diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
forked from https://github.com/symfony/symfony
This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
48,650 Commits 24 Branches 563 Tags 228 MiB
PHP 98.7%
Twig 1.1%
CSS 0.1%
09645a9103
Go to file
Fabien Potencier 09645a9103 feature #36600 [Security] Added LDAP support to Authenticator system (wouterj) 
This PR was merged into the 5.1-dev branch.

Discussion
----------

[Security] Added LDAP support to Authenticator system

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| Deprecations? | no
| Tickets       | -
| License       | MIT
| Doc PR        | -

The last missing authenticator in the new system 🎉

I have no experience with LDAP at all and I didn't succeed in setting up a server locally. So I can't test whether this works, but the unit test works (and also tested in a real app, while adding a `dd()` call in the listener).

---

I want to share with you the current state of Security LDAP, how this PR implements it and a possible other solution (which I think I would prefer most). Is there anyone who can share their opinions on this? (hopefully @weaverryan and @csarrazi can share their opinion, as they have most experience on this topic)

1. **Current Solution: An LDAP authentication provider + duplicated `SecurityFactory` classes**
   LDAP is done in one centralized authentication provider. This provider is configured by security factories for each core factory (e.g. `form_login` becomes `form_login_ldap`, `http_basic` becomes `http_basic_ldap`).
2. **Implementation in this PR: A listener is executed before the default `VerifyCredentialsListener`, to verify `PasswordCredentials`**
   This listener must be configured for each specific authenticator wanting to use LDAP. This is a technique similar to (1). It's a bit difficult to use this for your own authenticator (you need to configure a custom listener service) and still needs the duplicated factory classes
3. **Proposal: Introduce a `LdapCredentials` class and always register a listener**
   If an authentictor returns `LdapCredentials`, it'll be checked using the LDAP verification listener. This is the easiest for custom authenticators and would remove the duplicated factories, I can imagine `form_login` getting a new `ldap` sub option to configure the settings.

   The main disadvantage (I think) is that we would need to make `LdapCredentials` configure all options: ldap service, dnString, searchDn, searchPassword & queryString. Especially passing around the ldap service seems a bit weird. The main questions here are: Is it weird to pass all these things in the `LdapCredentials`? And, do we really need to support having multiple LDAP configuration sets for different authenticators? Or can we e.g. add a global `security.ldap` configuration, that registers the listener for all authenticators returning `LdapCredentials`?

Commits
-------

20962e604a [Security] Added LDAP support to Authenticator system
2020-05-03 19:24:55 +02:00
.github Add support of PHP8 static return type for withers 2020-04-30 22:10:08 +02:00
src/Symfony feature #36600 [Security] Added LDAP support to Authenticator system (wouterj) 2020-05-03 19:24:55 +02:00
.appveyor.yml Merge branch '5.0' 2020-04-12 11:49:11 +02:00
.editorconfig Update .editorconfig 2018-09-06 16:22:56 +02:00
.gitignore Run the phpunit-bridge from a PR 2019-08-02 17:46:19 +02:00
.php_cs.dist Merge branch '4.4' 2019-11-05 18:15:52 +01:00
.travis.yml Improve SQS interoperability 2020-04-23 11:05:32 +02:00
CHANGELOG-4.0.md Merge branch '3.4' into 4.1 2018-08-01 18:22:14 +02:00
CHANGELOG-4.1.md updated CHANGELOG for 4.1.10 2019-01-06 17:16:07 +01:00
CHANGELOG-4.2.md updated CHANGELOG for 4.2.10 2019-06-26 16:19:37 +02:00
CHANGELOG-4.3.md updated CHANGELOG for 4.3.10 2020-01-21 14:13:32 +01:00
CHANGELOG-4.4.md updated CHANGELOG for 4.4.7 2020-03-30 16:59:08 +02:00
CHANGELOG-5.0.md Merge branch '5.0' 2020-04-01 08:33:39 +02:00
CODE_OF_CONDUCT.md Added the Code of Conduct file 2018-10-10 03:13:30 -07:00
composer.json [AmazonSqsMessenger] Use AsyncAws to handle SQS communication 2020-05-03 18:22:01 +02:00
CONTRIBUTING.md Mention the community review guide 2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md update CONTRIBUTORS for 3.4.40 2020-04-28 19:41:24 +02:00
LICENSE Update year in license files 2020-01-01 12:03:25 +01:00
link Add new packages on the link script 2020-03-04 17:45:35 +01:00
phpunit Revert "[travis][appveyor] don't cache .phpunit" 2020-04-12 11:36:17 +02:00
phpunit.xml.dist [Uid] minor improvements 2020-03-20 20:42:05 +01:00
README.md Improve Symfony description 2019-11-24 19:17:45 +01:00
UPGRADE-5.0.md Remove UPGRADE files for 4.x 2020-04-12 15:08:12 +02:00
UPGRADE-5.1.md bug #36578 [Form] deprecate not using a rounding mode (xabbuh) 2020-05-03 16:35:45 +02:00
UPGRADE-6.0.md bug #36578 [Form] deprecate not using a rounding mode (xabbuh) 2020-05-03 16:35:45 +02:00

README.md

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Documentation

Community

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.