Skip to content

LDAP

INFO

LDAP authentication will connect to the server which is declared in the .env file and try to authenticate the given user in combination with the given password. The authentication will return a JWT.

WARNING

You have to configure config/packages/lexik_jwt_authentication.yaml first, to run
php bin/console lexik:jwt:generate-keypair!

Group Check

In order to use the group check and mapping of user roles correctly, you have to configure 3 properties in your .env. The numbers you configure represent the group GID in LDAP.
Roles:

  • SBA_ADMIN
  • SBA_USER
  • SBA_GUEST

Default role if none of these groups can be found: SBA_NOT_PERMITTED

LoginController

Overview

The LoginController is a Symfony controller responsible for handling authentication requests. It contains an action method index() mapped to the route /api/v1/login, which authenticates users and generates authentication tokens.

Functionality

  • Authentication: It accepts username (usr) and password (pwd) parameters from the request and authenticates the user using an instance of AuthService.
  • Token Generation: Upon successful authentication, it generates an authentication token using the AuthToken class and returns it as a JSON response.
  • Route: The action method is mapped to the /api/v1/login route.

AuthService

Overview

The AuthService class provides functionality for authenticating users against an LDAP server.

Functionality

  • LDAP Connection: It establishes a connection to the LDAP server specified in the environment variable LDAP_URL.
  • Token Handling: Creates, deletes outdated and validates Tokens for secure token handling
  • Authentication: It attempts to bind to the LDAP server using the provided user credentials ($user and $password) within the specified LDAP base.
  • Error Handling: It catches any exceptions that occur during the authentication process and returns false in case of failure.

AuthToken

Overview

The AuthToken class is responsible for encoding and decoding JSON Web Tokens (JWTs) using a provided key.

Functionality

  • Token Encoding: It encodes a payload into a JWT using the provided key.
  • Token Decoding: It decodes a JWT token using the provided key.
  • Exception Handling: It catches exceptions during encoding and decoding processes and throws appropriate exceptions.

Released under the MIT License.