Author: Nathan.Vonnahme
Date: 2010-05-04 02:39:58 +0200 (Tue, 04 May 2010)
New Revision: 29343
Modified:
plugins/bhLDAPAuthPlugin/branches/1.4/README
plugins/bhLDAPAuthPlugin/branches/1.4/lib/validator/bhLDAPUserValidator.php
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/actions/actions.class.php
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/templates/signinSuccess.php
Log:
works with 1.4/Doctrine
Modified: plugins/bhLDAPAuthPlugin/branches/1.4/README
===================================================================
--- plugins/bhLDAPAuthPlugin/branches/1.4/README 2010-05-04 00:39:23 UTC
(rev 29342)
+++ plugins/bhLDAPAuthPlugin/branches/1.4/README 2010-05-04 00:39:58 UTC
(rev 29343)
@@ -3,10 +3,11 @@
# bhLDAPAuthPlugin #
`bhLDAPAuthPlugin` allows you to use users and groups from an LDAP
-directory (Only Microsoft Active Directory® for now but you're
-welcome to add others) for your symfony app's authentication and
-authorization.
+directory (Microsoft Active Directory® and possibly others) for
+your symfony app's authentication and authorization.
+This version supports Symfony 1.4 with Doctrine.
+
## Revision ##
$Id$
@@ -17,22 +18,22 @@
`bhLDAPAuthPlugin` does:
- * give your app a web login form similar to sfGuard's
- * let you allow parts of your app to users based on their membership in AD
groups
+ * give your app a web login form similar to sfGuard's, with LDAP password
authentication
+ * let you authorize parts of your app to users based on their membership in
LDAP groups
* work with Apache on Windows ([XAMPP](http://www.apachefriends.org) rocks;
you will need the Devel package) or Linux (probably also other Unix family OSes
including Mac OS X).
+ * work with Microsoft Active Directory® and possibly other LDAP servers.
It does *NOT*:
- * provide single sign on/seamless authentication/NTLM/GSSAPI. For that,
you can try [some of these
alternatives](http://adldap.sourceforge.net/wiki/doku.php?id=seamless_authentication).
I would start by trying (again) to get symfony to run on IIS (Windows).
- * currently work with LDAP servers other than Microsoft Active
Directory®
- * necessarily keep your app from transmitting AD passwords over the network
in plain text (use HTTPS for the login!)
+ * provide single sign on/seamless authentication/NTLM/GSSAPI. For that,
you can try [some of these
alternatives](http://adldap.sourceforge.net/wiki/doku.php?id=seamless_authentication).
I would try to [run symfony on
IIS](http://www.symfony-project.org/more-with-symfony/1_4/en/11-Windows-and-Symfony),
or try [Likewise](http://www.likewise.com/).
+ * necessarily keep your app from transmitting AD passwords over the network
in plain text (use HTTPS for the login; instructions below!)
* suck as much as having Yet Another user/group database to maintain
## Requirements ##
- * [`sfGuardPlugin`](http://www.symfony-project.com/plugins/sfGuardPlugin).
Why reinvent the wheel?
+ *
[sfDoctrineGuardPlugin](http://www.symfony-project.org/plugins/sfDoctrineGuardPlugin).
Why reinvent the wheel?
* Your PHP must have OpenLDAP support enabled
- * Microsoft Active Directory®
+ * Microsoft Active Directory® (again, it might work with other LDAP
servers)
* `sfSslRequirementPlugin` is a good idea but not strictly required (see
"enable SSL" below).
## Installation ##
@@ -43,9 +44,9 @@
For production use, you can install the plugins the standard way:
-Install the `sfGuardPlugin`
+Install the `sfDoctrineGuardPlugin`
- ./symfony plugin:install sfGuardPlugin
+ ./symfony plugin:install sfDoctrineGuardPlugin
Install the `bhLDAPAuthPlugin`
@@ -61,11 +62,12 @@
svn propedit svn:externals ./plugins
And here are the correct URLs for downloading the latest from each
-plugin's symfony 1.1 branch:
+plugin's symfony 1.4 (or compatible) branch:
- bhLDAPAuthPlugin/
http://svn.symfony-project.com/plugins/bhLDAPAuthPlugin/branches/1.1/
- sfGuardPlugin/
http://svn.symfony-project.com/plugins/sfGuardPlugin/branches/1.1/
- sfSslRequirementPlugin/
http://svn.symfony-project.com/plugins/sfSslRequirementPlugin/branches/1.1/
+ $ svn propget svn:externals plugins/
+ bhLDAPAuthPlugin/
http://svn.symfony-project.com/plugins/bhLDAPAuthPlugin/branches/1.4/
+ sfDoctrineGuardPlugin/
http://svn.symfony-project.com/plugins/sfDoctrineGuardPlugin/branches/1.3/
+ sfSslRequirementPlugin/
http://svn.symfony-project.com/plugins/sfSslRequirementPlugin/branches/1.2/
## Configuration
@@ -89,38 +91,52 @@
- 10.41.16.3
</pre>
-### 2. Rebuild your model.
-This adds the Propel object models for tables that `sfGuardPlugin`
+### 2. Activate the plugins
+
+Turn on the plugins in `config/ProjectConfiguration.class.php`
+
+ [php]
+ class ProjectConfiguration extends sfProjectConfiguration
+ {
+ public function setup()
+ {
+ $this->enablePlugins(array(
+ 'sfDoctrinePlugin',
+ 'sfDoctrineGuardPlugin',
+ 'sfSslRequirementPlugin',
+ 'bhLDAPAuthPlugin',
+ '...'
+ ));
+ }
+ }
+
+
+### 3. Rebuild your model.
+
+This adds the Propel object models for tables that `sfDoctrineGuardPlugin`
needs to your database, even though we won't be using most of them.
- symfony propel-build-model
- symfony propel-build-sql
+ ./symfony doctrine:build --model --sql
Update you database tables by starting from scratch (it will delete all
the existing tables, then re-create them):
- symfony propel-insert-sql
+ ./symfony doctrine:insert-sql
-*or*, you can just create the new tables by using the generated SQL
-statements in `data/sql/plugins.sfGuardAuth.lib.model.schema.sql`
+*or*, you can create the new tables manually using the generated SQL
+statements that have been appended to `data/sql/schema.sql`.
-With MySQL, that would be like this:
+(Don't load the default sfDoctrineGuardPlugin fixtures)
- mysql -uroot -ppassword database <
data/sql/plugins.sfGuardPlugin.lib.model.schema.sql
+### 4. Clear your cache
-
-(Don't load the default sfGuardPlugin fixtures)
-
-### 3. Clear your cache
-
symfony cc
-### 4. Enable "Remember Me" (optional)
+### 5. Enable "Remember Me" (optional)
-Optionally enable the "Remember Me" filter in
-`apps/frontend/config/filters.yml` (great for Intranet apps)
+Optionally enable the "Remember Me" filter above the security filter in
`apps/frontend/config/filters.yml`
remember_me:
class: sfGuardRememberMeFilter
@@ -128,37 +144,38 @@
security: ~
+### 6. Edit your application's config files
-### 5. Edit your application's config files
-
#### a. settings.yml
-Enable the module `sfGuardAuth` under `.settings` in
+Enable the `sfGuardAuth` and `bhLDAPAuth` modules under `.settings` in
`apps/frontend/config/settings.yml`
all:
.settings:
- enabled_modules: [..., sfGuardAuth, bhLDAPAuth]
+ enabled_modules: [default, ..., sfGuardAuth, bhLDAPAuth]
-Change the default login and secure modules under `.actions` in
+Change the default login and secure modules under `all:``.actions` in
`apps/frontend/config/settings.yml`
- login_module: bhLDAPAuth
- login_action: signin
+ all:
+ .actions:
+ login_module: bhLDAPAuth
+ login_action: signin
- secure_module: sfGuardAuth
- secure_action: secure
+ secure_module: sfGuardAuth
+ secure_action: secure
#### b. app.yml
-Tell `sfGuard` to use the password checker in `bhLDAPAuth` in
-`apps/frontend/config/app.yml`.
+Tell `sfDoctrineGuard` to use the password checker in `bhLDAPAuth` in
+`apps/frontend/config/app.yml`, and set `routes:register` false so the bhLDAP
routes will override.
all:
sf_guard_plugin:
check_password_callable: [bhLDAP, checkPassword]
+ routes_register: false
-
#### c. `myUser` class
Change the parent class to bhLDAPAuthSecurityUser in
@@ -170,7 +187,7 @@
}
-### 6. Apply security to some modules or the whole app
+### 7. Apply security to some modules or the whole app
Secure some modules or your entire application in
`apps/frontend/config/security.yml`. Read more about security in
@@ -193,7 +210,7 @@
users who can supply valid AD credentials.
-#### 7. enable SSL protection of login form
+#### 8. enable SSL protection of login form
You don't want your AD credentials flying around the network in clear text,
right?
@@ -281,7 +298,7 @@
This is all on the shoulders of giants. Besides
[symfony](http://symfony-project.com) and
-[sfGuardPlugin](http://www.symfony-project.com/plugins/sfGuardPlugin),
+[sfDoctrineGuardPlugin](http://www.symfony-project.com/plugins/sfDoctrineGuardPlugin),
it includes code from
[the `adLDAP` PHP library](http://adldap.sourceforge.net/).
@@ -293,7 +310,7 @@
## TODO ##
-* make it also work with non-AD LDAP servers
+* test and document non-AD LDAP servers
## Changelog ##
Modified:
plugins/bhLDAPAuthPlugin/branches/1.4/lib/validator/bhLDAPUserValidator.php
===================================================================
--- plugins/bhLDAPAuthPlugin/branches/1.4/lib/validator/bhLDAPUserValidator.php
2010-05-04 00:39:23 UTC (rev 29342)
+++ plugins/bhLDAPAuthPlugin/branches/1.4/lib/validator/bhLDAPUserValidator.php
2010-05-04 00:39:58 UTC (rev 29343)
@@ -3,7 +3,7 @@
/* $Id$ */
/* $URL$ */
-class bhLDAPUserValidator extends sfGuardValidatorUser
+class bhLDAPUserValidator extends sfValidatorBase
{
public function configure($options = array(), $messages = array())
{
@@ -55,6 +55,11 @@
throw new sfValidatorErrorSchema($this,
array($this->getOption('username_field') => new sfValidatorError($this,
'invalid')));
}
+
+ protected function getTable()
+ {
+ return Doctrine::getTable('sfGuardUser');
+ }
}
//sfeof
Modified:
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/actions/actions.class.php
===================================================================
---
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/actions/actions.class.php
2010-05-04 00:39:23 UTC (rev 29342)
+++
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/actions/actions.class.php
2010-05-04 00:39:58 UTC (rev 29343)
@@ -41,11 +41,12 @@
bhLDAP::debug("######## a login attempt! signing in (if validation
passed) and redirectifying to homepage or wherever");
+ $this->form->bind($request->getParameter('signin'));
+ bhLDAP::debug("### form bound");
-
- $this->form->bind($request->getParameter('signin'));
if ($this->form->isValid())
{
+ bhLDAP::debug("##### signin form is valid");
$values = $this->form->getValues();
$this->getUser()->signIn($values['user'], array_key_exists('remember',
$values) ? $values['remember'] : false);
@@ -56,6 +57,9 @@
return $this->redirect($signinUrl);
}
+ else {
+ bhLDAP::debug("##### what?? signin form is NOT valid");
+ }
}
else
Modified:
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/templates/signinSuccess.php
===================================================================
---
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/templates/signinSuccess.php
2010-05-04 00:39:23 UTC (rev 29342)
+++
plugins/bhLDAPAuthPlugin/branches/1.4/modules/bhLDAPAuth/templates/signinSuccess.php
2010-05-04 00:39:58 UTC (rev 29343)
@@ -1,4 +1,4 @@
-<?php use_helper('Validation', 'I18N', 'Form') ?>
+<?php use_helper('I18N') ?>
<?php $LDAP_config = bhLDAP::getConfig(); ?>
<div id="sf_admin_container">
@@ -15,7 +15,7 @@
<td>
<?php echo $form['username']->renderError() ?>
<?php echo $form['username']->render() ?>
-<?php echo $LDAP_config['adLDAP']['account_suffix'] ; ?></td>
+ <?php echo $LDAP_config['adLDAP']['account_suffix'] ; ?></td>
</tr>
<?php echo $form['password']->renderRow() ?>
<?php echo $form['remember']->renderRow() ?>
@@ -27,7 +27,7 @@
<ul class="sf_admin_actions">
<li class="float-right">
- <?php echo submit_tag('Log In', 'class="sf_admin_action_save"'); ?>
+ <input type="submit" value="<?php echo __('Log In') ?>"
class="sf_admin_action_save" />
</li>
</ul>
--
You received this message because you are subscribed to the Google Groups
"symfony SVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/symfony-svn?hl=en.
