Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mapping roles doesn't work #47

Open
AW-HTK opened this issue May 10, 2018 · 1 comment
Open

Mapping roles doesn't work #47

AW-HTK opened this issue May 10, 2018 · 1 comment

Comments

@AW-HTK
Copy link

AW-HTK commented May 10, 2018
edited
Loading

Hello,
im using SF 3.4 with ldaptools-bundle.
all woks fin except the role mapping and this' my config:
`
ldap_tools:

domains:
    ad.home.fr:
        domain_name: ad.home.fr
        base_dn: 'dc=ad,dc=home,dc=fr'
        username: 'cn=admin,dc=ad,dc=home,dc=fr'
        password: "mypass"
        servers: [ad.home.fr]
        bind_format: 'uid=%%username%%,ou=Users,dc=ad,dc=home,dc=fr'
        ldap_type: openldap
security:
    roles:
        # Using the common group name
        SUPER_ADMIN: [ 'Domain Admins' ]
        # Using the distinguished name of the group
        ROLE_USER: 'cn=Clients,ou=Groups,dc=ad,dc=home,dc=fr'
        ROLE_ADMIN: 'cn=Tech,ou=Groups,dc=ad,dc=home,dc=fr'

`
and security

`

security:

hide_user_not_found: false

encoders:

    LdapTools\Bundle\LdapToolsBundle\Security\User\LdapUser: plaintext

providers:

    ldap:
        id: ldap_tools.security.user.ldap_user_provider

firewalls:
    # disables authentication for assets and the profiler, adapt it according to your needs
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    main:
        anonymous: ~
        provider: ldap
        pattern: ^/
        logout: ~
        guard:

            authenticators:
                - ldap_tools.security.ldap_guard_authenticator

    login:
        pattern: ^/login$
        anonymous: ~

access_control:
    - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, roles: ROLE_USER }

`

in my openldap i have:

2 Groups: ou=Groups,dc=ad,dc=home,dc=fr

  • cn=Tech,ou=Groups,dc=ad,dc=home,dc=fr ==> gidnumber : 1001
  • cn=Clients,ou=Groups,dc=ad,dc=home,dc=fr ==> gidnumber : 1002

2 Users: ou=Users,dc=ad,dc=home,dc=fr

  • uid=user1,ou=Users,dc=ad,dc=home,dc=fr
  • uid=user2,ou=Users,dc=ad,dc=home,dc=fr
    each user have a gidNumber
  • user1 => gidNumber: 1001
  • user2 => gidNumber: 1002

Can someone help me please?
Thanks.
@baptisterajaut
Copy link

baptisterajaut commented Jul 12, 2018
edited
Loading

Bump.
Wanting to map a role with a gobal role and it doesnt work.
ROLE_SAUVEGARDE_LECTURE: ['ID_GUISMO_ROLE_SAUVEGARDE_RX']'
this role is never given. Account is member of 'Domain Users' , which is a member of ID_GUISMO_ROLE_SAUVEGARDE_RX .
Setting Domain Users doesnt work.
Howver, when an account is member of a role non including domain users, it works flawlessly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AW-HTK @baptisterajaut