LDAP-сервер с Laravel

Мне нужно подключить мой веб-сайт laravel к моему серверу LDAP.

Но сначала я хочу подключить свой сервер LDAP к новому веб-сайту. Я нашел учебник, чтобы сделать это с помощью adldap2/adldap2-laravel:


Я следовал за руководством и не получил ошибку, обедая веб-сайт:

Форма входа на сайт

Теперь я могу подключиться, используя любого пользователя из моей AD, но когда я пытаюсь подключиться, просто не регистрируйте меня без каких-либо ошибок.

У меня есть запас, потому что я не знаю, что делать, что я могу сделать, чтобы проверить мое соединение только с моим сервером LDAP и посмотреть, какие ошибки я совершил. (нужно увидеть сообщение об ошибке...)

Я уже создал php-файл за пределами своего веб-сайта, чтобы проверить, в порядке ли мои учетные данные для моего сервера LDAP и все ли работает.

Я зарегистрировался storage > logs > laravel.log но мой последний журнал был вчера.

Мой контроллер входа в систему:


namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Adldap\Laravel\Facades\Adldap;

class LoginController extends Controller
    | Login Controller
    | This controller handles authenticating users for the application and
    | redirecting them to your home screen. The controller uses a trait
    | to conveniently provide its functionality to your applications.

    use AuthenticatesUsers;

     * Where to redirect users after login.
     * @var string
    protected $redirectTo = '/home';

     * Create a new controller instance.
     * @return void
    public function __construct()

    public function username() {
        return config('adldap_auth.username.eloquent');

    protected function validateLogin(Request $request) {
        $this->validate($request, [
            $this->username() => 'required|string|regex:/^\w+$/',
            'password' => 'required|string',

    protected function attemptLogin(Request $request) {
        $credentials = $request->only($this->username(), 'password');
        $username = $credentials[$this->username()];
        $password = $credentials['password'];

        $user_format = env('ADLDAP_USER_FORMAT', 'cn=%s,'.env('ADLDAP_BASEDN', ''));
        $userdn = sprintf($user_format, $username);

        // you might need this, as reported in
        // [#14](https://github.com/jotaelesalinas/laravel-simple-ldap-auth/issues/14):
        // Adldap::auth()->bind($userdn, $password);

        if(Adldap::auth()->attempt($userdn, $password, $bindAsUser = true)) {
            // the user exists in the LDAP server, with the provided password

            $user = \App\User::where($this->username(), $username) -> first();
            if (!$user) {
                // the user doesn't exist in the local database, so we have to create one

                $user = new \App\User();
                $user->username = $username;
                $user->password = '';

                // you can skip this if there are no extra attributes to read from the LDAP server
                // or you can move it below this if(!$user) block if you want to keep the user always
                // in sync with the LDAP server 
                $sync_attrs = $this->retrieveSyncAttributes($username);
                foreach ($sync_attrs as $field => $value) {
                    $user->$field = $value !== null ? $value : '';

            // by logging the user we create the session, so there is no need to login again (in the configured time).
            // pass false as second parameter if you want to force the session to expire when the user closes the browser.
            // have a look at the section 'session lifetime' in `config/session.php` for more options.
            $this->guard()->login($user, true);
            return true;

        // the user doesn't exist in the LDAP server or the password is wrong
        // log error
        return false;

    protected function retrieveSyncAttributes($username) {
        $ldapuser = Adldap::search()->where(env('ADLDAP_USER_ATTRIBUTE'), '=', $username)->first();
        if ( !$ldapuser ) {
            // log error
            return false;
        // if you want to see the list of available attributes in your specific LDAP server:
        // var_dump($ldapuser->attributes); exit;

        // needed if any attribute is not directly accessible via a method call.
        // attributes in \Adldap\Models\User are protected, so we will need
        // to retrieve them using reflection.
        $ldapuser_attrs = null;

        $attrs = [];

        foreach (config('adldap_auth.sync_attributes') as $local_attr => $ldap_attr) {
            if ( $local_attr == 'username' ) {

            $method = 'get' . $ldap_attr;
            if (method_exists($ldapuser, $method)) {
                $attrs[$local_attr] = $ldapuser->$method();

            if ($ldapuser_attrs === null) {
                $ldapuser_attrs = self::accessProtected($ldapuser, 'attributes');

            if (!isset($ldapuser_attrs[$ldap_attr])) {
                // an exception could be thrown
                $attrs[$local_attr] = null;

            if (!is_array($ldapuser_attrs[$ldap_attr])) {
                $attrs[$local_attr] = $ldapuser_attrs[$ldap_attr];

            if (count($ldapuser_attrs[$ldap_attr]) == 0) {
                // an exception could be thrown
                $attrs[$local_attr] = null;

            // now it returns the first item, but it could return
            // a comma-separated string or any other thing that suits you better
            $attrs[$local_attr] = $ldapuser_attrs[$ldap_attr][0];
            //$attrs[$local_attr] = implode(',', $ldapuser_attrs[$ldap_attr]);

        return $attrs;

    protected static function accessProtected ($obj, $prop) {
        $reflection = new \ReflectionClass($obj);
        $property = $reflection->getProperty($prop);
        return $property->getValue($obj);

config > adldap.php код:

return [
    'connections' => [

        'default' => [
        'auto_connect' => false,

            'connection' => Adldap\Connections\Ldap::class,
        'schema' => Adldap\Schemas\OpenLDAP::class,
            'connection_settings' => [
                'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
                'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', '@my.group.com'),
                'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', 'my.group.com')),  
                'port' => env('ADLDAP_PORT', 389),
                'timeout' => env('ADLDAP_TIMEOUT', 5),
                'base_dn' => env('ADLDAP_BASEDN', 'OU=Users,OU=location,OU=country,DC=my,DC=group,DC=com'),
                'admin_account_prefix' => env('ADLDAP_ADMIN_ACCOUNT_PREFIX', ''),
                'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', '@my.group.com'),              
                'admin_username' => env('ADLDAP_ADMIN_USERNAME', 'adminUsername@my.group.com'),
                'admin_password' => env('ADLDAP_ADMIN_PASSWORD', 'password'),           
        'follow_referrals' => true,             
        'use_ssl' => false,
                'use_tls' => false,




мой config > adldap_auth.php:


return [

    'connection' => env('ADLDAP_CONNECTION', 'default'),

    'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,

    'rules' => [

        // Denys deleted users from authenticating.


        // Allows only manually imported users to authenticate.

        // Adldap\Laravel\Validation\Rules\OnlyImported::class,


    'scopes' => [

        // Only allows users with a user principal name to authenticate.
        // Remove this if you're using OpenLDAP.

        // Only allows users with a uid to authenticate.
        // Uncomment if you're using OpenLDAP.
        // Adldap\Laravel\Scopes\UidScope::class,


    'usernames' => [

    'ldap' => env('ADLDAP_USER_ATTRIBUTE', 'userprincipalname'),

        'eloquent' => 'username',

        'windows' => [

            'discover' => 'samaccountname',

            'key' => 'AUTH_USER',



    'passwords' => [

        'sync' => env('ADLDAP_PASSWORD_SYNC', false),

        'column' => 'password',


    'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),

    'sync_attributes' => [

    'username' => 'uid',

        'name' => 'cn',     


    'logging' => [

        'enabled' => true,

        'events' => [

            \Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
            \Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
            \Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
            \Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
            \Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
            \Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
            \Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
            \Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
            \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
            \Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
            \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,



мой config > auth.php


return [

    'defaults' => [
        'guard' => 'web',
        'passwords' => 'users',

    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',

        'api' => [
            'driver' => 'token',
            'provider' => 'users',

    'providers' => [
        'users' => [
            'driver' => 'adldap',
            'model' => App\User::class,

    'passwords' => [
        'users' => [
            'provider' => 'users',
            'table' => 'password_resets',
            'expire' => 60,


