Provide full examples for config when integrated with FOS? #10
Comments
This is the security.yml that I use with the 2.0.x branch security:
access_decision_manager:
# Strategy can be: affirmative, unanimous or consensus
strategy: unanimous # Vote the user if don't have all roles required.
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
chain_provider:
providers: [fos_userbundle, fr3d_ldapbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_manager
firewalls:
main:
pattern: ^/
fr3d_ldap: ~
form_login:
provider: chain_provider
# always_use_default_target_path: true
# default_target_path: /profile
logout: true
anonymous: true
remember_me:
key: %secret%
path: /
domain: ~ # Defaults to the current domain from $_SERVER
secure: true
httponly: true
access_control:
- { path: ^/$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/profile/, role: IS_AUTHENTICATED_REMEMBERED, requires_channel: https }
- { path: ^/locker/, role: IS_AUTHENTICATED_REMEMBERED, requires_channel: https }
- { path: ^/admin/user/, role: [ROLE_SUPER_ADMIN, IS_AUTHENTICATED_FULLY], requires_channel: https }
- { path: ^/admin, role: [ROLE_ADMIN, IS_AUTHENTICATED_FULLY], requires_channel: https }
factories:
- "%kernel.root_dir%/../vendor/bundles/FR3D/LdapBundle/Resources/config/security_factories.xml" |
Hi Maks3w you have clove this discusion without finish please help us for this |
@DRAKUN - the security.yml is above, and it looks pretty similar to mine. Each application and environment are pretty unique, so it does appear to take some trial and error to find the config that will be just right for you. The relevant parts of my config.yml look like this(I'm authenticating against Windows Server 2003):
If you're not sure that you're getting a tight connection to your AD server, download and tweak this script: You will need to create your own "class User extends BaseUser implements LdapUserInterface". Mine looks like this:
I also introduced some hacks to vendor/bundles/FR3D/LdapBundle/Ldap/LdapManager.php (I know - I should have extended it I guess :) ruhroh!) I don't have a diff here, but I think the only changes I made were in hydrate():
|
Ah it is too cool, months when I have a hard time on it you is saved me thank you openly(frankly) thank you for the bottom of the heart Now can you sent by e-mails to user AD on 2003 through tone applications on symfony. If yes I would like to know by where you passed. |
@DRAKUN Your request is out of the scope of FR3DLdapBundle. Maybe at Symfony Forums you can get more luck. |
Hi all, Thanks For this Bundle!!! |
FYI to get this method to work I also had to set accountDomainName: <FQDN> e.g example.com
accountDomainNameShort: example |
Hi @Maks3w, Thanks |
I'm trying to configure this with FOSUserBundle, and it would be helpful if you had complete examples for app/config/security.yml, config.yml and the User class as it would be with FR3D and FOS fully integrated... (especially in firewalls)
The text was updated successfully, but these errors were encountered: