Issues with retrieving results

[cisvpn-sai]

Does this class work with Laravel 5.3? I noticed the main difference is that AuthController got deprecated. But everything else seems the same. I am relatively new to Laravel and LDAP in general. I followed the instructions and things seem to not pass the login. It doesn't even hit the LDAP server. The login just seems to refresh when I submit. Is there something wrong with my code? I removed the comments for ease of reading. The XXXXXX's would contain my information.

# Auth.php

<?php

return [

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',
    ],

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'token',
            'provider' => 'users',
        ],
    ],

    'providers' => [
        'users' => [
            'driver' => 'adldap',//'eloquent',
            'model' => App\User::class,
        ],

        // 'users' => [
        //     'driver' => 'database',
        //     'table' => 'users',
        // ],
    ],

    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,
        ],
    ],

];

# adldap.php

<?php

return [

    'connections' => [

        'default' => [

            'auto_connect' => true,

            'connection' => Adldap\Connections\Ldap::class,

            'schema' => Adldap\Schemas\ActiveDirectory::class,

            'connection_settings' => [

                'account_prefix' => '',

                'account_suffix' => '@xxxxxxxxx.com',

                'domain_controllers' => ['xxxxxxxxxx','xxxxxxxxxxx'],

                'port' => 389,

                'timeout' => 5,

                'base_dn' => 'OU=XXX,OU=XXX,DC=xxx,DC=xxxxxx',

                'admin_account_suffix' => '@xxxxxx.com',

                'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'xxxxx'),

                'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'xxxxx'),

                'follow_referrals' => false,

                'use_ssl' => false,

                'use_tls' => false,

            ],

        ],

    ],

];

# adldap_auth.php

<?php

return [


    'connection' => env('ADLDAP_CONNECTION', 'default'),

    'username_attribute' => ['username' => 'samaccountname'],

    'limitation_filter' => env('ADLDAP_LIMITATION_FILTER', ''),

    'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),

    'password_key' => env('ADLDAP_PASSWORD_KEY', 'password'),

    'password_sync' => env('ADLDAP_PASSWORD_SYNC', true),

    'login_attribute' => env('ADLDAP_LOGIN_ATTRIBUTE', 'samaccountname'),

    'windows_auth_attribute' => ['samaccountname' => 'AUTH_USER'],

    'bind_user_to_model' => env('ADLDAP_BIND_USER_TO_MODEL', false),

    'sync_attributes' => [

        'name' => 'cn',

    ],

    'select_attributes' => [

    ],

];

[stevebauman]

Hi @cisvpn-sai, apologies for the late response.

There are no issues using Adldap2 with Laravel 5.3. Your configuration looks fine, but are you sure it's not hitting your LDAP server? There's a possibility that your account suffix or your base DN might be incorrect and it's just failing binding to your LDAP server.

Can you post your login view?

[cisvpn-sai]

Hi Steve, Thank you for the reply. Thank you for confirming that things should work with Laravel 5.3. I was able to get the login page to finally give a response. I skipped the AuthController portion of your guide because it didn't exist. I found this article: https://laracasts.com/discuss/channels/general-discussion/login-by-username-in-laravel-53 that said to override username in the LoginController.php itself. After I did that my form now sends back error messages. I still can't login with my valid credentials though.

Login.blade.php

@extends('layouts.app')

@section('content')

<div class="container">
    <div class="row">
        <div class="col-md-8 col-md-offset-2">
            <div class="panel panel-default">
                <div class="panel-heading">Login</div>
                <div class="panel-body">
                    <form class="form-horizontal" role="form" method="POST" action="{{ url('/login') }}">
                        {{ csrf_field() }}

                        <div class="form-group{{ $errors->has('username') ? ' has-error' : '' }}">
                            <label for="username" class="col-md-4 control-label">Username</label>

                            <div class="col-md-6">
                                <input id="username" type="text" class="form-control" name="username" value="{{ old('username') }}" required autofocus>

                                @if ($errors->has('username'))
                                    <span class="help-block">
<?php
var_dump($errors);
?>
                                        <strong>{{ $errors->first('username') }}</strong>
                                    </span>
                                @endif
                            </div>
                        </div>

                        <div class="form-group{{ $errors->has('password') ? ' has-error' : '' }}">
                            <label for="password" class="col-md-4 control-label">Password</label>

                            <div class="col-md-6">
                                <input id="password" type="password" class="form-control" name="password" required>

                                @if ($errors->has('password'))
                                    <span class="help-block">
                                        <strong>{{ $errors->first('password') }}</strong>
                                    </span>
                                @endif
                            </div>
                        </div>

                        <div class="form-group">
                            <div class="col-md-6 col-md-offset-4">
                                <div class="checkbox">
                                    <label>
                                        <input type="checkbox" name="remember"> Remember Me
                                    </label>
                                </div>
                            </div>
                        </div>

                        <div class="form-group">
                            <div class="col-md-8 col-md-offset-4">
                                <button type="submit" class="btn btn-primary">
                                    Login
                                </button>

                                <a class="btn btn-link" href="{{ url('/password/reset') }}">
                                    Forgot Your Password?
                                </a>
                            </div>
                        </div>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
@endsection

LoginController.php

<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;

class LoginController extends Controller
{
    /*
    |--------------------------------------------------------------------------
    | Login Controller
    |--------------------------------------------------------------------------
    |
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.
    |
    */

    use AuthenticatesUsers;

    /**
     * Where to redirect users after login.
     *
     * @var string
     */
    protected $redirectTo = '/home';

    /**
     * Username value
     *
     * @var string
     */
    protected $username = 'username';

    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        $this->middleware('guest', ['except' => 'logout']);
    }

    /**
     * Override the username method used to validate login
     *
     * @return string
     */
    public function username()
    {
        return 'username';
    }
}

[stevebauman]

Are you sure the user you're authenticating with exists inside the OU you're specifying in your base_dn?

OU=XXX,OU=XXX,DC=xxx,DC=xxxxxx

You can also try importing your user to see if this is the case by running the command:

php artisan adldap:import jdoe

Remember, you're base DN is used for performing searches upon, so when a user is queried, it will be searching inside the OU you specify in the base_dn option in your adldap,php config file.

[cisvpn-sai]

Hi @stevebauman I ran the artisan adldap:import myusername call and it came back with a ModelNotFoundException. But the IT person showed me that my username is in the BASE_DN OU specified. He even showed me previous ldap projects with same settings that work. Could there another reason why I am getting an Exception back from the call?

[stevebauman]

Are you using ActiveDirectory or OpenLDAP?

[cisvpn-sai]

ActiveDirectory

[stevebauman]

This sounds like it could be a server side issue since it's just not finding a user (indicated by the ModelNotFoundException), but it's connecting fine.

In your routes/web.php file, at the top, can you insert:

$users = \Adldap\Laravel\Facades\Adldap::search()->users()->get();

dd($users);

And see what is returned when you visit your dev site?

[cisvpn-sai]

Yes, I got this:

Collection {#138 ▼
#items: []
}

[stevebauman]

Oh hmm, no results at all. Can you get rid of the OUs specified in your base_dn and try running it again?

So your base DN in your config should be:

DC=XXXXX,DC=XXXXX

[cisvpn-sai]

Thanks BTW, Steve. Appreciate your time and help.
Same result:
Collection {#138 ▼
#items: []
}

'base_dn' => 'DC=abc,DC=xyz',

abc and xyz not literal.

[stevebauman]

No problem!

Okay, try running just a general search and see if absolutely anything is returned (replace with previous):

$models = \Adldap\Laravel\Facades\Adldap::search()->all();

dd($models);

[cisvpn-sai]

I am having trouble getting my User.php to access my alternate local database instead of default. Would that have any effect on this LDAP results? I wouldn't think so but throwing that out there.

Im doing this but doesnt change: protected $connection = 'mysql_ldap_users';

Just did your general search and same result:

Collection {#138 ▼
#items: []
}

[stevebauman]

I am having trouble getting my User.php to access my alternate local database instead of default. Would that have any effect on this LDAP results? I wouldn't think so but throwing that out there.

Yea this wouldn't affect your ability to retrieve LDAP results. It seems like there's literally no records at all being returned. Try running php artisan config:clear and then try visiting your dev site to see if any results are returned.

If no results are returned, I'm out of ideas. It must be the base_dn configuration as that's the only reason no results would be returned on a global search.

I think you should login to your AD server and verify its distinguished name. I can mirror your issues identically with removing just a single character from my base_dn.

[cisvpn-sai]

Cleared and is same result. I will keep trying to get some results from the ldap. I will post when I get something. Thanks @stevebauman !