PHPackages commifreak/yii2-ldap-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. commifreak/yii2-ldap-auth ActiveYii2-extension[Authentication & Authorization](/categories/authentication) commifreak/yii2-ldap-auth ========================= Another Yii2 LDAP Auth Extension v1.5.5(5mo ago)12.4kBSD-3-ClausePHPPHP >=7.3 Since Aug 8Pushed 5mo ago2 watchersCompare [ Source](https://github.com/Commifreak/yii2-ldap-auth)[ Packagist](https://packagist.org/packages/commifreak/yii2-ldap-auth)[ RSS](/packages/commifreak-yii2-ldap-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (1)Versions (57)Used By (0) yii2-ldap-auth ============== [](#yii2-ldap-auth) This extensions adds a simple LDAP-Auth mechanism for your yii2 application What it does ------------ [](#what-it-does) - Tries to bind to selected domain with username/credential entered in LoginForm - Read user data attributes after successful bind to retrieve sid and other values Features -------- [](#features) - User login via LDAP - Read self defined LDAP attributes - Domain autodetection based on IPFilter. - Filter out results by checking every results `sidHistory` - Optional query caching Installation ------------ [](#installation) Preferred way to install, is through composer: ``` composer require commifreak/yii2-ldap-auth ``` Setup ----- [](#setup) Either you use it as standalone or add this as component: ``` [ 'components' => [ 'ldap' => [ 'class' => 'commifreak\yii2\LdapAuth', 'filterBySidhistory' => false, // Filter by checking sidHistory? 'enableCache' => false, 'forceApcuCache' => false, 'apcuCacheTtl' => 3600, 'domains' => [ ['name' => 'Domain1', 'hostname' => 'domain1.tld', 'autodetectIps' => ['172.31.0.0/16', '192.168.178.0/24', '127.0.0.1'], 'baseDn' => 'DC=Domain1,DC=tld', 'publicSearchUser' => 'example@domain', 'publicSearchUserPassword' => 'secret'], ['name' => 'Domain2', 'hostname' => '192.168.178.14', 'autodetectIps' => ['192.168.178.55'], 'baseDn' => 'DC=Domain2,DC=tld', 'publicSearchUser' => 'example@domain', 'publicSearchUserPassword' => 'secret'], //... ], ], ] ] ``` You can omit `autodetectIps` if you don't want Ips for a specific domain. You can set `useSSL` if you want to use encryption. **Attention!** You need to define `baseDn`. This defines the baseDN in where the function will search for the user data! Usage ----- [](#usage) There are 5 basic functions: - `autoDetect($overrideIp)` - Tries to detect the User's client IP (with Proxy support) and determines the Domain to use - `login($username, $password, $domainKey, $fetchUserDN)` - Tries to connect to domain and bind to it as `$username` with `$password` - `$domainKey` defines the domain to use (either detected by `autoDetect` or by passing the key number of the configuration array) - If you set it to `false` or pass nothing, the login function loops through every domain and tries to log you in ( default). - `$fetchUserDN` determines the user DN, in case you want a bind via a users DN instead of username@hostname - `fetchUserData($attributes)` - Queries the LDAP for the logged-in user and gets some attributes (adjustable list of attributes) - `searchUser($searchFor, $attributes, $searchFilter, $domainKey, $onlyActiveAccounts, $allDomainsHaveToBeReachable, $baseDN)` - Searches for a user in the LDAP-Directory. This requires a search-user which is configured in the component options. - The options let you define what attributes you want back and in which you are searching (defaults to lastname, firstname, username and class=person). - `$domainKey` lets you set a fixed domain (from autoDetect as example) to search. Otherwise, it searches in every domain - `$onlyActiveAccounts` lets you decide whether you only want active or all accounts to be returned. defaults to false! - `$allDomainsHaveToBeReachable` True: All configured domains need to be reachable in order to get a result. If one is not reachable, false will be returned - `$baseDN` Overrides the default (domain) basedn. - `searchGroup($searchFor, $groupAttributes, $userAttributes, $returnMembers, $domainKey, $onlyActiveAccounts, $allDomainsHaveToBeReachable)` - `$searchFor` specifies the groupname (text, partial text (\*) or sid) - `$userAttributes` and `$groupAttributes` specify the attributes for the result - Any other parameter has are being passed to `searchUser`, so check the docs there - `updateAttributes` lets you update the user attributes - `$attributes` The attribute (array keys are the attribute names, the array values are the attribute values) - `$dn` The DN which should be updated - if not provided, the eventually previous examined one will be used. Example ------- [](#example) ### View [](#view) I've added a new attribute to LoginForm `location` which holds the domain-key. ```