我已经安装了FR3LdapBundle&使用Symfony3的FOSUserBundle成功per my blog,我能够对this test LDAP server进行身份验证;但现在我正在尝试对我们的内部MS Active Directory服务器进行身份验证。
以下是配置的更改(我故意配置了配置信息):
fr3d_ldap:
driver:
host: somehostname
port: 389
username: someuser
password: password
accountDomainName: TCADMIN.somedomain.com
accountDomainNameShort: TCADMIN
user:
baseDn: cn=Users,dc=somedomain,dc=com
filter: (&(ObjectClass=Person))
attributes:
- { ldap_attr: samaccountname, user_method: setUsername }
以上是我所做的唯一改变。 在我的DEV日志中,当我登录时,我收到以下重要消息:
[2016-06-08 15:18:34] ldap_driver.DEBUG: {action}({base_dn}, {filter}, {attributes}) {"action":"ldap_search","base_dn":"cn=Users,dc=somedomain,dc=com","filter":"(&(&(ObjectClass=Person))(uid=pet_acad))","attributes":[]} []
[2016-06-08 15:18:34] security.INFO: User {username} {result} on LDAP {"action":"loadUserByUsername","username":"pet_acad","result":"not found"} []
用户" pet_acad"肯定存在,那就是" sAMAccountName"我使用LDAP浏览器时的值。我通常能够以#34; TCADMIN \ pet_acad"这个用户身份登录,这是在Windows主机上。
所以我想知道我是否需要一个特殊的配置?可能启用搜索" sAMAccountName "
答案 0 :(得分:1)
您必须定义哪个LDAP属性包含用户名
DECLARE @users TABLE
(
[ID] INT ,
[GROUP] VARCHAR(8) ,
[USER] VARCHAR(4) ,
[ROLE] VARCHAR(9)
);
INSERT INTO @users
( [ID], [GROUP], [USER], [ROLE] )
VALUES ( 1, 'Taxes', 'DAVE', 'Admin' ),
( 1, 'Taxes', 'JOHN', 'Admin' ),
( 1, 'Taxes', 'BOB', 'PowerUser' ),
( 2, 'Catering', 'RON', 'Admin' ),
( 2, 'Catering', 'JACK', 'PowerUser' ),
( 2, 'Catering', 'JIM', 'PowerUser' );
WITH data ( ID, [GROUP], [ROLE], [MEMBERS] )
AS ( SELECT u.ID ,
u.[GROUP] ,
u.ROLE ,
( SELECT [USER] + ';'
FROM @users AS [u1]
WHERE u.ID = u1.ID AND u.[GROUP] = u1.[GROUP] and u.ROLE = u1.ROLE
FOR
XML PATH('')
)
FROM @users AS [u]
)
SELECT ID ,
[GROUP] ,
[Admin] AS [Admins] ,
[PowerUser] AS [POWERUSERS]
FROM data PIVOT ( MAX(MEMBERS) FOR [ROLE] IN ( [Admin], [PowerUser] ) ) pvt;