Authenticate users through LDAP


#22

Looked around some more.
It seems that Pimcore doesn’t even try to check user information via ldap.

I did exactly what is stated in this readme

Do I have to do something else for it to work?


#23

Hello,
Did you activate the bundle from Pimcore’s extensions page?
Which version of PimCore are you using?
If you want to test it you can just login with a non-existing user in PimCore who match your LDAP configured query and who doesn’t match your exclude riles (is configured). In this case a new user should be created and you should be logged in.

I planned to add some tests to this bundle but I didn’t find time for it yet.
If you want to add some tests you can submit a pull request and I’ll be happy to merge it!


#24

Hello,

yes it is activated

I am using Pimcore version 5.1.1

I just tried the following:
I logged in via a local administrator account, deleted my own user.
Then tried to login with my user, that is configured in our active directory.
Unfortunately it didn’t help.

My idea was that the configuration in the config.yml or services.yml might be wrong.
Some example data would help.

What I can see are the following entries in a logfile under pimcore\var\log

prod.log

[2018-11-28 10:51:19] php.CRITICAL: Fatal Error: Class ‘Pimcore\Model\DataObject\User’ not found {“exception”:"[object] (Symfony\Component\Debug\Exception\FatalErrorException(code: 0): Error: Class ‘Pimcore\Model\DataObject\User’ not found at /opt/ProDaS/src/AppBundle/Model/DataObject/User.php:12)"} []
[2018-11-28 10:51:19] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Debug\Exception\ClassNotFoundException: “Attempted to load class “User” from namespace “Pimcore\Model\DataObject”. Did you forget a “use” statement for e.g. “Hybrid_User”, “Symfony\Component\Security\Core\User\User”, “Symfony\Bridge\Doctrine\Tests\Fixtures\User”, “Sabre\CalDAV\Principal\User”, “Pimcore\Model\DataObject\ClassDefinition\Data\User”, “Pimcore\Model\User” or “Pimcore\Bundle\AdminBundle\Security\User\User”?” at /opt/ProDaS/src/AppBundle/Model/DataObject/User.php line 12 {“exception”:"[object] (Symfony\Component\Debug\Exception\ClassNotFoundException(code: 0): Attempted to load class “User” from namespace “Pimcore\Model\DataObject”.\nDid you forget a “use” statement for e.g. “Hybrid_User”, “Symfony\Component\Security\Core\User\User”, “Symfony\Bridge\Doctrine\Tests\Fixtures\User”, “Sabre\CalDAV\Principal\User”, “Pimcore\Model\DataObject\ClassDefinition\Data\User”, “Pimcore\Model\User” or “Pimcore\Bundle\AdminBundle\Security\User\User”? at /opt/ProDaS/src/AppBundle/Model/DataObject/User.php:12)"} []

Is there nothing I have to add to the default login form?


#25

Hello,
It seems that the log you posted doesn’t contain any error from the LDAP Bundle.
About the configuration the example from the README is the minimum required configuration.
If your LDAP server requires authentication to browse user informations (I guess so) you should configure the ‘search_dn’ and ‘search_password’ options specifying LDAP’s user and password to use to read data from your active directory.

If you want to make one more test you can try querying your LDAP using any LDAP browser passing the configured ‘base_dn’ as base dn and the filter according to your configuration.
The default filter is (sAMAccountName={username}) where ‘{username}’ the username you are logging in with.

Hope this helps!

If not, did you try if the LDAP bundle is working on a clean installation?


#26

Hello,

okay thought this log might help.
I filled in my own user as search_dn and my passwort but I was not able to login.

I’ll test an ldap query next and will answer again, when I have results.

I never tested it on a clean installation, but this might be another step


#27

Hello again,

via the ldapsearch command it worked fine.

I entered the following.

ldapsearch -b “<base_dn>” -D “<my_user_cn>” -h -W sAMAccountName=<my_username>

I entered the same data in config.yml.

So I guess testing with a clean pimcore installation is the next step…this will take some time


#28

Another Idea, before I have to start from zero again.

Isn’t it possible to check, if the ldap query is sent? And how the query looks?


#29

Hi,
I just made a new commit which (on top of other things) adds a bunch of logs.
You can try it installing the dev-master version with the command composer require alep/ldap-bundle dev-master.
If you run PimCore in DEBUG mode you should find alep.ldap log entries that will show you what’s going on.

Hope this helps!


#30

Hi,

thank you very much!
Unfortunately I get the following errors when trying to install it:

Blockquote
Problem 1
- pimcore/pimcore v5.5.4 requires colinmollenhour/credis ^1.10.0 -> satisfiable by colinmollenhour/credis[1.10.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.5.3 requires colinmollenhour/credis ^1.10.0 -> satisfiable by colinmollenhour/credis[1.10.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.5.2 requires colinmollenhour/credis ^1.10.0 -> satisfiable by colinmollenhour/credis[1.10.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.5.1 requires colinmollenhour/credis ^1.10.0 -> satisfiable by colinmollenhour/credis[1.10.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.5.0 requires colinmollenhour/credis ^1.10.0 -> satisfiable by colinmollenhour/credis[1.10.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.4.4 requires doctrine/annotations ^1.6.0 -> satisfiable by doctrine/annotations[1.6.x-dev, 1.7.x-dev, v1.6.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.4.3 requires doctrine/annotations ^1.6.0 -> satisfiable by doctrine/annotations[1.6.x-dev, 1.7.x-dev, v1.6.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.4.2 requires google/apiclient ^2.0 -> satisfiable by google/apiclient[2.x-dev, v2.0.0, v2.0.0-RC1, v2.0.0-RC2, v2.0.0-RC3, v2.0.0-RC4, v2.0.0-RC5, v2.0.0-RC6, v2.0.0-RC7, v2.0.0-RC8, v2.0.1, v2.0.2, v2.0.3, v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.2.0, v2.2.1, v2.2.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.4.1 requires google/apiclient ^2.0 -> satisfiable by google/apiclient[2.x-dev, v2.0.0, v2.0.0-RC1, v2.0.0-RC2, v2.0.0-RC3, v2.0.0-RC4, v2.0.0-RC5, v2.0.0-RC6, v2.0.0-RC7, v2.0.0-RC8, v2.0.1, v2.0.2, v2.0.3, v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.2.0, v2.2.1, v2.2.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.4.0 requires google/apiclient ^2.0 -> satisfiable by google/apiclient[2.x-dev, v2.0.0, v2.0.0-RC1, v2.0.0-RC2, v2.0.0-RC3, v2.0.0-RC4, v2.0.0-RC5, v2.0.0-RC6, v2.0.0-RC7, v2.0.0-RC8, v2.0.1, v2.0.2, v2.0.3, v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.2.0, v2.2.1, v2.2.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.3.1 requires google/apiclient ^2.0 -> satisfiable by google/apiclient[2.x-dev, v2.0.0, v2.0.0-RC1, v2.0.0-RC2, v2.0.0-RC3, v2.0.0-RC4, v2.0.0-RC5, v2.0.0-RC6, v2.0.0-RC7, v2.0.0-RC8, v2.0.1, v2.0.2, v2.0.3, v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.2.0, v2.2.1, v2.2.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.3.0 requires google/apiclient ^2.0 -> satisfiable by google/apiclient[2.x-dev, v2.0.0, v2.0.0-RC1, v2.0.0-RC2, v2.0.0-RC3, v2.0.0-RC4, v2.0.0-RC5, v2.0.0-RC6, v2.0.0-RC7, v2.0.0-RC8, v2.0.1, v2.0.2, v2.0.3, v2.1.0, v2.1.1, v2.1.2, v2.1.3, v2.2.0, v2.2.1, v2.2.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.2.3 requires pimcore/core-version v5.2.3 -> satisfiable by pimcore/core-version[v5.2.3] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.2.2 requires pimcore/core-version v5.2.2 -> satisfiable by pimcore/core-version[v5.2.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.2.1 requires pimcore/core-version v5.2.1 -> satisfiable by pimcore/core-version[v5.2.1] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.2.0 requires pimcore/core-version v5.2.0 -> satisfiable by pimcore/core-version[v5.2.0] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.1.3 requires pimcore/core-version v5.1.3 -> satisfiable by pimcore/core-version[v5.1.3] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.1.2 requires pimcore/core-version v5.1.2 -> satisfiable by pimcore/core-version[v5.1.2] but these conflict with your requirements or minimum-stability.
- pimcore/pimcore v5.1.0 requires pimcore/core-version v5.1.0 -> satisfiable by pimcore/core-version[v5.1.0] but these conflict with your requirements or minimum-stability.
- Installation request for pimcore/pimcore No version set (parsed as 1.0.0) -> satisfiable by pimcore/pimcore[No version set (parsed as 1.0.0)].
- alep/ldap-bundle dev-master requires pimcore/pimcore >=5.1.0 -> satisfiable by pimcore/pimcore[v5.1.0, v5.1.1, v5.1.2, v5.1.3, v5.2.0, v5.2.1, v5.2.2, v5.2.3, v5.3.0, v5.3.1, v5.4.0, v5.4.1, v5.4.2, v5.4.3, v5.4.4, v5.5.0, v5.5.1, v5.5.2, v5.5.3, v5.5.4].
- Can only install one of: pimcore/pimcore[v5.1.1, No version set (parsed as 1.0.0)].
- Installation request for alep/ldap-bundle dev-master -> satisfiable by alep/ldap-bundle[dev-master].


#31

Hi,
It sounds you have some problems with your composer.json but it’s hard to say what it is.
I guess that if you run composer update (or composer install) without the ldap bundle you’ll have the same error right?
To install dev-master version of the bundle you need to set composer’s minimum-stability to dev.

I would suggest you to try it on a clean project.


#32

Hi,

I just changed the minimum-stability to dev via the command:
composer global config minimum-stability dev

Strangely the same error occurs.