taijuten's avatar

Authentication with Active Directory

Hi there,

I'm relatively new to Laravel, and unfortunately my first task doesn't allow me to use Laravel's standard authentication.

I've installed the adLDAP package, but I'm not sure where to start regarding authenticating. I have achieve this outside of Laravel, but unsure where to start within Laravel.

My setup will be as follows:

  • Each login request will query against Active Directory.
  • If successful, the user will be signed in with the relevant details from the user table (in other words, the user table is the same as normal, but does not contain or have to deal with passwords)

So, I ask the following questions

  • How would I get Laravel to authenticate a user by telling Laravel that the user has authenticated elsewhere?
  • Presumably, by doing this (authenticating users through normal means, but forcing without password), I could continue using the standard Auth middleware to check user logins and redirect where necessary?
0 likes
3 replies
nate.a.johnson's avatar

I'd write my own auth provider, or use something like this: https://github.com/ccovey/ldap-auth

Your Auth facade would then still work. You could opt to use a User model stored in the database (only authenticated with AD) or create these "models" on the fly based on AD attributes after authentication. The linked library talks about these scenarios.

uwonder's avatar

I have to auth against an external API (not LDAP but similar) and here's what I did:

  • Use https://github.com/Toddish/Verify-L4 because I needed it's roles/permissions capabilities and it was easy to extend
  • Extend that package's ServiceProvider in my own ServiceProvider (make sure you list it in providers array of config/app.php)
 /**
   * Bootstrap the application events.
   * We override the VerifyServiceProvider because we need to inject MyCustomUserProvider
   *
   * @return void
   */
  public function boot()
  {
    $this->package('toddish/verify');

    \Auth::extend('verify', function()
    {
      return new Guard(
        new MyCustomUserProvider(
          new BcryptHasher,
          \Config::get('auth.model')
        ),
        \App::make('session.store')
      );
    });
  }
  • Create MyCustomUserProvider
class MyCustomUserProvider extends VerifyUserProvider
  • So the flowchart of auth is...
    • Userland (usually a controller) calls Auth::attempt($credentials) with username/password
    • Auth/Guard calls MyCustomUserProvider->retrieveByCredentials...
    • retrieveByCredentials checks both MyCustom and DB by username to see if user exists
    • If both exist, sync from MyCustom to DB if necessary
    • If MyCustom exists and DB doesn't, populate a user object with MyCustom attributes (this just populates object, doesn't add to db yet)
    • If DB exists and MyCustom doesn't, do nothing
    • If user not found in either, return false
    • If user IS found in either, call MyCustomUserProvider->validateCredentials
    • If user object has "customid" field, validate against MyCustom (vast majority of users will be internal)
    • If validated in MyCustom, but don't exist in MyCustom yet, add them
    • If no customid, try to validate against DB
    • If either MyCustom/DB validation succeeds, Auth/Guard->login($user) is called

Works for me, probably an easier way.

1 like

Please or to participate in this conversation.