Question: howto bind as authenticated user when using the laravel driver?

[mgiritli]

I know this is documented in core docs and it is clear how to achieve this when manually connecting - simply pass true as the 3rd argument to the attempt function call. However, I could not find a way to bind and stay bind as the authenticated user when using the laravel driver. Since there is no call to any attempt function when using the driver...Any ideas?

[stevebauman]

You cannot stay bound as the authenticated user unless you store their username and password. There is no way around this.

PHP is stateless, and will re-connect to connections from scratch on every single request in your application. This means you will need the users credentials on every request that you require a bound LDAP connection to run operations underneath that specific user.

This is the purpose for using a static configuration array with a username and password.

Hope this helps!

[mgiritli]

Sorry, I think there is a misunderstanding which is my fault. All I want from ldaprecord is to not switch back to the configured account in ldap.php after authorising, thats why I gave the example in the core docs when the attempt function is called with a 3rd parameter.
Currently I'm overriding the login function of laravel and doing some other login tasks and these are performed using the configured account, not the authorised account. If I hack the code in ldaprecord/src/Auth/Guard.php at function "attempt" and give the bindAsUser a default value of "true", it works exactly as I want it to. All I need is a proper way of doing this when using the laravel driver. I hope I could explain it a bit better this time.

[stevebauman]

All I want from ldaprecord is to not switch back to the configured account in ldap.php after authorising

Ok, so I understand properly, you're wanting to bind as the user you are logging in with and run operations underneath them for the duration of the request?

Your configured user inside if your ldap.php configuration file will be rebound on any subsequent requests to your Laravel application, so I'm trying to understand the purpose for this.

Thanks for commenting back!

[stevebauman]

You could actually do this by:

1. Inside of your LoginController by overriding the guard method
2. Once you have the guard, you can retrieve the LdapRecord-Laravel DatabaseUserProvider
3. Then call getLdapUserAuthenticator to retrieve the authenticator
4. Override the authentication closure:

// app/Http/Controllers/Auth/LoginController.php

protected function guard()
{
    $guard = Auth::guard();
    
    $authenticator = $guard->getProvider()->getLdapUserAuthenticator();

    $authenticator->authenticateUsing(function ($user, $password)) {
        return $user->getConnection()->auth()->attempt($user->getDn(), $password, $bindAsUser = true);
    });
    
    return $guard;
}

To do this however, you will need to update to the latest LdapRecord-Laravel version, so run composer update to be sure.

Should work exactly how you're looking to use it.

[mgiritli]

Yes, looks exactly what I want! Thank you so much.

[stevebauman]

Awesome! Glad that was what you were looking for 😄

Feel free to create another issue if you have any other questions.