Home » CakePHP » Ldap authentication in CakePHP

It’s been over a year since I wrote the first version of the CakePHP LdapAuth & Ldap Datasource. What I’ve learned over the last year is that a simple component & datasource is not enough and it should really be a full plugin. So I started working on Idbroker. The new plugin offers the following

* A ldap Datasource that bad been tested with Iplanet, Netscape Directory Server, OpenLDAP & Active Directory

* A revised Ldap Auth component that works with CakePHP 1.3

* A simple application (Which is still in development) that uses both and will give great examples of how to use.

Using this plugin you can get Ldap authentication in CakePHP.

To get started place a copy of the plugin in your plugins directory. Simplest way is to clone it from github

git clone https://github.com/analogrithems/idbroker

Auth LDAP

To make use of the LDAPAuth,

1) Add the following to either the controller you want to add LDAPAuth to or to app_controller to give all our controllers LDAPAuth

var $components = array( 'Idbroker.LDAPAcl'=>array('groupType'=>'group'), 'Idbroker.LDAPAuth');

For the groupType, this really has to do with how your LDAP group objectClass is. For active directory your groupType will be ‘group’ for most other LDAP v# implementations it will be either posixGroup (If the group stores membership info as memberUid=jdoe) or groupOfNames( if your group stores membership info as uniquemember=cn=jdoe,ou=people,dc=example,dc=com). If not set, it defaults to groupOfNames. If you are using Active Directory, set this to ‘group’

2) Add the LDAP settings to your /APP/config/database.php
Now we need to get the LDAP settings plugged into the database.php file. This hasn’t changed much since the last version.

<?php
class DATABASE_CONFIG {
	var $ldap = array (
			'datasource' => 'Idbroker.Ldap',
			'host' => 'ldap.example.com',
			'port' => 389,
			'basedn' => 'DC=example,DC=com',
			'login' => 'CN=authservice,CN=Users,DC=example,DC=com',     //For Proxy Userdn Active Directory and sometimes iPlanet require this
			'password' => 'superSecretPassword',  //For Proxy UserDN password
			'database' => '',
			'tls'      => false, //If you are using TLS encryption set to true.
			'type' => 'ActiveDirectory', //Available types are 'OpenLDAP', 'ActiveDirectory', 'Netscape'
			'version' => 3
	);
}
?>

3) The last step is to setup the LDAP settings. Create a file called /APP/config/ldap.php with the following. See comments for explanation of vars

<?php
/**
 * LDAP Settings
 *
 */
	$config['LDAP']['Db']['Config'] = 'ldap'; //What ever the config was called in the database.php file, defaults to ldap if not specified
	$config['LDAP']['User']['Identifier'] = 'samAccountName'; //The LDAP attribute that holds the username, defaults to uid, use samaccountname for AD
	$config['LDAP']['LdapAuth']['Model'] = 'Idbroker.LdapAuth'; //The model to use for the LDAPAuth Component, Should probably just set it to 'Idbroker.LdapAuth for must users
	$config['LDAP']['LdapACL']['Model'] = 'Idbroker.LdapAcl';  //The model to use for the developing LDAPAcl don't change unless you know what your doing
	$config['LDAP']['LdapACL']['groupType'] = 'group'; //group type refers to the group objectclass your ldap server uses.  can also be overwriten in the components array
?>

add the following to the bottom of /APP/config/core.php

//Ldap Config
Configure::load('ldap');

4 thoughts on “Ldap authentication in CakePHP

  1. nobbiew says:

    Dear analogrithems.

    I´am very interrested in your plugin, but I´ve got some problems. It seems, your tutorial has some mistakes. For loading the component I think I´ve to use:

    var $components = array( ‘Idbroker.LdapAcl’=>array(‘groupType’=>’group’), ‘Idbroker.LdapAuth’);

    But then there come´s the exception:

    Error: The component file was not found.

    Error: Create the class LdapAclComponent in file: caketest/controllers/components/ldap_acl.php

    In your plugin there is no file ldap_acl.php

    • analogrithems says:

      Read the tutorial again it is LDAPAcl and LDAPAuth look in APP/plugins/idbroker/controllers/components

      [root@help APP]# ls -l plugins/idbroker/controllers/components/
      -rw-r–r– 1 apache apache 5881 Jun 28 15:00 l_d_a_p_acl.php
      -rw-r–r– 1 root root 12375 Jun 27 22:40 l_d_a_p_auth.php

      What I posted in the tutorial was actually from my own controller.

  2. Yooku says:

    Hi,

    Thanks for the great work put into this post.

    i am getting this set of errors and i dont understand them. can you help me out?

    Warning (2): ldap_count_entries() expects parameter 2 to be resource, boolean given [APP\models\datasources\ldap_source.php, line 573]

    Notice (8): Undefined variable: schema_entries [APP\models\datasources\ldap_source.php, line 598]

    Notice (8): Undefined variable: return [APP\models\datasources\ldap_source.php, line 702]

    Warning (2): ksort() expects parameter 1 to be array, null given [APP\models\datasources\ldap_source.php, line 1216]

Leave a Reply

Your email address will not be published. Required fields are marked *

</Random> is Stephen Fry proof thanks to caching by WP Super Cache