Attivazione autenticazione LDAP con registrazione utenti in DB

2022-07-07 12:22:19 +02:00
parent 9c65d864c9
commit 9bfb9a1903
11 changed files with 218 additions and 9 deletions
--- a/config/auth.php
+++ b/config/auth.php
@@ -38,7 +38,7 @@ return [
    'guards' => [
        'web' => [
            'driver' => 'session',
-            'provider' => 'users',
+            'provider' => 'ldap',	//'users',
        ],
    ],

@@ -60,9 +60,20 @@ return [
    */

    'providers' => [
-        'users' => [
-            'driver' => 'eloquent',
-            'model' => App\Models\User::class,
+        'ldap' => [
+            'driver' => 'ldap', //'eloquent',
+            'model' => LdapRecord\Models\ActiveDirectory\User::class,	//App\Models\User::class,
+            'rules' => [
+            	App\Ldap\Rules\OnlyInGroupUsers::class,
+            	],
+            'database' => [
+            	'model' => App\Models\User::class,
+            	'sync_passwords'=> false,
+            	'sync_attributes' => [
+            		'name' => 'displayname',
+            		'email' => 'mail',
+            		],
+            	],
        ],

        // 'users' => [
--- a/config/ldap.php
+++ b/config/ldap.php
@@ -0,0 +1,73 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default LDAP Connection Name
+    |--------------------------------------------------------------------------
+    |
+    | Here you may specify which of the LDAP connections below you wish
+    | to use as your default connection for all LDAP operations. Of
+    | course you may add as many connections you'd like below.
+    |
+    */
+
+    'default' => env('LDAP_CONNECTION', 'default'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Connections
+    |--------------------------------------------------------------------------
+    |
+    | Below you may configure each LDAP connection your application requires
+    | access to. Be sure to include a valid base DN - otherwise you may
+    | not receive any results when performing LDAP search operations.
+    |
+    */
+
+    'connections' => [
+
+        'default' => [
+            'hosts' => [env('LDAP_HOST', '127.0.0.1')],
+            'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
+            'password' => env('LDAP_PASSWORD', 'secret'),
+            'port' => env('LDAP_PORT', 389),
+            'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
+            'timeout' => env('LDAP_TIMEOUT', 5),
+            'use_ssl' => env('LDAP_SSL', false),
+            'use_tls' => env('LDAP_TLS', false),
+        ],
+
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Logging
+    |--------------------------------------------------------------------------
+    |
+    | When LDAP logging is enabled, all LDAP search and authentication
+    | operations are logged using the default application logging
+    | driver. This can assist in debugging issues and more.
+    |
+    */
+
+    'logging' => env('LDAP_LOGGING', true),
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Cache
+    |--------------------------------------------------------------------------
+    |
+    | LDAP caching enables the ability of caching search results using the
+    | query builder. This is great for running expensive operations that
+    | may take many seconds to complete, such as a pagination request.
+    |
+    */
+
+    'cache' => [
+        'enabled' => env('LDAP_CACHE', false),
+        'driver' => env('CACHE_DRIVER', 'file'),
+    ],
+
+];