PHPackages edvlerblog/yii2-adldap-module - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. edvlerblog/yii2-adldap-module ActiveYii2-extension[Authentication & Authorization](/categories/authentication) edvlerblog/yii2-adldap-module ============================= yii2 Active Directory implementation (wrapper for Adldap2) v6.0.0(7y ago)51227.3k↓13.9%32[1 issues](https://github.com/edvler/yii2-adldap-module/issues)BSD-3-ClausePHP Since Jan 29Pushed 7y ago10 watchersCompare [ Source](https://github.com/edvler/yii2-adldap-module)[ Packagist](https://packagist.org/packages/edvlerblog/yii2-adldap-module)[ Docs](https://github.com/edvler/yii2-adldap-module)[ RSS](/packages/edvlerblog-yii2-adldap-module/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (2)Versions (18)Used By (0) yii2-adldap-module v6 (wrapper for Adldap2 v10) =============================================== [](#yii2-adldap-module-v6-wrapper-for-adldap2-v10) [Yii2](http://www.yiiframework.com) extension for Adldap2 () [![Latest Stable Version](https://camo.githubusercontent.com/b4e2bc2e8eea187a255379dd705b27427139b04269973d6bf945b573cc92428d/68747470733a2f2f706f7365722e707567782e6f72672f6564766c6572626c6f672f796969322d61646c6461702d6d6f64756c652f762f737461626c65)](https://packagist.org/packages/edvlerblog/yii2-adldap-module)[![Total Downloads](https://camo.githubusercontent.com/747598956e90ade668c95a87479dc0700f8d3301100d1ca16fd97f4faa582835/68747470733a2f2f706f7365722e707567782e6f72672f6564766c6572626c6f672f796969322d61646c6461702d6d6f64756c652f646f776e6c6f616473)](https://packagist.org/packages/edvlerblog/yii2-adldap-module)[![Monthly Downloads](https://camo.githubusercontent.com/559c090fab74b810597ba9a9238ec9e92d165bb75409acc6e2a95e0f6535122f/68747470733a2f2f706f7365722e707567782e6f72672f6564766c6572626c6f672f796969322d61646c6461702d6d6f64756c652f642f6d6f6e74686c79)](https://packagist.org/packages/edvlerblog/yii2-adldap-module)[![Daily Downloads](https://camo.githubusercontent.com/9d13cbb6c3558cf5de25f854300d76b65ebc02b2a757f83f2d890845126ec199/68747470733a2f2f706f7365722e707567782e6f72672f6564766c6572626c6f672f796969322d61646c6461702d6d6f64756c652f642f6461696c79)](https://packagist.org/packages/edvlerblog/yii2-adldap-module)[![License](https://camo.githubusercontent.com/75dff40a27de5fefaa0d8d34b17a9873ca47aeb231bc0b93b106293998f22b4e/68747470733a2f2f706f7365722e707567782e6f72672f706870756e69742f706870756e69742f6c6963656e7365)](https://packagist.org/packages/edvlerblog/yii2-adldap-module) - Query Active Directory users, groups, computers, organizational units, ... - RBAC user model - Create/Update/Edit Active Directory objects - Extensive test suite Please read this if you upgrade from older versions to v5 or v6 --------------------------------------------------------------- [](#please-read-this-if-you-upgrade-from-older-versions-to-v5-or-v6) Adldap2 changed option keys in version 9. If you upgrade from a previous version you have to change your config/web.conf (basic template) OR common/config/main.conf (advanced template) and your config/console.conf (basic template) OR console/config/main.conf (advanced template). For all Adldap 2 options see . The mandatory changed options are: - admin\_username: renamed to username - admin\_password: renamed to password - domain\_controllers: renamed to hosts If you configure your username append your domain with **@domain.name**. Otherwise you maybe get **Adldap\\Auth\\Bindexception: Invalid Credentials**. ``` ... 'username' => 'username_ldap_access@example.lan', ... ``` See [Configuration](#configuration) section for example. Howto contribute or support the extension ----------------------------------------- [](#howto-contribute-or-support-the-extension) As you as delevoper know, it's **not only source code** that matters. The best code is worthless if no **documentation** exists. My focus is to provide a comprehensive documentation for this extension. This should help **YOU** to do your task fast and without struggle. Updating this extension take days starting with programming, writing the docs and write test for the code and the docs. **I'am glad to see that many persons use the plugin!** If you want to help you can do the following: - Extend or correct the docs and create a Pull-Request - Fix or extend the plugins source code and create a Pull-Request - Add further tests and create a Pull-Request - Open a issue for questions or problems **If this project help you reduce time to develop, you can spend me a cup of coffee :)** [![paypal](https://camo.githubusercontent.com/e1ff554a09e8e92bef25abc553ff05b88f45afd695877cf12f3a46558ef65b2e/68747470733a2f2f7777772e70617970616c6f626a656374732e636f6d2f656e5f55532f692f62746e2f62746e5f646f6e61746543435f4c472e676966)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=WVHQ2539QZGRU) List of content --------------- [](#list-of-content) - **Overview** - [Version](#version) - [Functions of the extension](#functions-of-the-extension) - **Installation and configuration** - [Installation](#installation) - [Configuration](#configuration) - **Usage Methods** - [Method 1](#usage-method-1-simple-usage-without-a-user-model) Query informations - [Method 2](#usage-method-2-deep-integration-into-the-yii2-framework-with-a-user-model) RBAC user model - [Method 3](#usage-method-3-create-and-modify-active-directory-objects) Create and modify objects - **For developers** - [Testing](#testing) Version ------- [](#version) Current Version: yii2-adldap-module Releases beginning with tag v6.*.* are reserved for Adldap2 v10.\* The corresponding Adldap2 repository is **Keep this in mind if you are browsing the GitHub Repository of Adldap2** Functions of the extension -------------------------- [](#functions-of-the-extension) It has been a long way since 29. Jan 2014, many functions has been added. I noticed for myself that a short overview might help everyone to see whats possible. **The simple [Method 1](#usage-method-1-simple-usage-without-a-user-model)** - Query only informations from Active Directory. **The deep integration with [Method 2](#usage-method-2-deep-integration-into-the-yii2-framework-with-a-user-model)** - Sign in with a Active Directory User is possible **without doing anything in yii2**. The only action needed is creating a Active Directory User and add it to a group in Active Directory. - Full support of the RBAC-concept from yii2 - Default is to login with the sAMAccountName [Edvlerblog\\Adldap2\\model\\UserDbLdap.php::findByUsername($username)](src/model/UserDbLdap.php). But using any attribute is possible [Edvlerblog\\Adldap2\\model\\UserDbLdap.php::findByAttribute($attribute,$searchValue)](src/model/UserDbLdap.php). - Default is, that on login the Active Directory Account status and the group assignments are checked. Based on the results the login is possible or not. - You can access every Active Directory attribute of the user. [Method 2](#usage-method-2-deep-integration-into-the-yii2-framework-with-a-user-model) - This yii2-extension is highly configurable. **Create, modify or delete Active Directory objects with [Method 3: docs/CREATE\_MODIFY\_DELETE\_OBJECTS.md](docs/CREATE_MODIFY_DELETE_OBJECTS.md)** - Thanks to Adldap2, it's easy to create, modify or delete objects. **How to start??** - My suggestion is that you should start with Method 1. Start with a configration as described below and do some simple querys. If you see how it works, you can try Method 2. **If you have some questions...** - Please see the the separeted howto's for each Method. - [Method 1: docs/USAGE\_WITHOUT\_USER\_MODEL.md](docs/USAGE_WITHOUT_USER_MODEL.md) - [Method 2: docs/USAGE\_WITH\_USER\_MODEL.md](docs/USAGE_WITH_USER_MODEL.md) - [Method 3: docs/CREATE\_MODIFY\_DELETE\_OBJECTS.md](docs/CREATE_MODIFY_DELETE_OBJECTS.md) - Open a issue or a pull request. Installation ------------ [](#installation) The preferred way to install this extension is through [Composer](http://getcomposer.org/). Either run ``` php composer.phar require edvlerblog/yii2-adldap-module "^6.0.0" ``` or add ``` "edvlerblog/yii2-adldap-module": "^6.0.0" ``` to the require section of your composer.json Configuration ------------- [](#configuration) Add this code in your components section of the application configuration (eg. config/main.php for advanced template or config/web.php for basic template): ``` 'components' => [ //..... // other components ... //..... 'ad' => [ 'class' => 'Edvlerblog\Adldap2\Adldap2Wrapper', /* * Set the default provider to one of the providers defined in the * providers array. * * If this is commented out, the entry 'default' in the providers array is * used. * * See https://github.com/Adldap2/Adldap2/blob/master/docs/connecting.md * Setting a default connection * */ // 'defaultProvider' => 'another_provider', /* * Adlapd2 can handle multiple providers to different Active Directory sources. * Each provider has it's own config. * * In the providers section it's possible to define multiple providers as listed as example below. * But it's enough to only define the "default" provider! */ 'providers' => [ /* * Always add a default provider! * * You can get the provider with: * $provider = \Yii::$app->ad->getDefaultProvider(); * or with $provider = \Yii::$app->ad->getProvider('default'); */ 'default' => [ //Providername default // Connect this provider on initialisation of the LdapWrapper Class automatically 'autoconnect' => true, // The provider's schema. Default is \Adldap\Schemas\ActiveDirectory set in https://github.com/Adldap2/Adldap2/blob/master/src/Connections/Provider.php#L112 // You can make your own https://github.com/Adldap2/Adldap2/blob/master/docs/schema.md or use one from https://github.com/Adldap2/Adldap2/tree/master/src/Schemas // Example to set it to OpenLDAP: // 'schema' => new \Adldap\Schemas\OpenLDAP(), // The config has to be defined as described in the Adldap2 documentation. // https://github.com/Adldap2/Adldap2/blob/master/docs/configuration.md 'config' => [ // Your account suffix, for example: matthias.maderer@example.lan 'account_suffix' => '@example.lan', // You can use the host name or the IP address of your controllers. 'hosts' => ['server01.example.lan', 'server02.example.lan'], // Your base DN. This is usually your account suffix. 'base_dn' => 'dc=example,dc=lan', // The account to use for querying / modifying users. This // does not need to be an actual admin account. 'username' => 'username_ldap_access@example.lan', 'password' => 'password_ldap_access!', // To enable SSL/TLS read the docs/SSL_TLS_AD.md and uncomment // the variables below //'port' => 636, //'use_ssl' => true, //'use_tls' => true, ] ], /* * Another Provider * You don't have to define another provider if you don't need it. It's just an example. * * You can get the provider with: * or with $provider = \Yii::$app->ad->getProvider('another_provider'); */ 'another_provider' => [ //Providername another_provider // Connect this provider on initialisation of the LdapWrapper Class automatically 'autoconnect' => false, // The provider's schema. Default is \Adldap\Schemas\ActiveDirectory set in https://github.com/Adldap2/Adldap2/blob/master/src/Connections/Provider.php#L112 // You can make your own https://github.com/Adldap2/Adldap2/blob/master/docs/schema.md or use one from https://github.com/Adldap2/Adldap2/tree/master/src/Schemas // Example to set it to OpenLDAP: // 'schema' => new \Adldap\Schemas\OpenLDAP(), // The config has to be defined as described in the Adldap2 documentation. // https://github.com/Adldap2/Adldap2/blob/master/docs/configuration.md 'config' => [ // Your account suffix, for example: matthias.maderer@test.lan 'account_suffix' => '@test.lan', // You can use the host name or the IP address of your controllers. 'hosts' => ['server1.test.lan', 'server2'], // Your base DN. This is usually your account suffix. 'base_dn' => 'dc=test,dc=lan', // The account to use for querying / modifying users. This // does not need to be an actual admin account. 'username' => 'username_ldap_access@test.lan', 'password' => 'password_ldap_access', // To enable SSL/TLS read the docs/SSL_TLS_AD.md and uncomment // the variables below //'port' => 636, //'use_ssl' => true, //'use_tls' => true, ] // close config ], // close provider ], // close providers array ], //close ad ``` See official documentation for all config options. Usage - Method 1, Method 2 and Method 3 --------------------------------------- [](#usage---method-1-method-2-and-method-3) ### Usage method 1: Simple usage without a user model [](#usage-method-1-simple-usage-without-a-user-model) If you are need to query some informations for a user from the Active Directory this would be best way. No additional configuration is needed and the only thing to do is to add the [configuration](#configuration) as described above to your components section. You only use the extension in the regular Yii2 style: ``` //... $un = 'testuser'; /* There are three ways available to call Adldap2 function. If you use more providers (multiple Active Directory connections) you make one as default and you can call this one with Method1 or Method2 and the second one will be called with Method3. */ //Get the Ldap object for the user. //$ldapObject holds a class of type Adldap\Models\User from the Adldap project! // Method 1: uses the default provider given in the configuration above (array key defaultProvider) $ldapObject = \Yii::$app->ad->search()->findBy('sAMAccountname', $un); // Method 2: uses the default provider given in the configuration above (array key defaultProvider) $ldapObject = \Yii::$app->ad->getDefaultProvider()->search()->findBy('sAMAccountname', $un); // Method 3: get the provider by name (here name default is used). $ldapObject = \Yii::$app->ad->getProvider('default')->search()->findBy('sAMAccountname', $un); //Examples //Please note that all fields from ldap are arrays! //Access it with ..[0] if it is a single value field. $givenName = $ldapObject['givenname'][0]; $surname = $ldapObject['sn'][0]; $displayname = $ldapObject['displayname'][0]; $telephone = $ldapObject['telephonenumber'][0]; echo 'gn: ' . $givenName . ' sn: ' . $surname . ' dispname: ' . $displayname . ' phone: ' . $telephone; //Print all possible attributes echo '' . print_r($ldapObject,true) . ''; // More ways to get attributes: // https://github.com/Adldap2/Adldap2/blob/master/docs/models/model.md#getting-attributes ``` **Further documentation with examples:** [docs/USAGE\_WITHOUT\_USER\_MODEL.md](docs/USAGE_WITHOUT_USER_MODEL.md) Modify of attributes is also possible. See [Method 3](#usage-method-3-create-modify-and-delete-active-directory-objects). --- ### Usage method 2: Deep integration into the yii2 framework with a user model [](#usage-method-2-deep-integration-into-the-yii2-framework-with-a-user-model) The second method gives you the ability to authenticate users against Active Directory with a special user model. It intgerates very well into the RBAC security concept of yii2 (). You can use all features of the yii2 user integration. Some Examples: ``` //... //Has user a permission? $hasPermission = \Yii::$app->user->can('permissionDisplayDetailedAbout'); //Query informations from Active Directory. You can use it in a controller, a view, everywhere in yii2! if (!\Yii::$app->user->isGuest) { //Get the yii2 identitiy, which was set by the Yii::$app->user->login(..,..) function //See model/LoginForm.php in the basic template for the login logic $yii2IdentityObject = \Yii::$app->user->identity; $rolesOfUser = \Yii::$app->authManager->getRolesByUser($yii2IdentityObject->getId()); echo '' . print_r($rolesOfUser,true) . ''; //Get the Ldap object for the user. //$ldapObject holds a class of type Adldap\Models\User from the Adldap project! //No performance issues, because the queryLdapUserObject function uses a cache. $ldapObject = $yii2IdentityObject->queryLdapUserObject(); //Examples //Please note that all fields from ldap are arrays! //Access it with ..[0] if it is a single value field. $givenName = $ldapObject['givenname'][0]; $surname = $ldapObject['surname'][0]; $displayname = $ldapObject['displayname'][0]; $telephone = $ldapObject['telephonenumber'][0]; echo 'gn: ' . $givenName . ' sn: ' . $surname . ' dispname: ' . $displayname . ' phone: ' . $telephone; //Print all possible attributes echo '' . print_r($ldapObject,true) . ''; // More ways to get attributes of a user model: // https://adldap2.github.io/Adldap2/#/models/user } //... ``` If you use the [Edvlerblog\\Adldap2\\model\\UserDbLdap.php](src/model/UserDbLdap.php) class you can do things like login with a user into yii2 **without createing them** in yii2. Tasks like creating a user, assigning roles and check password against Active Directory all automatically done from [Edvlerblog\\Adldap2\\model\\UserDbLdap.php](src/model/UserDbLdap.php) class. For example imagine the following: - You create a user in Active Directory and assign this user to a group starting with **yii2\_** (e.g. yii2\_example\_group). - In yii2 a role with the same name exists (yii2\_example\_group). The role has some permissions assigned. If you try to login with your new user, the user is created **automatically** in yii2 and role yii2\_example\_group is assigned **automatically** on login. For the human this is transparent. The only feedback to the human is a successfull login and that it is possible to use the functions which he has permissions to access. **Further documentation with setup and examples:** [docs/USAGE\_WITH\_USER\_MODEL.md](docs/USAGE_WITH_USER_MODEL.md) --- ### Usage method 3: Create, modify and delete Active Directory objects [](#usage-method-3-create-modify-and-delete-active-directory-objects) Adldap2 offers the option to create, modify and delete Active Directory objects. See for documentation. **Prequesits** - To create or modify attributes of a Active Directory object use a bind user in your [configuration](#configuration) with rights to change the attributes of the objects (a dirty but **very discourraged** way is to add the bind user to the domain-admins group)! - For some actions, like change the password, you need a SSL/TLS connection. See [configuration](#configuration) for further hints. **One example:** Modify the displayname of a user ``` // https://adldap2.github.io/Adldap2/#/searching?id=finding-a-record-by-a-specific-attribute // Step 1: Query the ldap object (via method 1 or method 2) $un = 'testuser'; $ldapObject = \Yii::$app->ad->getProvider('default')->search()->findBy('sAMAccountname', $un); // Step 2: Update the attribute // $ldapObject->setDisplayName('Fancy New Displayname'); // Step 3: Save an check return value // https://adldap2.github.io/Adldap2/#/models/model?id=attributes // https://adldap2.github.io/Adldap2/#/models/model?id=updating-attributes if ($ldapObject->save()) { echo "// Displayname successfully updated."; } else { echo "// There was an issue updating this user."; } ``` **Further documentation:** [docs/CREATE\_MODIFY\_DELETE\_OBJECTS.md](docs/CREATE_MODIFY_DELETE_OBJECTS.md) --- ### Testing [](#testing) This section is only for developers, that may extend the functionality. These test classes exists: - tests/InitialTest.php: Delete, create and modify users and groups and check results - tests/UserModelTest.php: Test the [src/model/UserDbLdap.php](src/model/UserDbLdap.php) For the UserModelTest test it's neccessary to setup the deep integration as described here: [docs/USAGE\_WITH\_USER\_MODEL.md](docs/USAGE_WITH_USER_MODEL.md) **Usage:** - Use the phpunit from yii2. Its placed in vendor\\bin\\phpunit. - Create the config class tests\\base\\TestConfig.php from the template tests\\base\\TestConfigSample.php. Start the tests in windows with: ``` // WARNING!! NOT RUN ON PRODUCTION!! // TABLES ARE TRUNCATED AND ACTIVE DIRECTORY IS MODIFIED! // TAKE A LOOK AT THE SOURCE CODE BEFORE RUNNING THE TESTS. cd vendor/edvlerblog/yii2-adldap-module ..\..\bin\phpunit -v --debug ..\..\bin\phpunit --testdox ``` ### Health Score 44 — FairBetter than 92% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity48 Moderate usage in the ecosystem Community21 Small or concentrated contributor base Maturity72 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~122 days Recently: every ~162 days Total 16 Last Release 2669d ago Major Versions v1.1.3 → v2.0.02016-12-16 v2.0.0 → v3.0.02016-12-16 v3.0.5 → v4.0.02017-04-19 v4.0.0 → v5.0.02019-01-27 v5.0.0 → v6.0.02019-01-27 ### Community Maintainers ![](https://www.gravatar.com/avatar/24cb3c027c85ac680823f49cdd91a800380a76a41f1ff3161c15598d9bc9fac1?d=identicon)[edvler](/maintainers/edvler) --- Top Contributors [![vitalyzhakov](https://avatars.githubusercontent.com/u/1775220?v=4)](https://github.com/vitalyzhakov "vitalyzhakov (4 commits)")[![cornernote](https://avatars.githubusercontent.com/u/51875?v=4)](https://github.com/cornernote "cornernote (2 commits)")[![mikefi](https://avatars.githubusercontent.com/u/12695475?v=4)](https://github.com/mikefi "mikefi (1 commits)")[![razonyang](https://avatars.githubusercontent.com/u/17720932?v=4)](https://github.com/razonyang "razonyang (1 commits)")[![trombipeti](https://avatars.githubusercontent.com/u/6303783?v=4)](https://github.com/trombipeti "trombipeti (1 commits)") --- Tags active-directoryphpuser-managementyii2yii2-extensionyii2-rbacyii2-rbac-moduleyii2-role-systemmicrosoftyii2ldapactive directoryadadLDAPyii2-extensionyii2-rbacyii2-role-systemyii2-rbac-module ### Embed Badge ![Health badge](/badges/edvlerblog-yii2-adldap-module/health.svg) ``` [![Health](https://phpackages.com/badges/edvlerblog-yii2-adldap-module/health.svg)](https://phpackages.com/packages/edvlerblog-yii2-adldap-module) ``` ### Alternatives [yii2mod/yii2-rbac RBAC management module for Yii2 150351.4k7](/packages/yii2mod-yii2-rbac)[jotaelesalinas/laravel-adminless-ldap-auth Authenticate users in Laravel against an adminless LDAP server 2105.1k](/packages/jotaelesalinas-laravel-adminless-ldap-auth)[chrmorandi/yii2-ldap Ldap 1453.1k](/packages/chrmorandi-yii2-ldap)[riper/security-active_directory This is a bundle to allow authentication into symfony >= 2.6 by an Active directory 163.7k](/packages/riper-security-active-directory) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)