PHPackages jotaelesalinas/laravel-adminless-ldap-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. jotaelesalinas/laravel-adminless-ldap-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) jotaelesalinas/laravel-adminless-ldap-auth ========================================== Authenticate users in Laravel against an adminless LDAP server v0.6.3(5y ago)2105.1k32[15 issues](https://github.com/jotaelesalinas/laravel-adminless-ldap-auth/issues)MITPHPPHP ~7.2|^8.0 Since Apr 16Pushed 2y ago13 watchersCompare [ Source](https://github.com/jotaelesalinas/laravel-adminless-ldap-auth)[ Packagist](https://packagist.org/packages/jotaelesalinas/laravel-adminless-ldap-auth)[ Docs](https://github.com/jotaelesalinas/laravel-adminless-ldap-auth)[ GitHub Sponsors](https://github.com/jotaelesalinas)[ RSS](/packages/jotaelesalinas-laravel-adminless-ldap-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (6)Versions (18)Used By (0) jotaelesalinas/laravel-adminless-ldap-auth ========================================== [](#jotaelesalinaslaravel-adminless-ldap-auth) Authenticate users in Laravel against an *adminless* LDAP server [![Latest Version on Packagist](https://camo.githubusercontent.com/2660d46a17168646160f887e40788f621ec8abaf486d6a363bb93971a0bd30ec/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6f7461656c6573616c696e61732f6c61726176656c2d61646d696e6c6573732d6c6461702d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/jotaelesalinas/laravel-adminless-ldap-auth)[![Total Downloads](https://camo.githubusercontent.com/f98b12f5d250b80f17d3b1486b94496ce882bf7e24a51af4ced361290ef3696e/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a6f7461656c6573616c696e61732f6c61726176656c2d61646d696e6c6573732d6c6461702d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/jotaelesalinas/laravel-adminless-ldap-auth)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md) **Important**: The use case for this authentication package is very specific: - This package does only one thing: validate users' credentials against an LDAP server. - It is not possible to create/modify/delete users in the Laravel application. - User management is done in the LDAP server. Installation ------------ [](#installation) You need an existing Laravel project. Inside its folder, type: ``` composer require jotaelesalinas/laravel-adminless-ldap-auth ``` You might get an error saying that your requirements could not be resolved to an installable set of packages. This is usually caused by adldap2/adldap2 depending on different versions of some packages also required by Laravel. This problem is usually solved adding the option `-W` (or `--update-with-all-dependencies`), but be warned that this could cause issues. ``` composer require jotaelesalinas/laravel-adminless-ldap-auth -W ``` Go on with the configuration. The package will not work if it is not properly configured. Configuration ------------- [](#configuration) **A note on the most important .env variables** - `LDAP_USER_SEARCH_ATTRIBUTE`: the name of the attribute in the LDAP server that uniquely identifies a user, e.g. `uid`, `mail` or `sAMAccountName`. The value of this attribute is what the user will have to type as identifier in the login form (+ the password, of course). - `LDAP_USER_BIND_ATTRIBUTE`: the name of the attribute in the LDAP server that is used inside the distinguished name, e.g. `uid` or `cn`. The value will be read from the user attributes returned by the LDAP server. - `AUTH_USER_KEY_FIELD`: the name of the property that will uniquely identify the Auth user. By default, the name is `username` and the value is read from the LDAP user attribute `LDAP_USER_SEARCH_ATTRIBUTE`. See an [explanation of how the library works](docs/explanation.md) for a better understanding of the rationale behind the different variables. ### Add variables to `.env` [](#add-variables-to-env) You will need the assistance of your LDAP administrator to get these options right. ``` LDAP_SCHEMA=OpenLDAP # Has to be one of these: # - OpenLDAP # - FreeIPA # - ActiveDirectory LDAP_HOSTS=ldap.forumsys.com # Your LDAP server LDAP_BASE_DN=dc=example,dc=com # base distinguished name LDAP_USER_SEARCH_ATTRIBUTE=uid # field by which your users are identified in the LDAP server LDAP_USER_BIND_ATTRIBUTE=uid # field by which your users are binded to the LDAP server LDAP_USER_FULL_DN_FMT=${LDAP_USER_BIND_ATTRIBUTE}=%s,${LDAP_BASE_DN} # full user distinguished name to be used with sprintf: # %s will be replaced by $user->${LDAP_USER_BIND_ATTRIBUTE} LDAP_CONNECTION=default # which configuration to use from config/ldap.php ``` These are just a few options, the ones needed to make this example work. There are many more in `config/ldap.php`. Also, add the name of the property that will uniquely identify your Auth user: ``` AUTH_USER_KEY_FIELD=username ``` You can change the value of `AUTH_USER_KEY_FIELD` to whatever you want, e.g. `id`, `email` or `phonenumber`, but you don't really have to. **For Windows ActiveDirectory users** Based on some feedback, this configuration might work for you (I can't promise it will): ``` LDAP_SCHEMA=ActiveDirectory LDAP_USER_SEARCH_ATTRIBUTE=sAMAccountName LDAP_USER_BIND_ATTRIBUTE=cn ``` **Testing with Apache Direcory** I have been able to test ActiveDirectory using the docker image `dwimberger/ldap-ad-it` with an [Apache Directory](https://directory.apache.org/) installation. Thanks to James Hamilton for this [video](https://www.youtube.com/watch?v=-6fAr13j1AM). I know it is not the same as Windows' RSAT ActiveDirectory, but it is what I have been able to test. These are the `.env` variables that I had to change to make it work: ``` LDAP_SCHEMA=ActiveDirectory LDAP_HOSTS=127.0.0.1 LDAP_PORT=10389 LDAP_BASE_DN=ou=users,dc=wimpi,dc=net ``` Also, I had to modify the code to pre-connect to the LDAP server before attempting to search for a user. I think this was probably the real issue most people had when trying to use the library with AD. ### Modify `config/auth.php` [](#modify-configauthphp) Add a new LDAP provider using the newly installed `adminless_ldap` driver: ``` 'providers' => [ 'ldap' => [ 'driver' => 'adminless_ldap', ], ], ``` You can delete the `users` provider if you want. Or just comment it out. Do not leave unused code hanging around. Modify the web guard to use the new `ldap` provider: ``` 'guards' => [ 'web' => [ 'driver' => 'session', 'provider' => 'ldap', ], ], ``` Delete the `api` guard if you don't need it. Or at least comment it out. **Important!** Create this new entry: ``` 'auth_user_key' => env('AUTH_USER_KEY_FIELD', null), ``` ### Publish the config files of Adldap and AdldapAuth [](#publish-the-config-files-of-adldap-and-adldapauth) ``` php artisan vendor:publish --provider="Adldap\Laravel\AdldapServiceProvider" php artisan vendor:publish --provider="Adldap\Laravel\AdldapAuthServiceProvider" ``` ### Configure the LDAP connection in `config/ldap.php` [](#configure-the-ldap-connection-in-configldapphp) Again, you will need the assistance of your LDAP administrator. See comments below. ``` 'connections' => [ // here, in theory, we should leave `default` untouched and create a new connection // (and change `LDAP_CONNECTION` in `.env` accordingly) // but I wasn't able to make the underlying Adldap package work with any connection // other than `default`, so we will modify the default connection directly 'default' => [ 'auto_connect' => env('LDAP_AUTO_CONNECT', false), 'connection' => Adldap\Connections\Ldap::class, 'settings' => [ // replace this line: // 'schema' => Adldap\Schemas\ActiveDirectory::class, // with this: 'schema' => env('LDAP_SCHEMA', '') == 'OpenLDAP' ? Adldap\Schemas\OpenLDAP::class : ( env('LDAP_SCHEMA', '') == 'FreeIPA' ? Adldap\Schemas\FreeIPA::class : Adldap\Schemas\ActiveDirectory::class ), // remove the default values of these options: 'hosts' => explode(' ', env('LDAP_HOSTS', '')), 'base_dn' => env('LDAP_BASE_DN', ''), 'username' => env('LDAP_ADMIN_USERNAME', ''), 'password' => env('LDAP_ADMIN_PASSWORD', ''), // and talk to your LDAP administrator about these other options. // do not modify them here, use .env! 'account_prefix' => env('LDAP_ACCOUNT_PREFIX', ''), 'account_suffix' => env('LDAP_ACCOUNT_SUFFIX', ''), 'port' => env('LDAP_PORT', 389), 'timeout' => env('LDAP_TIMEOUT', 5), 'follow_referrals' => env('LDAP_FOLLOW_REFERRALS', false), 'use_ssl' => env('LDAP_USE_SSL', false), 'use_tls' => env('LDAP_USE_TLS', false), ], ], ], ``` ### Configure the LDAP authentication in `config/ldap_auth.php` [](#configure-the-ldap-authentication-in-configldap_authphp) Tell the Adldap library how to search and bind users in your LDAP server. **Important!** Do not forget to add the entry `user_format`. ``` 'identifiers' => [ // ... other code ... 'ldap' => [ 'locate_users_by' => env('LDAP_USER_SEARCH_ATTRIBUTE', ''), 'bind_users_by' => env('LDAP_USER_BIND_ATTRIBUTE', ''), 'user_format' => env('LDAP_USER_FULL_DN_FMT', ''), ], // ... other code ... ], ``` And tell the new auth provider which fields from the LDAP user entry you will want "imported" into your Auth user *on every successful login*. ``` 'sync_attributes' => [ // 'field_in_local_user_model' => 'attribute_in_ldap_server', env('AUTH_USER_KEY_FIELD', null) => env('LDAP_USER_SEARCH_ATTRIBUTE', null), 'name' => 'cn', 'email' => 'mail', 'phone' => 'telephonenumber', ], ``` Usage ----- [](#usage) That's it! Now you should be able to use [Laravel's built-in authentication](https://laravel.com/docs/7.x/authentication#authenticating-users) to perform all auth-related tasks, e.g. `Auth::check()`, `Auth::attempt()`, `Auth::user()`, etc. You can try with tinker: ``` php artisan optimize:clear php artisan tinker ``` If you get an error saying that writing to /path/to/folder/.config/psysh is not allowed, try adding this line to your `.env`: ``` XDG_CONFIG_HOME=. ``` Run these instructions to test the applicacion in real time: ``` Auth::guest() => true Auth::check() => false Auth::user() => null Auth::id() => null Auth::attempt(['username' => 'einstein', 'password' => '']) => false Auth::attempt(['username' => 'einstein', 'password' => 'qwerty']) => false Auth::attempt(['username' => 'einstein', 'password' => 'password']) => true Auth::guest() => false Auth::check() => true Auth::user() => JotaEleSalinas\AdminlessLdap\LdapUser { username: "einstein", name: "Albert Einstein", email: "einstein@ldap.forumsys.com", phone: "314-159-2653", } Auth::id() => "einstein" Auth::logout() => null Auth::check() => false Auth::user() => null ``` Remember that you have these users available in the public testing LDAP server: `einstein`, `newton` and `tesla`. The password is `password` for all of them. If you want to see which attributes are available for each user in the LDAP server, run this in Tinker: ``` $lh = new JotaEleSalinas\AdminlessLdap\LdapHelper(config('ldap_auth')) => JotaEleSalinas\AdminlessLdap\LdapHelper $lh->retrieveLdapAttribs('einstein', 'password') => [ "userpassword" => "{sha}W6ph5Mm5Pz8GgiULbPgzG37mj9g=", "cn" => "Albert Einstein", "sn" => "Einstein", "uid" => "einstein", "mail" => "einstein@ldap.forumsys.com", "telephonenumber" => "314-159-2653", "dn" => "uid=einstein,dc=example,dc=com", ] ``` Was this package useful? Give it a star. Did it save your day? Are you making money out of it? Consider [sponsoring me](https://github.com/sponsors/jotaelesalinas)! Login UI (routes, controllers, views) ------------------------------------- [](#login-ui-routes-controllers-views) If you want to see how to build a login UI adapted to this specific adminless LDAP system, you can read the [Login UI guide](docs/login-ui.md). To do ----- [](#to-do) - Tests -- WIP - Instructions for ActiveDirectory -- help needed, I don't have access to any AD server - Do we have to trigger events for login attempts, success, failure, logout, etc? Or are they triggered somewhere else? - Add instructions to build the login UI - Extend `LdapUser` on `Illuminate\Auth\GenericUser` - Upload to packagist - Set up the GitHub Hook for Packagist to automate new versions Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) and [CODE\_OF\_CONDUCT](CODE_OF_CONDUCT.md) for details. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [José Luis Salinas](https://github.com/jotaelesalinas) - [All Contributors](../../contributors) Sponsoring ---------- [](#sponsoring) Did this package save your day? Are you making $$$ out of it? Give back by [sponsoring me](https://github.com/sponsors/jotaelesalinas)! License and disclaimer ---------------------- [](#license-and-disclaimer) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. The configuration shown in this document makes use of a [publicly available testing LDAP server](http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/). The authors of this package are not linked in any way with it and are not responsible nor liable in any way for anything related to it. ### Health Score 37 — LowBetter than 83% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity40 Moderate usage in the ecosystem Community20 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 95.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~21 days Recently: every ~76 days Total 16 Last Release 1904d ago PHP version history (3 changes)v0.1PHP >=7.0 v0.5PHP ~7.2 v0.6.2PHP ~7.2|^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/94935088e6eab9c315a8a07d49152d0bd4aaab1fb468d6c481408e10c95babc8?d=identicon)[jotaelesalinas](/maintainers/jotaelesalinas) --- Top Contributors [![jotaelesalinas](https://avatars.githubusercontent.com/u/2042875?v=4)](https://github.com/jotaelesalinas "jotaelesalinas (78 commits)")[![LichP](https://avatars.githubusercontent.com/u/430641?v=4)](https://github.com/LichP "LichP (2 commits)")[![celsius1414](https://avatars.githubusercontent.com/u/5712569?v=4)](https://github.com/celsius1414 "celsius1414 (1 commits)")[![gabrielpioto](https://avatars.githubusercontent.com/u/76054805?v=4)](https://github.com/gabrielpioto "gabrielpioto (1 commits)") --- Tags adminlessauthauthenticationdirect-bindinglaravellaravel-adminless-ldapldaploginno-adminlaravelauthSimpleloginldapactive directoryadopenldapadminlessno admin ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/jotaelesalinas-laravel-adminless-ldap-auth/health.svg) ``` [![Health](https://phpackages.com/badges/jotaelesalinas-laravel-adminless-ldap-auth/health.svg)](https://phpackages.com/packages/jotaelesalinas-laravel-adminless-ldap-auth) ``` ### Alternatives [auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[causal/ig_ldap_sso_auth This extension provides LDAP support for TYPO3 by delegating the authentication of frontend and/or backend users to the centrally-managed directory of your organization. It fully supports OpenLDAP and Active Directory and is capable of connecting securely to the authentication server using either TLS or SSL (ldaps://). In case of use in an intranet environment, this extension is a perfect match since it natively brings Single Sign-On (SSO) capability to TYPO3 without any complex configuration. 33377.4k](/packages/causal-ig-ldap-sso-auth)[sroutier/eloquent-ldap A Laravel package that first tries to log the user against the internal database if that fails, it tries against the configured LDAP/AD server. 228.7k1](/packages/sroutier-eloquent-ldap)[mad-web/laravel-social-auth Easy social auth integration with a lot of available providers 516.7k](/packages/mad-web-laravel-social-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)