Attivazione autenticazione LDAP con registrazione utenti in DB

app/Http/Controllers/Auth/LoginController.php

@@ -5,6 +5,7 @@ namespace App\Http\Controllers\Auth;
 use App\Http\Controllers\Controller;
 use App\Providers\RouteServiceProvider;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
+use Illuminate\Http\Request;
 
 class LoginController extends Controller
 {
@@ -37,4 +38,12 @@ class LoginController extends Controller
     {
         $this->middleware('guest')->except('logout');
     }
+    
+    protected function credentials(Request $request)
+    {
+    	return [
+    		'mail' => $request->email,
+    		'password'=>$request->password,
+    		];
+    }
 }

app/Http/Controllers/CategorieController.php

@@ -54,6 +54,6 @@ class CategorieController extends Controller
     public function apiList()
     {
         $categorie=DB::table('categories')->orderBy('cat_name')->get();
-        return json_encode($categorie);
+        return response()->json($categorie);
     }
 }

app/Ldap/Rules/OnlyInGroupUsers.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace App\Ldap\Rules;
+
+use LdapRecord\Laravel\Auth\Rule;
+
+class OnlyInGroupUsers extends Rule
+{
+    /**
+     * Check if the rule passes validation.
+     *
+     * @return bool
+     */
+    public function isValid()
+    {
+        //
+        return $this->user->groups()->exists(
+        env('LDAP_GROUP_ACCESS')
+        );
+    }
+}

app/Ldap/User.php

@@ -0,0 +1,15 @@
+<?php
+
+namespace App\Ldap;
+
+use LdapRecord\Models\Model;
+
+class User extends Model
+{
+    /**
+     * The object classes of the LDAP model.
+     *
+     * @var array
+     */
+    public static $objectClasses = [];
+}

app/Models/User.php

@@ -4,13 +4,16 @@ namespace App\Models;
 
 use Illuminate\Contracts\Auth\MustVerifyEmail;
 use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Foundation\Auth\User as Authenticatable;
+ use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
 use Laravel\Sanctum\HasApiTokens;
+ //use LdapRecord\Laravel\Auth\Authenticatable;
+use LdapRecord\Laravel\Auth\AuthenticatesWithLdap;
+
 
 class User extends Authenticatable
 {
-    use HasApiTokens, HasFactory, Notifiable;
+    use HasApiTokens, HasFactory, Notifiable, AuthenticateswithLdap;
 
     /**
      * The attributes that are mass assignable.
@@ -41,4 +44,14 @@ class User extends Authenticatable
     protected $casts = [
         'email_verified_at' => 'datetime',
     ];
+    
+    public function getLdapDomainColumn()
+    {
+    	return 'domain';
+    }
+    
+    public function getLdapGuidColumn()
+    {
+    	return 'guid';
+    }
 }

composer.json

@@ -12,6 +12,7 @@
 		"barryvdh/laravel-dompdf": "^1.0",
 		"consoletvs/charts": "7.*",
 		"directorytree/ldaprecord": "^2.9",
+		"directorytree/ldaprecord-laravel": "^2.5",
 		"fruitcake/laravel-cors": "^2.0",
 		"guzzlehttp/guzzle": "^7.0.1",
 		"laravel-notification-channels/telegram": "^2.0",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "a4647119c1cdf9d566876ae0272f6a00",
+    "content-hash": "857d84837771f902ec95cd06212b55f5",
     "packages": [
         {
             "name": "barryvdh/laravel-dompdf",
@@ -466,6 +466,70 @@
             ],
             "time": "2022-02-17T18:35:49+00:00"
         },
+        {
+            "name": "directorytree/ldaprecord-laravel",
+            "version": "v2.5.6",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/DirectoryTree/LdapRecord-Laravel.git",
+                "reference": "75ba6b5a981fa1e9f1ad6c2233ea4f73078f8d66"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/DirectoryTree/LdapRecord-Laravel/zipball/75ba6b5a981fa1e9f1ad6c2233ea4f73078f8d66",
+                "reference": "75ba6b5a981fa1e9f1ad6c2233ea4f73078f8d66",
+                "shasum": ""
+            },
+            "require": {
+                "directorytree/ldaprecord": "^2.4.4",
+                "ext-ldap": "*",
+                "illuminate/support": "^5.6|^6.0|^7.0|^8.0|^9.0",
+                "php": ">=7.3",
+                "ramsey/uuid": "*"
+            },
+            "require-dev": {
+                "mockery/mockery": "^1.0",
+                "orchestra/testbench": "^3.7|^4.0|^5.0|^6.0|^7.0",
+                "phpunit/phpunit": "^7.0|^8.0|^9.0",
+                "spatie/ray": "^1.28"
+            },
+            "type": "project",
+            "extra": {
+                "laravel": {
+                    "providers": [
+                        "LdapRecord\\Laravel\\LdapServiceProvider",
+                        "LdapRecord\\Laravel\\LdapAuthServiceProvider"
+                    ]
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "LdapRecord\\Laravel\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "description": "LDAP Authentication & Management for Laravel.",
+            "keywords": [
+                "adldap2",
+                "laravel",
+                "ldap",
+                "ldaprecord"
+            ],
+            "support": {
+                "issues": "https://github.com/DirectoryTree/LdapRecord-Laravel/issues",
+                "source": "https://github.com/DirectoryTree/LdapRecord-Laravel/tree/v2.5.6"
+            },
+            "funding": [
+                {
+                    "url": "https://github.com/stevebauman",
+                    "type": "github"
+                }
+            ],
+            "time": "2022-05-11T13:35:40+00:00"
+        },
         {
             "name": "doctrine/inflector",
             "version": "2.0.4",

config/auth.php

@@ -38,7 +38,7 @@ return [
     'guards' => [
         'web' => [
             'driver' => 'session',
-            'provider' => 'users',
+            'provider' => 'ldap',	//'users',
         ],
     ],
 
@@ -60,9 +60,20 @@ return [
     */
 
     'providers' => [
-        'users' => [
+        'ldap' => [
-            'driver' => 'eloquent',
+            'driver' => 'ldap', //'eloquent',
-            'model' => App\Models\User::class,
+            'model' => LdapRecord\Models\ActiveDirectory\User::class,	//App\Models\User::class,
+            'rules' => [
+            	App\Ldap\Rules\OnlyInGroupUsers::class,
+            	],
+            'database' => [
+            	'model' => App\Models\User::class,
+            	'sync_passwords'=> false,
+            	'sync_attributes' => [
+            		'name' => 'displayname',
+            		'email' => 'mail',
+            		],
+            	],
         ],
 
         // 'users' => [

config/ldap.php

@@ -0,0 +1,73 @@
+<?php
+
+return [
+
+    /*
+    |--------------------------------------------------------------------------
+    | Default LDAP Connection Name
+    |--------------------------------------------------------------------------
+    |
+    | Here you may specify which of the LDAP connections below you wish
+    | to use as your default connection for all LDAP operations. Of
+    | course you may add as many connections you'd like below.
+    |
+    */
+
+    'default' => env('LDAP_CONNECTION', 'default'),
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Connections
+    |--------------------------------------------------------------------------
+    |
+    | Below you may configure each LDAP connection your application requires
+    | access to. Be sure to include a valid base DN - otherwise you may
+    | not receive any results when performing LDAP search operations.
+    |
+    */
+
+    'connections' => [
+
+        'default' => [
+            'hosts' => [env('LDAP_HOST', '127.0.0.1')],
+            'username' => env('LDAP_USERNAME', 'cn=user,dc=local,dc=com'),
+            'password' => env('LDAP_PASSWORD', 'secret'),
+            'port' => env('LDAP_PORT', 389),
+            'base_dn' => env('LDAP_BASE_DN', 'dc=local,dc=com'),
+            'timeout' => env('LDAP_TIMEOUT', 5),
+            'use_ssl' => env('LDAP_SSL', false),
+            'use_tls' => env('LDAP_TLS', false),
+        ],
+
+    ],
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Logging
+    |--------------------------------------------------------------------------
+    |
+    | When LDAP logging is enabled, all LDAP search and authentication
+    | operations are logged using the default application logging
+    | driver. This can assist in debugging issues and more.
+    |
+    */
+
+    'logging' => env('LDAP_LOGGING', true),
+
+    /*
+    |--------------------------------------------------------------------------
+    | LDAP Cache
+    |--------------------------------------------------------------------------
+    |
+    | LDAP caching enables the ability of caching search results using the
+    | query builder. This is great for running expensive operations that
+    | may take many seconds to complete, such as a pagination request.
+    |
+    */
+
+    'cache' => [
+        'enabled' => env('LDAP_CACHE', false),
+        'driver' => env('CACHE_DRIVER', 'file'),
+    ],
+
+];

database/migrations/2014_10_12_000000_create_users_table.php

@@ -16,6 +16,8 @@ class CreateUsersTable extends Migration
         Schema::create('users', function (Blueprint $table) {
             $table->id();
             $table->string('name');
+            $table->string('guid')->unique()->nullable();
+            $table->string('domain');
             $table->string('email')->unique();
             $table->timestamp('email_verified_at')->nullable();
             $table->string('password');