Coding

Laravel LDAP Authentication Tutorial Using Adldap2-Laravel

With todays available packages, harnessing the highly accessible and user-friendly functionality of LDAP authentication with a Laravel application couldn’t be any more streamlined. Follow the steps in this tutorial to get your Laravel app authenticating with windows active directory in around 15 minutes. First and foremost, we are going to utilize a specifically designed PHP … Continued

With todays available packages, harnessing the highly accessible and user-friendly functionality of LDAP authentication with a Laravel application couldn’t be any more streamlined. Follow the steps in this tutorial to get your Laravel app authenticating with windows active directory in around 15 minutes.

First and foremost, we are going to utilize a specifically designed PHP package for this job, it’s named Adldap2-Laravel

Secondly, before we proceed into the step-by-step guide, you are going to need three things as an absolute minimum.

  1. An LDAP server connection hostname
  2. An active account that you can authenticate on the Active Directory with already. ie, your given login user id and password for the directory.
  3. Laravel login system already preconfigured. If you haven’t already, then you can follow a guide I made a while back Setting Up Laravel 5.8 With Authentication & Role Based Access

Prerequisite testing

Let’s take a minute to test that we can make an initial connection to the LDAP server. It makes sense to do this now before installing any packages to ensure the host and account credentials actually work and allow. The information as in being the hostname and the ability to connect and bind to the server.

Execute the following script within any given controller that is set up to a route and view of your choice.

Ensure you replace the YOUR_LDAP_SERVER_IP , YOUR_ACTIVE_DIRECTORY_USERNAME and YOUR_ACTIVE_DIRECTORY_PASSWORD with the relevant information.

PHP

$ldapconn = ldap_connect("YOUR_LDAP_SERVER_IP")
        or die("Could not connect to LDAP server.");

        if ($ldapconn) {

            // binding to ldap server
            $ldapbind = ldap_bind($ldapconn, "YOUR_ACTIVE_DIRECTORY_USERNAME", "YOUR_ACTIVE_DIRECTORY_PASSWORD");

            // verify binding
            if ($ldapbind) {
                echo "LDAP bind successful...";
            } else {
                echo "LDAP bind failed...";
            }

        }

If you hit either of the  ‘Could not connect to LDAP server’ or ‘LDAP bind failed…’ then you will need to contact the LDAP server admin to ensure your details are correct. Without you reaching the ‘LDAP bind successful…’ message, you’re going to be restricted to what you can or cannot do depending on the LDAP server settings. Best get them both working first.

If you’ve got the LDAP bind successful message, then we can move onto the next step, which is installing a pretty handy package named Adldap2-Laravel.

Installing And Configuring Adldap2-Laravel

Time to install the package that will interface with the LDAP authentication server and Laravel’s login system.

Step 1

Run the following command with Composer

composer require adldap2/adldap2-laravel

Step 2

Add or ensure the existence of the following providers in your config/app.php file.

AdldapLaravelAdldapServiceProvider::class,
AdldapLaravelAdldapAuthServiceProvider::class,

And add the following alias to your aliases array too.

'Adldap' => AdldapLaravelFacadesAdldap::class,

Finally, execute the following command

php artisan vendor:publish

Step 3

Now that we’ve run the publish command, 2 new files will now be visible in your config folder: ldap.php and ldap_auth.php

There are quite a few changeable settings in these configuration files, but luckily, we only need to worry about a few of them.

Firstly, we will configure the ldap.php file.

ldap.php

Change 1

On around line 146, edit the ‘hosts’ default value to your LDAP server hostname.

'hosts' => explode(' ', env('LDAP_HOSTS', 'your.ldap.host.com')),

Change 2

On around line 186, we need to edit the ‘base-dn’ to match your LDAP server. Either get this from your LDAP administrator or as a starter split up the hostname where each period is.

Just like the following –

'base_dn' => env('LDAP_BASE_DN', 'DC=your,DC=ldap,DC=host,DC=com'),

Change 3

Next up is the vitally important username and password. On around lines 201 and 202, edit the username and password values to match your own credentials that are authenticated for the active directory your working with.

'username' => env('LDAP_USERNAME', 'YOUR_USERNAME'),
'password' => env('LDAP_PASSWORD', 'YOUR_PASSWORD'),

And that is it for the ldap.php file, let’s move on.

ldap_auth.php

Change 1

Within the ldap_auth.php file, we want to change what values we want to synchronize with the user table. You may need to check this with the active directory admin, but in the version, I’m working with for the purpose of the tutorial, the user’s name is under the ‘displayname’ tag or key.

Therefore, the change to be made is the ‘name’ value to match what is the name tag in the active directory.

The following block of code is on around line 290.

'sync_attributes' => [

        'email' => 'userprincipalname',

        'name' => 'displayname', // Changed from 'cn'

    ],
Step 4

Finally, to connect all the dots in the configuration, we need to tell Laravel to use the Adldap driver.

Find the config/auth.php file, open it and go to the ‘providers’ array.

Change the ‘driver’ value to ‘ldap’ like below

'providers' => [
        'users' => [
            'driver' => 'ldap', // Was 'eloquent'.
            'model' => AppUser::class,
        ],
Step 5

Adldap automatically pulls an Object Guid from the active directory which will be stored in the local users table. Therefore, we need to alter the current users table to hold this new value.

Create a new migration with the following command –

php artisan make:migration add_objectguid_to_users_table --table=users

Adjust the up() method to match the following –

Schema::table('users', function (Blueprint $table) {
            $table->string('objectguid');
});

And also ensure your down() function looks like this

Schema::table('users', function($table) {
     $table->dropColumn('objectguid');
});

Now run the following command

php artisan migrate

And that is it, the new column will be added to your users table, and the package is now configured to interface with your login system.

Using Laravel LDAP Authentication

All that is left to do now is log in to your Laravel application as normal. Go to your login page, enter your Active Directory email and password, and hit the login button.

After successfully logging in, you can check the users table in the database, and you will notice a new record for the account you just logged in with.

Hope this helps!

Previous

Best Ways to Bug Test Your Site

Back to Coding
Next

How Often Should You Be Doing Regression Testing?