LDAP synch with no control on THE LDAP SERVER

Hi guys, I am building an App with Laravel 8 for a company that has all their users authenticated on an LDAP server. I have to synch and try to give different roles to the user. Their Developer sent me the script the he uses to access LDAP users login, the problem is that is not in their control, the server is managed by a third-party business that, due to their contracts does not let my client 100% control over this server. The script I got anyway should carries all the info I need, except the fact that I don't think I will be able to create a table on my DB, so, currently I am concerned about how will I be able to catch some specific users in my App and assign the specific Role....Any suggestions?

LaryAI

2 years ago

Level 58

Since you don't have control over the LDAP server and cannot create a table in your database, you can still synchronize the LDAP users and assign roles to them in your Laravel application. Here's a possible solution:

Install the adldap2/adldap2 package in your Laravel project. This package provides a convenient way to interact with LDAP servers.
Configure the LDAP connection in your Laravel application. You'll need to provide the necessary LDAP server details, such as the host, port, base DN, and credentials. You can do this in the config/ldap.php file or in your .env file.
Create a new command in Laravel that will handle the synchronization process. Run the following command to generate the command file:
```
php artisan make:command SyncLdapUsers
```

Open the generated SyncLdapUsers command file (app/Console/Commands/SyncLdapUsers.php) and update the handle method with the following code:

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use Adldap\Laravel\Facades\Adldap;

class SyncLdapUsers extends Command
{
    protected $signature = 'ldap:sync';

    protected $description = 'Synchronize LDAP users and assign roles';

    public function handle()
    {
        $ldapUsers = Adldap::search()->users()->get();

        foreach ($ldapUsers as $ldapUser) {
            // Get the necessary user information from the LDAP user object
            $username = $ldapUser->getAttribute('samaccountname')[0];
            $email = $ldapUser->getAttribute('mail')[0];
            // ... add more attributes as needed

            // Check if the user already exists in your application's user table
            $user = User::where('email', $email)->first();

            if (!$user) {
                // Create a new user in your application's user table
                $user = User::create([
                    'name' => $username,
                    'email' => $email,
                    // ... add more user attributes as needed
                ]);
            }

            // Assign the specific role to the user
            $user->assignRole('your_specific_role');
        }

        $this->info('LDAP synchronization completed.');
    }
}

Make sure to replace 'your_specific_role' with the actual role you want to assign to the users.

Register the SyncLdapUsers command in the app/Console/Kernel.php file by adding the following line to the commands property:
```
protected $commands = [
    \App\Console\Commands\SyncLdapUsers::class,
];
```
Now, you can run the ldap:sync command to synchronize the LDAP users and assign roles to them:
```
php artisan ldap:sync
```
This command will fetch all the LDAP users, check if they exist in your application's user table, create them if necessary, and assign the specified role to them.

Remember to adjust the code according to your specific LDAP server configuration and user attributes.

2 likes