$this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
|
||||||
$this->passwordAttribute = $passwordAttribute;
|
$this->passwordAttribute = $passwordAttribute;
|
||||||
|
$this->extraFields = $extraFields;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -123,12 +125,17 @@ class LdapUserProvider implements UserProviderInterface
|
|||||||
protected function loadUser($username, Entry $entry)
|
protected function loadUser($username, Entry $entry)
|
||||||
{
|
{
|
||||||
$password = null;
|
$password = null;
|
||||||
|
$extraFields = [];
|
||||||
|
|
||||||
if (null !== $this->passwordAttribute) {
|
if (null !== $this->passwordAttribute) {
|
||||||
$password = $this->getAttributeValue($entry, $this->passwordAttribute);
|
$password = $this->getAttributeValue($entry, $this->passwordAttribute);
|
||||||
}
|
}
|
||||||
|
|
||||||
return new User($username, $password, $this->defaultRoles);
|
foreach ($this->extraFields as $field) {
|
||||||
|
$extraFields[$field] = $this->getAttributeValue($entry, $field);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new User($username, $password, $this->defaultRoles, true, true, true, true, $extraFields);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -27,8 +27,9 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
|
|||||||
private $credentialsNonExpired;
|
private $credentialsNonExpired;
|
||||||
private $accountNonLocked;
|
private $accountNonLocked;
|
||||||
private $roles;
|
private $roles;
|
||||||
|
private $extraFields;
|
||||||
|
|
||||||
public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true)
|
public function __construct(?string $username, ?string $password, array $roles = [], bool $enabled = true, bool $userNonExpired = true, bool $credentialsNonExpired = true, bool $userNonLocked = true, array $extraFields = [])
|
||||||
{
|
{
|
||||||
if ('' === $username || null === $username) {
|
if ('' === $username || null === $username) {
|
||||||
throw new \InvalidArgumentException('The username cannot be empty.');
|
throw new \InvalidArgumentException('The username cannot be empty.');
|
||||||
@ -41,6 +42,7 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
|
|||||||
$this->credentialsNonExpired = $credentialsNonExpired;
|
$this->credentialsNonExpired = $credentialsNonExpired;
|
||||||
$this->accountNonLocked = $userNonLocked;
|
$this->accountNonLocked = $userNonLocked;
|
||||||
$this->roles = $roles;
|
$this->roles = $roles;
|
||||||
|
$this->extraFields = $extraFields;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function __toString()
|
public function __toString()
|
||||||
@ -118,6 +120,11 @@ final class User implements UserInterface, EquatableInterface, AdvancedUserInter
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getExtraFields()
|
||||||
|
{
|
||||||
|
return $this->extraFields;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
|
Reference in New Issue
Block a user