Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

peterpan26's avatar

implementation of adldap

hello i'm trying to implement the following login: "https://www.exchangecore.com/blog/using-ldap-active-directory-authentication-php"

i configured the script to use laravel eloquent on controller. with adserver and ldaprn i created routes for showlogin form and login post(submit) i altered on .env to the app url of the app, and on config.app now when i try to access the root file "/" it says forbidden error code 403 nginx . and for example if i have on root directory a file of php or html it reads, seems to can't enter the app of my laravel and go to / on login


<?php
class LdapAuthController extends Controller
{
    public function ldapLogin(Request $request)
    {
        if ($request->isMethod('post')) {
            // LDAP authentication logic
            if (isset($request->username) && isset($request->password)) {
                $adServer = "ldap://domaincontroller.mydomain.com";
                $ldap = ldap_connect($adServer);
                $username = $request->username;
                $password = $request->password;
                $ldaprdn = 'mydomain' . "\" . $username;
                ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
                ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
                $bind = @ldap_bind($ldap, $ldaprdn, $password);

                if ($bind) {
                    // LDAP authentication successful
                    $filter = "(sAMAccountName=$username)";
                    $result = ldap_search($ldap, "dc=MYDOMAIN,dc=COM", $filter);
                    if ($result) {
                        // Retrieve user's email from LDAP
                        $info = ldap_get_entries($ldap, $result);
                        $email = $info[0]["mail"][0]; // Assuming email is stored in 'mail' attribute

                        // Retrieve user's role from the user_roles table
                        $userRole = UserRole::where('email', $email)->first();

                        // If user role found, assign it to the user
                        if ($userRole) {
                            $role = $userRole->role;
                            // Here you can do something with the user's role, like storing it in a session or a cookie
                            session(['user_role' => $role]);
                        }
                    } else {
                        // Handle the case when ldap_search returns false
                        return back()->with('error', 'LDAP search failed');
                    }

                    @ldap_close($ldap);
                    // Redirect or do something upon successful login
                    return redirect()->route('dashboard');
                } else {
                    // Invalid credentials
                    return back()->with('error', 'Invalid email address / password');
                }
            }
        } else {
            return view('auth.login');
        }
    }
}

i also did change on .env file the name of the real adserver and place it on the above code with all configurations, i changed on config.app 'url' => env('APP_URL', 'http://domaincontroller.mydomain.com and secure protocol to false , created a userRole table to match the login with the email and do inside validation on who ever enters wich pages, on web.php:


    Route::get('/login', function () {
        return view('auth.ldap-login-form');
    })->name('login');
    
    Route::post('/login', [LdapAuthController::class, 'ldapLogin'])->name('login.submit');
    
    Route::group(['namespace' => 'App\Http\Controllers'], function () {
    
        Route::group(['middleware' => ['guest']], function () {
            Route::post('/ldap-login', [LdapAuthController::class, 'ldapLogin'])->name('ldap-login');
        });
    
        Route::group(['middleware' => ['auth']], function () {
            Route::get('/logout', 'LogoutController@logout')->name('logout.logout');
    
    
            // Admin routes
            Route::group(['middleware' => ['checkUserRole:admin']], function () {

and on my config auth.php

 'guards' => [
            'web' => [
                'driver' => 'session',
                'provider' => 'users',
            ],
        ],
    
        /*
        |--------------------------------------------------------------------------
        | User Providers
        |--------------------------------------------------------------------------
        |
        | All authentication drivers have a user provider. This defines how the
        | users are actually retrieved out of your database or other storage
        | mechanisms used by this application to persist your user's data.
        |
        | If you have multiple user tables or models you may configure multiple
        | sources which represent each model / table. These sources may then
        | be assigned to any extra authentication guards you have defined.
        |
        | Supported: "database", "eloquent"
        |
        */
    
        'providers' => [
            'users' => [
                'driver' => 'eloquent',
                'model' => App\Models\UserRole::class,
            ],
    
            // 'users' => [
            //     'driver' => 'database',
            //     'table' => 'users',
            // ],enter code here
        ],

im getting forbidden nginx on trying to access the domain on / when i have for example a home.html page on the root folder of the project i can see it, but if i remove it i get forbidden nginx 403

0 likes
0 replies

Please or to participate in this conversation.