LDAP /issues/543

Author: SMEWebify

.env.example

@@ -53,3 +53,16 @@ MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
 # Enables or disables VAT number validation through the VIES service.
 # Set to 'true' to enable validation, or 'false' to disable it.
 VAT_VALIDATION_ENABLED=false
+
+# Use 'web' as the primary authentication driver for Laravel. Aslo use ldap for the secondary driver.
+# This means that the application will use the LDAP server to handle user authentication.
+AUTH_DRIVER=web
+LDAP_HOST=ldap.example.com
+LDAP_USERNAME="cn=admin,dc=example,dc=com"
+LDAP_PASSWORD=supersecretpassword
+LDAP_PORT=636
+LDAP_BASE_DN="dc=example,dc=com"
+LDAP_TIMEOUT=10
+LDAP_SSL=true
+LDAP_TLS=false
+LDAP_SASL=false

app/Console/Commands/ImportLdapUsers.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use LdapRecord\Models\ActiveDirectory\User as LdapUser;
+use App\Models\User;
+
+class ImportLdapUsers extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'ldap:import-users';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Import LDAP users into Laravel database';
+
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     */
+    public function handle()
+    {
+        // Retrieve all LDAP users
+        $ldapUsers = LdapUser::get();
+
+        foreach ($ldapUsers as $ldapUser) {
+            // Check if the user already exists in the database
+            $user = User::where('email', $ldapUser->getEmail())->first();
+
+            if (!$user) {
+                // Create the user in Laravel if it does not exist
+                User::create([
+                    'name' => $ldapUser->getFirstName(),
+                    'email' => $ldapUser->getEmail(),
+                    'password' => bcrypt('password'), // Generate a temporary password
+                ]);
+
+                $this->info("User {$ldapUser->getFirstName()} imported successfully.");
+            }
+        }
+
+        $this->info('Import completed.');
+    }
+}

app/Http/Controllers/Auth/LoginController.php

@@ -2,8 +2,10 @@
 
 namespace App\Http\Controllers\Auth;
 
+use App\Models\User;
 use Illuminate\Http\Request;
 use App\Http\Controllers\Controller;
+use Illuminate\Support\Facades\Auth;
 use App\Providers\RouteServiceProvider;
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 
@@ -29,6 +31,8 @@ class LoginController extends Controller
      */
     protected $redirectTo = RouteServiceProvider::HOME;
 
+
+
     /**
      * Create a new controller instance.
      *
@@ -50,4 +54,50 @@ protected function authenticated(Request $request, $user)
                 $this->redirectTo = RouteServiceProvider::HOME;
         }
     }
+
+    public function login(Request $request)
+    {
+        $this->validateLogin($request);
+
+        // Vérifie si le driver est LDAP
+        if (env('AUTH_DRIVER') === 'ldap') {
+            // Authentification via LDAP
+            $username = $request->input('username');
+            $password = $request->input('password');
+
+            // Tentative de connexion via LDAP
+            if (Auth::guard('ldap')->attempt(['username' => $username, 'password' => $password])) {
+                return $this->sendLoginResponse($request);
+            }
+
+            // Si l'authentification échoue
+            return $this->sendFailedLoginResponse($request);
+        } else {
+            // Authentification via email
+            $credentials = $request->only('email', 'password');
+
+            if (Auth::attempt($credentials, $request->filled('remember'))) {
+                return $this->sendLoginResponse($request);
+            }
+
+            // Si l'authentification échoue
+            return $this->sendFailedLoginResponse($request);
+        }
+    }
+
+    protected function validateLogin(Request $request)
+    {
+        // Valider les champs selon le driver utilisé
+        if (env('AUTH_DRIVER') === 'ldap') {
+            $request->validate([
+                'username' => 'required|string',
+                'password' => 'required|string',
+            ]);
+        } else {
+            $request->validate([
+                'email' => 'required|string|email',
+                'password' => 'required|string',
+            ]);
+        }
+    }
 }

composer.json

@@ -18,6 +18,7 @@
         "php": "^8.1.0",
         "ext-zip": "*",
         "barryvdh/laravel-dompdf": "2.0.1",
+        "directorytree/ldaprecord-laravel": "^3.3",
         "doctrine/dbal": "^3.8",
         "dragonbe/vies": "^2.3",
         "fruitcake/php-cors": "^1.2",

composer.lock

@@ -14,7 +14,7 @@
     */
 
     'defaults' => [
-        'guard' => 'web',
+        'guard' => env('AUTH_DRIVER', 'web'),
         'passwords' => 'users',
     ],
 
@@ -40,7 +40,10 @@
             'driver' => 'session',
             'provider' => 'users',
         ],
-
+        'ldap' => [
+            'driver' => 'session',
+            'provider' => 'ldap',
+        ],
         'api' => [
             'driver' => 'token',
             'provider' => 'users',
@@ -70,7 +73,10 @@
             'driver' => 'eloquent',
             'model' => App\Models\User::class,
         ],
-
+        'ldap' => [
+            'driver' => 'ldap',
+            'model' => LdapRecord\Models\ActiveDirectory\User::class,
+        ],
         // 'users' => [
         //     'driver' => 'database',
         //     'table' => 'users',