PHPackages kaliop/identitymanagementbundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. kaliop/identitymanagementbundle ActiveLibrary[Authentication & Authorization](/categories/authentication) kaliop/identitymanagementbundle =============================== Kaliop Identity Management Bundle 0.8.1(8y ago)27.3k4[1 issues](https://github.com/kaliop-uk/ezidentitymanagementbundle/issues)GPL-2.0PHPPHP >=5.3.3 Since Feb 21Pushed 5y ago2 watchersCompare [ Source](https://github.com/kaliop-uk/ezidentitymanagementbundle)[ Packagist](https://packagist.org/packages/kaliop/identitymanagementbundle)[ RSS](/packages/kaliop-identitymanagementbundle/feed)WikiDiscussions master Synced today READMEChangelog (6)Dependencies (2)Versions (25)Used By (0) Kaliop Identity Management Bundle ================================= [](#kaliop-identity-management-bundle) An eZ5 bundle designed to cater all your needs for custom user authentication scenarios: - log in user by his IP - log in user using his email instead of login - get user accounts from an LDAP server (including MS Active Directory) - get user accounts from an external service (needs custom code) - allow logging in to the eZ backoffice using the customized symfony login handlers The base idea is that it should be easy to swap/add remote user services without having to learn the intricate details of the Symfony auth component (firewall/authenticator/userprovider/factory). As such, the logic of the 'ldap login handler' from eZP4 is replicated: 1. when the user tries to log in the 1st time, retrieve his/her profile on the remote system, and create a corresponding eZ user on the fly 2. when the user tries to log in after the 1st time, retrieve his/her profile on the remote system, and update the corresponding eZ user if needed Some nice bits are still missing, but the bundle should be sufficient to get started with simple LDAP integrations. Contributions are welcome :-) Allow Log In By Email --------------------- [](#allow-log-in-by-email) - This happens without the need to save the user email in the 'login field' - To activate it: enable the following parameters in parameters.yml: ``` parameters: # take over the default user provider - to log him in other ways than login field ezpublish.security.user_provider.class: Kaliop\IdentityManagementBundle\Security\User\Provider\EmailUser # take over the auth provider as well, in accord security.authentication.provider.dao.class: Kaliop\IdentityManagementBundle\Security\Authentication\Provider\RepositoryAuthenticationProvider ``` Allow Log In By IP ------------------ [](#allow-log-in-by-ip) - This is implemented via a custom firewall named *ip\_login* in the *firewalls* section of security.yml. The firewall depends on a separate service for the mapping IP => user account name - To activate it: ... Log In By Remote Services (LDAP/Active Directory or other) ---------------------------------------------------------- [](#log-in-by-remote-services-ldapactive-directory-or-other) - Support for LDAP is built-in, and needs some config and minimal php code - For other custom external services you wll need to write more php code - This is implemented via a custom firewall named *remoteuser\_login* in the *firewalls* section of security.yml - The firewall depends on two additional services for: - communicating to the remote webservice - creating an instance of (a subclass of) Kaliop\\IdentityManagementBundle\\Security\\User\\RemoteUser when user logs in - mapping that instance into eZPubish users (creating/updating them on the fly at login time) ### Getting started: integrating an LDAP directory [](#getting-started-integrating-an-ldap-directory) 1. configure the connection to the ldap server, eg: ``` services: # The ldap client config my.ldap: class: Symfony\Component\Ldap\LdapClient arguments: - ldap.server.com - 636 - 3 - true ``` 2. configure the retrieval of user account information from the ldap server, eg: ``` # The service used to communicate with the LDAP server my.ldap_auth.client: class: Kaliop\IdentityManagementBundle\Adapter\LDAP\Client arguments: # NB: here you can pass in either one ldap client, or an array of clients, to achieve high-availability - "@my.ldap" - # the credentials used to serach the ldap search_dn: Lookup.Service@domain.com search_password: abcdefg # the filter used to look up the user account base_dn: dc=domain,dc=com, filter: "(sAMAccountName={username})" # The ldap attributes to retrieve to build the user profile. # NB: by default, when the value of any of these changes, the ez user account is updated attributes: - displayname - mail - telephonenumber - memberof - thumbnailphoto - title # The name of the ldap attribute used to hold the user email email_attribute: mail # The name of attribute used to log-in to ldap and validate the password ldap_login_attribute: mail calls: - [ setLogger, [ @?logger ] ] ``` 3. create a handler class, which converts the RemoteUser into eZ users. Subclass Kaliop\\IdentityManagementBundle\\Security\\User\\RemoteUserHandler, implement `setFieldValuesFromProfile` and `getGroupsFromProfile` 4. declare it as a service, eg: ``` # The service which creates repo users out of ldap users my.ldap_auth.remoteuser_handler: class: My\LdapAuthBundle\Adapter\LDAP\RemoteUserHandler arguments: - "@my.ldap_auth.client" - "@ezpublish.api.repository" - user_contenttype: user default_content_language: eng-GB group_mapping: "CN=LTD_Intranet_Administrator": 12 "CN=LTD_Intranet_CorpContentManager": 13 ``` 5. tie your new service to the RemoteUser class returned by the ldap client: ``` parameters: kaliop_identity.remoteuser_service_map: Kaliop\IdentityManagementBundle\Adapter\LDAP\RemoteUser: my.ldap_auth.remoteuser_handler ``` 6. set up a firewall definition which activates the whole thing: in security.yml: ``` ezpublish_front: pattern: ^/ anonymous: ~ # Allow users to log in via LDAP. # The name HAS TO BE 'remoteuser_login' remoteuser_login: # the service used to connect to the LDAP server client: my.ldap_auth.client form_login: require_previous_session: false logout: ~ ``` ### Allowing remote-service login to the Legacy Admin interface [](#allowing-remote-service-login-to-the-legacy-admin-interface) 1. enable the identitymangementextension extension (bundled in this bundle) 2. if you have renamed the firewall in security.yml to anything but ezpublish\_front, set up identitymanagement.ini.append.php 3. clear caches, test, done! ### Advanced usage [](#advanced-usage) ### Creating a remote-user-provider service for non-ldap services [](#creating-a-remote-user-provider-service-for-non-ldap-services) 1. create a subclass of Kaliop\\IdentityManagementBundle\\Security\\User\\RemoteUser 2. create a client class, implementing ClientInterface (take a look at Kaliop\\IdentityManagementBundle\\Adapter\\LDAP\\Client as an example) 3. declare the new class as a service 4. put the service id in a *remoteuser\_login* in the firewall section of security.yml 5. create a handler class, which converts the RemoteUser into eZ users, implementing RemoteUserHandlerInterface (probably subclassing Kaliop\\IdentityManagementBundle\\Security\\User\\RemoteUserHandler is a good idea) 6. declare it as a service 7. add it the the handler map in the parameter `kaliop_identity.remoteuser_service_map` The logical flow is the following: - when a site visitor tries to log in, the client will query the remote system, and, if login is ok, build and return a remoteUser object from the data it gets - immediately afterwards, the handler takes care of matching the remoteUser with an eZuser account, updating/creating it if needed [![License](https://camo.githubusercontent.com/8249f143607b9ad3063e6dacf6b1392a8e92d64793f8cd9c722733b365c8cdf0/68747470733a2f2f706f7365722e707567782e6f72672f6b616c696f702f6964656e746974796d616e6167656d656e7462756e646c652f6c6963656e7365)](https://packagist.org/packages/kaliop/identitymanagementbundle)[![Latest Stable Version](https://camo.githubusercontent.com/1075d35d5bb389b07d516370166ae55a1afc55344ee0492fdc73b5ef97c64506/68747470733a2f2f706f7365722e707567782e6f72672f6b616c696f702f6964656e746974796d616e6167656d656e7462756e646c652f762f737461626c65)](https://packagist.org/packages/kaliop/identitymanagementbundle)[![Total Downloads](https://camo.githubusercontent.com/3cc8b49c4820ad5ebfc35dcf3bb8c120bc3196162882030a1f67529cdacc5beb/68747470733a2f2f706f7365722e707567782e6f72672f6b616c696f702f6964656e746974796d616e6167656d656e7462756e646c652f646f776e6c6f616473)](https://packagist.org/packages/kaliop/identitymanagementbundle) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/a5b611b55aa4ba7ab8a43d6bb75612fade27f2fca9f4b24ed4f5501ef6e743e0/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f6b616c696f702d756b2f657a6964656e746974796d616e6167656d656e7462756e646c652f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/kaliop-uk/ezidentitymanagementbundle/?branch=master)[![SensioLabsInsight](https://camo.githubusercontent.com/5f7007db87627fcfbe609459648c86ddca09c7042681977111f903c671146a3e/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f64656230373838652d643366352d343766322d613836662d3231613939303131663830332f6d696e692e706e67)](https://insight.sensiolabs.com/projects/deb0788e-d3f5-47f2-a86f-21a99011f803) ### Health Score 28 — LowBetter than 52% of packages Maintenance10 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community10 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~39 days Recently: every ~59 days Total 23 Last Release 2928d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f641f7d6edabf83c56f6c4998b04e6c59a00b46bf51ca6699c31b09f9c948677?d=identicon)[gggeek](/maintainers/gggeek) --- Top Contributors [![gggeek](https://avatars.githubusercontent.com/u/308634?v=4)](https://github.com/gggeek "gggeek (1 commits)") --- Tags authenticationezplatformezpublishldap ### Embed Badge ![Health badge](/badges/kaliop-identitymanagementbundle/health.svg) ``` [![Health](https://phpackages.com/badges/kaliop-identitymanagementbundle/health.svg)](https://phpackages.com/packages/kaliop-identitymanagementbundle) ``` ### Alternatives [friendsofsymfony/oauth-server-bundle Symfony2 OAuth Server Bundle 1.1k15.3M135](/packages/friendsofsymfony-oauth-server-bundle)[christian-riesen/otp One Time Passwords, hotp and totp according to RFC4226 and RFC6238 885.4M6](/packages/christian-riesen-otp)[dolondro/google-authenticator Code to authenticate against the Google Authenticator app 113482.4k](/packages/dolondro-google-authenticator)[nucleos/user-bundle Lightweight user management for symfony 61396.3k7](/packages/nucleos-user-bundle)[enygma/gauth PHP library to generate codes compatible with the Google Authenticator clients 75130.9k1](/packages/enygma-gauth)[oat-sa/tao-core TAO core extension 66140.1k108](/packages/oat-sa-tao-core) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)