PHPackages fortyseeds/ci4-shield-ldap - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. fortyseeds/ci4-shield-ldap ActiveLibrary[Authentication & Authorization](/categories/authentication) fortyseeds/ci4-shield-ldap ========================== Enhanced LDAP Authentication for CodeIgniter 4 Shield - Supports both Active Directory and OpenLDAP/FreeIPA v2.1.0(9mo ago)1161[2 PRs](https://github.com/FortySeeds/ci4-shield-ldap/pulls)MITPHP Since Aug 2Pushed 9mo agoCompare [ Source](https://github.com/FortySeeds/ci4-shield-ldap)[ Packagist](https://packagist.org/packages/fortyseeds/ci4-shield-ldap)[ RSS](/packages/fortyseeds-ci4-shield-ldap/feed)WikiDiscussions develop Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (3)Used By (0) Enhanced LDAP Authentication for CodeIgniter 4 Shield ===================================================== [](#enhanced-ldap-authentication-for-codeigniter-4-shield) Enhanced version of the LDAP Authentication library for CodeIgniter 4 Shield that supports both **Active Directory** and **OpenLDAP/FreeIPA/389 Directory** servers. Features -------- [](#features) - ✅ **Active Directory** support (domain\\username format) - ✅ **OpenLDAP/FreeIPA/389 Directory** support (DN format) - ✅ Automatic user creation on first login - ✅ LDAP attribute synchronization - ✅ Group membership handling - ✅ Configurable attribute mapping - ✅ Shield-compatible user identity management Installation ------------ [](#installation) ``` composer require fortyseeds/ci4-shield-ldap ``` Configuration ------------- [](#configuration) ### 1. Basic Setup [](#1-basic-setup) Copy the configuration file to your app: ``` cp vendor/fortyseeds/ci4-shield-ldap/src/Config/AuthLDAP.php app/Config/AuthLDAP.php ``` ### 2. Configure for Active Directory [](#2-configure-for-active-directory) ``` // app/Config/AuthLDAP.php public string $ldap_host = 'ldap://dc.company.com'; public string $ldap_port = '389'; public bool $use_ldaps = true; // Use port 636 for LDAPS public string $ldap_type = 'ad'; public string $ldap_domain = 'company'; // For domain\username format public string $username = 'CN=Service Account,OU=Service Accounts,DC=company,DC=com'; public string $password = 'service_password'; public string $search_base = 'OU=Users,DC=company,DC=com'; // Active Directory attributes public array $attributes = [ 'objectSID', 'distinguishedname', 'displayName', 'title', 'description', 'cn', 'givenName', 'sn', 'mail', 'co', 'telephoneNumber', 'mobile', 'company', 'department', 'l', 'postalCode', 'streetAddress', 'samaccountname', 'thumbnailPhoto', 'userAccountControl' ]; ``` ### 3. Configure for OpenLDAP/FreeIPA [](#3-configure-for-openldapfreeipa) ``` // app/Config/AuthLDAP.php public string $ldap_host = 'ldap://ipa.company.com'; public string $ldap_port = '389'; public bool $use_ldaps = true; // Use port 636 for LDAPS public string $ldap_type = 'ldap'; public string $login_attribute = 'uid'; // or 'cn' depending on your schema public string $username = 'cn=admin,dc=company,dc=com'; public string $password = 'admin_password'; public string $search_base = 'cn=users,cn=accounts,dc=company,dc=com'; // OpenLDAP/FreeIPA attributes public array $attributes = [ 'uid', 'cn', 'dn', 'distinguishedName', 'entryUUID', 'entryDN', 'displayName', 'title', 'description', 'givenName', 'sn', 'mail', 'telephoneNumber', 'mobile', 'o', 'ou', 'l', 'postalCode', 'street', 'employeeNumber', 'employeeType', 'departmentNumber', 'krbPrincipalName', 'krbCanonicalName', 'ipaUniqueID', 'memberOf' ]; ``` ### 4. Update Shield Configuration [](#4-update-shield-configuration) ``` // app/Config/Auth.php public array $authenticators = [ 'ldap' => \Rakoitde\Shieldldap\Authentication\Authenticators\LDAP::class, 'session' => \CodeIgniter\Shield\Authentication\Authenticators\Session::class, 'tokens' => \CodeIgniter\Shield\Authentication\Authenticators\AccessTokens::class, ]; public array $authenticationChain = [ 'ldap', 'session', ]; ``` ### 5. Database Migration [](#5-database-migration) The package includes database migrations for additional LDAP fields. Run: ``` php spark migrate -all ``` Usage ----- [](#usage) ### Authentication Flow [](#authentication-flow) 1. **Active Directory**: Users login with `domain\username` or just `username` 2. **OpenLDAP/FreeIPA**: Users login with their `uid` (e.g., `john.doe`) The system automatically: - Authenticates against LDAP - Creates local user account on first login - Synchronizes LDAP attributes - Manages user identity for Shield compatibility ### Testing LDAP Connection [](#testing-ldap-connection) ``` php spark shieldldap:check ``` ### Managing LDAP Users [](#managing-ldap-users) ``` php spark shieldldap:user ``` Authentication Types Comparison ------------------------------- [](#authentication-types-comparison) FeatureActive DirectoryOpenLDAP/FreeIPALogin Format`domain\username``uid` or `cn`DN FormatAutomatic via domain`uid=user,cn=users,cn=accounts,dc=domain,dc=com`Service Account`domain\service` or `service@domain.com``cn=admin,dc=domain,dc=com`Search Base`OU=Users,DC=domain,DC=com``cn=users,cn=accounts,dc=domain,dc=com`Primary Attributes`samaccountname`, `objectSID``uid`, `ipaUniqueID`Troubleshooting --------------- [](#troubleshooting) ### Common Issues [](#common-issues) 1. **"Cannot assign null to property"**: Ensure LDAP attributes exist in your directory 2. **"UserIdentity not found"**: The enhanced version automatically creates email identities 3. **Connection timeout**: Check firewall, ports (389/636), and network connectivity 4. **Authentication fails**: Verify service account credentials and permissions ### Debug Mode [](#debug-mode) Enable debug logging in your environment: ``` CI_ENVIRONMENT = development ``` Check logs in `writable/logs/` for detailed LDAP authentication information. Contributing ------------ [](#contributing) 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests if applicable 5. Submit a pull request License ------- [](#license) MIT License - see LICENSE file for details. Credits ------- [](#credits) - Original package by [Ralf Kornberger](https://github.com/rakoitde) - Enhanced by [FortySeeds](https://github.com/FortySeeds) for OpenLDAP/FreeIPA support - Built for [CodeIgniter 4 Shield](https://github.com/codeigniter4/shield) Changelog --------- [](#changelog) ### v2.0.0 (Enhanced Version) [](#v200-enhanced-version) - ✅ Added OpenLDAP/FreeIPA/389 Directory support - ✅ Flexible DN construction based on LDAP type - ✅ Enhanced error handling and user identity management - ✅ Improved attribute mapping for different LDAP servers - ✅ Comprehensive documentation for both AD and OpenLDAP ### v1.x (Original) [](#v1x-original) - Active Directory support only ### Health Score 29 — LowBetter than 60% of packages Maintenance57 Moderate activity, may be stable Popularity8 Limited adoption so far Community9 Small or concentrated contributor base Maturity37 Early-stage or recently created project Bus Factor1 Top contributor holds 60% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 283d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4e26f2fd6e52cb14584a6656f87e092e0042c4cb37343b6bad5f7b6fa85cbf75?d=identicon)[Paminger](/maintainers/Paminger) --- Top Contributors [![Paminger](https://avatars.githubusercontent.com/u/9725873?v=4)](https://github.com/Paminger "Paminger (6 commits)")[![rakoitde](https://avatars.githubusercontent.com/u/37985317?v=4)](https://github.com/rakoitde "rakoitde (4 commits)") --- Tags Authenticationldapactive directoryopenldapcodeigniter4shieldfreeeipa389-directory ### Code Quality Static AnalysisRector ### Embed Badge ![Health badge](/badges/fortyseeds-ci4-shield-ldap/health.svg) ``` [![Health](https://phpackages.com/badges/fortyseeds-ci4-shield-ldap/health.svg)](https://phpackages.com/packages/fortyseeds-ci4-shield-ldap) ``` ### Alternatives [causal/ig_ldap_sso_auth This extension provides LDAP support for TYPO3 by delegating the authentication of frontend and/or backend users to the centrally-managed directory of your organization. It fully supports OpenLDAP and Active Directory and is capable of connecting securely to the authentication server using either TLS or SSL (ldaps://). In case of use in an intranet environment, this extension is a perfect match since it natively brings Single Sign-On (SSO) capability to TYPO3 without any complex configuration. 33377.4k](/packages/causal-ig-ldap-sso-auth)[codeigniter4/shield Authentication and Authorization for CodeIgniter 4 417372.4k22](/packages/codeigniter4-shield)[ldaptools/ldaptools-bundle Provides easy LDAP integration for Symfony via LdapTools. 49159.5k](/packages/ldaptools-ldaptools-bundle)[jotaelesalinas/laravel-adminless-ldap-auth Authenticate users in Laravel against an adminless LDAP server 2105.1k](/packages/jotaelesalinas-laravel-adminless-ldap-auth)[chrmorandi/yii2-ldap Ldap 1453.1k](/packages/chrmorandi-yii2-ldap)[edvlerblog/yii2-adldap-module yii2 Active Directory implementation (wrapper for Adldap2) 51227.3k](/packages/edvlerblog-yii2-adldap-module) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)