Daps: Advanced-release LDAP support for Symfony2

Over the last couple of months, I tasked myself with learning how to implement LDAP in Symfony2. This was about as painful as it sounds. At first, I had wanted to modify OpenSky’s LDAP bundle for the goals I wanted to meet. There were a few drawbacks to this — namely, that it was really difficult to split out the dependencies required to implement a non-preauthenticated model for authorization and user provision. Without this, it was going to be difficult to, for instance, authorize through LDAP via a form. There was also a dependency on Zend’s LDAP module, since Symfony2 does not presently have LDAP support in any of its releases. This was kind of a problem, since it constitutes leaning on one framework to fill in for the missing features of another. Solving a framework’s problem with another framework isn’t the best idea.

After struggling with OpenSky’s LDAP bundle, I did a lot of research online to see if anyone else had problems using it. I discovered then, through Grégoire Pineau’s pull request to the Symfony2 main project, that not only had he found OpenSky’s approach to be sub-optimal, but it was one of the leading causes for him to write his own LDAP component native to Symfony2. This was exactly what I was looking for — Symfony2 framework-level support for LDAP. But it was coming too late. The deadline for this project was to get it working with 2.1, and this won’t make it out to the public until 2.2.

Because LDAP support is coming in a future version of the Symfony framework, I decided to create a bundle that copied Pineau’s approach as closely as possible, adding in those features we needed, which were still to-dos on the main project. Now, any time the LDAP component updates, we can incorporate those changes relatively easy. For instance, we got TLS and SSL for free because of updates from the main project. The best part is that we don’t have to wait for a later version of Symfony to get the features we want now.

Because I like puns and bro-fisting, I called this “advanced release” of the Symfony2 LDAP feature Daps. You can get Daps on GitHub. It’s my first time building out a bundle, so I’ve probably got a bit to learn. It was a fun — albeit insanely difficult — way to get my feet wet working with Symfony2. If you’re looking for a relatively clean way generating users based on listings your LDAP solution, please feel free to fork and add on.

Coming full circle, working on this project has me actually asking questions about the original pull request, helping to shape the way this component looks when it actually makes its way into Symfony2. Another great story about how open source software helps us all go far, together.


9 Responses to Daps: Advanced-release LDAP support for Symfony2

  1. Tim Massey says:

    Do you know if this will work with a Symfony2.0.* project?

    • Robert says:

      Hi Tim,

      I know for a fact it won’t. There are some changes to how services are dependency-injected between 2.0 and 2.1 which will get pretty thorny. You could likely fork my project and get it working in less than a day (and hopefully more like less than half a day) of hacking.

  2. Justin says:

    How do you get this working?

    I got the bundle in /src, figured out proper namespacing, created the ldapcredentials.yml, added the bundle to AppKernel.php, but now I am stuck as to how to configure my actual project to use LDAP for authentication. Do I need to edit my security.yml ? Edit my UserRepository class? etc? There seems to be little documentation.

    • Robert says:

      Hi Justin,

      You need an admin user in your LDAP setup. I’ve just pushed an example file for ldapcredentials.xml in Resources/config. This gives you the info on where to connect and how to connect as an admin.

      Let me know if this helps point you in the right direction.

  3. Jean-Noël says:

    Hi Robert,
    Thanks for you job.
    I’m new in world of Symfony/Silex. I want to get this working with Silex. My purpose: authentication with LDAP and get the roles from MySQL table. Could you help me please ?

    • Robert says:

      Hi Jean-Noel,

      That would require a change to this bundle to integrate with a specific data model. You’re welcome to fork and make the changes for yourself.


  4. Salva says:

    hi!! This is my error

    ErrorException: Catchable Fatal Error: Argument 1 passed to Daps\LdapBundle\Security\Authentication\Provider\LdapAuthenticationProvider::__construct() must implement interface Daps\LdapBundle\Security\User\LdapUserProviderInterface, instance of Symfony\Component\Security\Core\User\InMemoryUserProvider given, called in C:\wamp\www\symfony\app\cache\dev\appDevDebugProjectContainer.php on line 521 and defined in C:\wamp\www\symfony\vendor\daps\ldap-bundle\Daps\LdapBundle\Security\Authentication\Provider\LdapAuthenticationProvider.php line 37


    • Robert says:

      Looks like you’re passing the wrong kind of user provider in. You need to change what kind of user provider you’re using. Been a while since I touched the code myself, so you may need to reach out to actual users of the library.

  5. Thanks for this. It is exactly what I’m looking for. I will try and integrate it at some point. I love symfony, it is a extremely powerful framework . However it’s flexibility is also it’s downfall. You would have thought that LDAP integration would not be so difficult. I have standalone classes that do this everyday. However integrating into symfony is a task.

    The difficulty also concerns me. If it is difficult to integrate also means that there are more chances to introduce errors. Errors and misconfiguration in security functionality is asking for trouble

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>