PHPackages dyrynda/laravel-ldap - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dyrynda/laravel-ldap ActiveLibrary[Authentication & Authorization](/categories/authentication) dyrynda/laravel-ldap ==================== Leverage Laravel's middleware to ensure your LDAP-authenticated users stay that way. 4.0.0(6y ago)64.4k1MITPHP Since Mar 14Pushed 6y ago1 watchersCompare [ Source](https://github.com/michaeldyrynda/laravel-ldap)[ Packagist](https://packagist.org/packages/dyrynda/laravel-ldap)[ RSS](/packages/dyrynda-laravel-ldap/feed)WikiDiscussions master Synced yesterday READMEChangelog (10)Dependencies (2)Versions (13)Used By (0) Adldap2 Laravel middleware ========================== [](#adldap2-laravel-middleware) The excellent [Adldap2-Laravel](https://github.com/Adldap2/Adldap2-Laravel/) package makes it super simple to integrate your Laravel application with an LDAP server to authenticate your users, but as these users can be managed externally to your application, it's not always possible to manage their access if they are already logged in. This package not only allows you to define groups your users must belong to in order to authenticate, but will also ensure that those groups continue to exist throughout a user's authenticated session, not just at the time of authentication i.e. when they log in. Installation ------------ [](#installation) ``` composer require dyrynda/laravel-ldap ``` Once the package is installed, publish the configuration file ``` php artisan vendor:publish --tag="laravel-ldap" ``` Configuration ------------- [](#configuration) The three keys you are likely to change are `allowed_groups`, `username`, and `password_expiry_threshold`. - `allowed_groups` contains the distinguished names for allowed groups that users must have in order to be able to authenticate. - `username` is the database field that your application users can be found by in the `users` table, and will match the username used to authenticate with your application. - `password_expiry_threshold` is used to determine when a password was last changed, relative to the authenticated user's (cached) data. Usage ----- [](#usage) In order to restrict authentication of users to your application using the `allowed_groups` key, add the `GroupAccessScope` to the `scopes` key of the `adldap_auth` configuration file. A user will only be able to authenticate if they are a member of each group defined in the `allowed_groups` array. This scope will ensure that users can only login if they are members of the given groups, but does nothing to protect your application from users that are already logged in from accessing it should their access be revoked in the directory server. To combat this, you can add the following to to the `$routeMiddleware` property of your `app/Http/Kernel.php`. ``` 'ldap' => \Dyrynda\Ldap\Http\Middleware\LdapMiddleware::class ``` This middleware can then be applied to your routes to ensure the following: - Your LDAP user exists in the directory and continues to be a member of the `allowed_groups` - Authenticated users have not recently changed their password - Authenticated users' passwords are not due to expire within a configured period of time, which defaults to 5 days Should any of these conditions evaluate to false, the user will be logged out and directed to login to your application again. ### Updated password [](#updated-password) If you wish to log users out based on their password being updated, you must cache the timestamp which marks the last time the password was updated (on login). When the value in LDAP is newer than the value in your application's cache, the user will be logged out. *If the configured `password_expiration_field` attribute does not exist on your `User` model, this check will be skipped.* You will need to configure modify the `adldap_auth.php` configuration file to sync the `pwdlastset` value from LDAP. ``` 'sync_attributes' => [ 'password_updated_at' => 'pwdlastset', ], ``` Ensure you have a the corresponding database field configured. ``` Schema::table('users', function (Blueprint $table) { $table->unsignedBigInteger('password_updated_at')->nullable()->default(null); }); ``` ### Testing [](#testing) By default ldap is enabled for testing, this can be toggled within the config `laravel_ldap.php` ``` 'disable_while_testing' => true, ``` Lastly, update the `password_expiration_field` (if not using the default `password_updated_at`) in your `laravel_ldap.php` configuration file. Support ------- [](#support) If you are having general issues with this repository, feel free to contact me on [Twitter](https://twitter.com/michaeldyrynda). If you believe you have found an issue, please report it using the [GitHub issue tracker](https://github.com/michaeldyrynda/laravel-ldap/issues), or better yet, fork the repository and submit a pull request. If you're using this repository, I'd love to hear your thoughts. Thanks! ### Health Score 34 — LowBetter than 77% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community10 Small or concentrated contributor base Maturity70 Established project with proven stability Bus Factor1 Top contributor holds 93.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~66 days Recently: every ~47 days Total 12 Last Release 2253d ago Major Versions 1.1.1 → 2.0.02019-07-14 2.0.0 → 3.0.02019-09-04 3.1.1 → 4.0.02020-03-11 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/558441?v=4)[Michael Dyrynda](/maintainers/michaeldyrynda)[@michaeldyrynda](https://github.com/michaeldyrynda) --- Top Contributors [![michaeldyrynda](https://avatars.githubusercontent.com/u/558441?v=4)](https://github.com/michaeldyrynda "michaeldyrynda (27 commits)")[![parkourben99](https://avatars.githubusercontent.com/u/7295774?v=4)](https://github.com/parkourben99 "parkourben99 (2 commits)") ### Embed Badge ![Health badge](/badges/dyrynda-laravel-ldap/health.svg) ``` [![Health](https://phpackages.com/badges/dyrynda-laravel-ldap/health.svg)](https://phpackages.com/packages/dyrynda-laravel-ldap) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[olssonm/l5-very-basic-auth Laravel stateless HTTP basic auth without the need for a database 1662.5M1](/packages/olssonm-l5-very-basic-auth)[stechstudio/laravel-jwt Helper package that makes it easy to generate, consume, and protect routes with JWT tokens in Laravel 126117.6k](/packages/stechstudio-laravel-jwt)[scaler-tech/laravel-saml2 SAML2 Service Provider integration for Laravel applications, based on OneLogin toolkit 2737.5k](/packages/scaler-tech-laravel-saml2)[truckersmp/steam-socialite Laravel Socialite provider for Steam OpenID. 1516.7k](/packages/truckersmp-steam-socialite) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)