在CakePHP中实现安全的LDAP登录,可以按照以下步骤进行:
- 安装LDAP插件:首先需要安装CakePHP的LDAP插件。可以通过Composer运行以下命令来安装插件:
composer require vdechenaud/cakephp-ldap
- 配置LDAP连接:在
config/app.php
文件中添加LDAP连接的配置信息:
'Ldap' => [
'host' => 'ldap.example.com',
'port' => 389,
'basedn' => 'dc=example,dc=com',
'binddn' => 'cn=admin,dc=example,dc=com',
'bindpw' => 'password',
'users' => [
'model' => 'Users',
'filter' => '(&(objectClass=inetOrgPerson)(uid={0}))',
'fields' => [
'username' => 'uid',
'password' => 'userpassword',
'email' => 'mail',
'name' => 'cn',
],
],
],
这里的配置信息需要根据你的LDAP服务器进行相应的修改。
- 创建用户模型:在
src/Model
目录下创建UsersTable.php
文件,定义UsersTable
类来处理用户相关操作。可以参考以下示例代码:
<?php
namespace App\Model\Table;
use Cake\Auth\DefaultPasswordHasher;
use Cake\ORM\Table;
class UsersTable extends Table
{
public function initialize(array $config)
{
$this->addBehavior('Ldap.Ldap', ['userModel' => 'Users']);
}
public function findLdapAuth(\Cake\ORM\Query $query, array $options)
{
$query
->select(['username', 'password'])
->where(['Users.username' => $options['username']])
->contain([]);
return $query;
}
public function beforeSave(\Cake\Event\EventInterface $event, \Cake\ORM\EntityInterface $entity, \ArrayObject $options)
{
if ($entity->isNew() && !$entity->get('password')) {
$entity->set('password', $this->generatePassword());
}
return true;
}
public function generatePassword()
{
$password = '';
// 生成随机密码的逻辑
return $password;
}
public function setPassword($password)
{
$hasher = new DefaultPasswordHasher();
return $hasher->hash($password);
}
}
- 创建登录控制器:在
src/Controller
目录下创建UsersController.php
文件,定义UsersController
类来处理用户登录逻辑。可以参考以下示例代码:
<?php
namespace App\Controller;
use Cake\Controller\Controller;
class UsersController extends Controller
{
public function initialize(): void
{
parent::initialize();
$this->loadComponent('Auth', [
'authenticate' => [
'Ldap',
],
'loginAction' => [
'controller' => 'Users',
'action' => 'login',
],
'loginRedirect' => [
'controller' => 'Users',
'action' => 'index',
],
'logoutRedirect' => [
'controller' => 'Users',
'action' => 'login',
],
'authError' => 'You are not authorized to access that location.',
'unauthorizedRedirect' => [
'controller' => 'Users',
'action' => 'login',
],
]);
}
public function login()
{
if ($this->request->is('post')) {
$user = $this->Auth->identify();
if ($user) {
$this->Auth->setUser($user);
return $this->redirect($this->Auth->redirectUrl());
} else {
$this->Flash->error('Invalid username or password, try again');
}
}
}
public function logout()
{
return $this->redirect($this->Auth->logout());
}
}
- 创建登录视图:在
src/Template/Users
目录下创建login.ctp
文件,用于显示登录表单。可以参考以下示例代码:
<h2>Login</h2>
<?= $this->Form->create() ?>
<?= $this->Form->control('username', ['required' => true]) ?>
<?= $this->Form->control('password', ['required' => true]) ?>
<?=