November 11, 2015 Javier Eguiluz

LDAP, which stands for Lightweight Directory Access Protocol, is "an open standard for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network".

LDAP is used by lots of companies as a centralized repository for user information, including their security roles, and as an authentication service. That's why Symfony 2.8 includes a new LDAP component which provides seamless integration with the Symfony Security component.

Before enabling the LDAP authentication, define a new service to configure the connection settings, such as the host, the port, the LDAP version, etc.

1 2 3 4 5 # app/config/services.yml services : app.ldap : class : Symfony\Component\Security\Ldap\Ldap arguments : [ "ldap.example.com" ]

Then, you can use the LDAP component both as a user provider and as the firewalls' authentication mechanism. These are the configurable fields for the LDAP user provider:

1 2 3 4 5 6 7 8 9 10 11 12 13 # app/config/security.yml security : # ... providers : app_users : ldap : service : app.ldap base_dn : dc=example,dc=com search_dn : CN=My User,OU=Users,DC=example,DC=com search_password : p455w0rd filter : (sAMAccountName={username}) default_roles : ROLE_USER

When used as an authentication mechanism, you can configure it with a login form or with the HTTP basic mechanism:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 # app/config/security.yml security : # ... firewalls : api : provider : app_users stateless : true pattern : ^/api http_basic_ldap : service : app.ldap dn_string : "{username}@example" backend : provider : app_users pattern : ^/admin logout : path : logout target : login form_login_ldap : service : app.ldap dn_string : CN={username},OU=Users,DC=example,DC=com check_path : login_check login_path : login

This component relies on the PHP LDAP extension, so make sure to configure and enable that PHP extension before using this component.