Comments on: symfony’s sfGuard plugin and LDAP

By: Ashton Honnecke

Ashton Honnecke — Fri, 29 Jan 2010 22:11:41 +0000

I have detailed a solution to this problem, very easily altered to use both or either authentication mechanisms. The big deal is to alter the validator for that signin form because that is where it blows up where there is no user.

http://blog.honnecke.us/2010/01/using-sfdoctrineguardusers-external-authentication/

By: Stefan

Stefan — Mon, 28 Sep 2009 14:55:18 +0000

Any new findings on this one? I’m running into the same problem implementing a Facebook Connect for a Symfony app.

By: ReynierPM

ReynierPM — Wed, 20 May 2009 03:08:43 +0000

Well this is what I’m think too. I have a method in wich I use a LDAP class and check the credentials of a certain user. Then after check if the user is who really he/she said then I want to insert this data in sf_guard table but I don’t know how. Can any help me?

By: Volker

Volker — Tue, 12 May 2009 19:10:59 +0000

I’ve run into a similar problem as ReynierPM and Julien: I can’t validate the LDAP password unless I use a username which is registered in the sfGuard database. The user “admin” exists only if you created it during inital setup of the sfGuard plugin. This is due to the way the validator class of the plugin checks the password: By using an instance of sfGuardUser ( $user = sfGuardUserPeer::retrieveByUsername($username) ). If the user doesn’t exist in the database, he/she cannot be checked for the (ldap) password afterwards.

What I need is a way to have a sfGuard user from the ldap directory. Maybe I can write a custom ::retrieveByUsername() method which initally pulls the requested user out of the ldap directory and inserts it into the sfGuard database? But I get the feeling this is not the way this powerful framework should be used. Does anybody else have an idea about this?

By: Massimiliano Arione

Massimiliano Arione — Mon, 20 Apr 2009 13:40:53 +0000

It’s seems too easy to me, so I think I’m missing something… can’t you simply override checkPassword method in sfGuardUser class? sfGuardUser is an extension of PluginsfGuardUser and it’s the class used by sfGuard (indeed, the use of PluginsfGuardUser class is just meant to be something in the middle between sfGuardUser and BasesfGuardUser to separate plugin’s customizations and developer’s ones).

By: ReynierPM

ReynierPM — Fri, 17 Apr 2009 02:02:42 +0000

Well I follow all the steps and it doesn’t work for me. First I create a file called LDAP.class.php and put this code inside:
class LDAPclass extends sfGuardSecurityUser {
public static function checkLDAPPassword($username, $password)
{
$options = array(‘account_suffix’=>’@uci.cu’,'base_dn’=>’DC=uci,DC=cu’,'domain_controllers’=>array(‘10.0.0.3′,’10.0.0.4′));
$ldap = new adLDAP($options);
$authenticated = $ldap->authenticate($username, $password);
if ($authenticated) {
return true;
} else {
return false;
}
}
}

and my app.yml file look like this:
all:
sf_guard_plugin:
check_password_callable: [LDAP, checkLDAPPassword]

When I put my domain user I get always this error: The username and/or password is invalid.

Can any help me?

By: po5i

po5i — Wed, 04 Feb 2009 19:21:23 +0000

That worked Ben, thanks.

Now I only have to write the LDAP autentication code… since I’m not the ldap admin I have to figure it out.

By: The Codebelay Blog » Installing sfGuardPlugin in symfony 1.1 — A Guide for the Perplexed

Mon, 18 Aug 2008 18:45:28 +0000

[...] If you need to link the sf_guard_user login table to your user account table, this blog post provides a clue. [...]

By: matthew

matthew — Mon, 04 Aug 2008 19:07:51 +0000

Ah great thanks! I haven’t had time to look in detail at 1.1 yet but I’ll give that a try.

By: Ben

Ben — Sun, 03 Aug 2008 18:47:58 +0000

Did you try the following?
$user = sfGuardUserPeer::retrieveByUsername($username);
return $user->checkPasswordByGuard($password);

the new version (for Symfony 1.1) contains the $user object as a third parameter in the callable I believe, so you don’t have to call the retrieveByUsername thus saving one SQL statement.