Hallo teman-teman semuanya, kembali lagi bersama dengan saya di blog kita bersama, kali ini kita akan membahas seputar, cara membuat authentication login laravel menggunakan LDAP, pada blog kali ini saya berasumsi teman-teman semuanya sudah mempunya LDAP server dan akun LDAP nya, jika belum, silahkan kunjungi pada blog saya sebelumnya yang teman-teman dapat akses melalui link berikut :
1. Cara install LDAP Server di ubuntu 22:04
2. Cara install LDAP Client di ubuntu 22:04
oke tanpa berlama-lama langsung saja kita masuk kedalam tutorialnya
Langkah 1. Clone Project Laravel
untuk melakukan clone pastikan git sudah terinstall di komputer teman-teman semuanya, jika belum silahkan install terlebih dengan memperhatikan kondisi operating system teman-teman semuanya, disini saya menggunakan linux dan git sudah terinstall jadi langsung saja kita lakukan clone project dengan menjalankan perintah berikut :
$ git clone https://github.com/Nofrisdan/laravel-ldap.git
selanjutnya masuk ke folder project laravel-ldap lalu install semua package
$ cd laravel-ldap && composer install
Langkah 2. Install Library LDAP Pada laravel
untuk dapat melakukan installasi library ldap pada laravel, silahkan jalankan perintah berikut di laravel menggunakan composer, dan tunggu sampai proses installasi selesai...
$ composer require adldap2/adldap2-laravel --ignore-platform-reqs
Langkah 3. Publikasi file konfigurasi LDAP
$ php artisan vendor:publish --provider="Adldap\Laravel\AdldapServiceProvider"
setelah anda menjalankan perintah berikut, maka secara otomatis akan terdapat file baru dengan nama ldap.php yang berada di folder config
Langkah 4. Koneksikan Laravel dengan LDAP
selanjutnya kita akan melakukan koneksi Laravel dengan LDAP, silahkan buka file .env di folder project laravel, dan silahkan tambahkan line dibawah kedalamnya
# LDAP CONFIGURATION
LDAP_HOSTS=
LDAP_BASE_DN=""
LDAP_USERNAME=""
LDAP_PASSWORD=""
note : silahkan sesuaikan value LDAP sesuai dengan kondisi server LDAP teman-teman semuanya
Langkah 5. Setting Model User laravel
selanjutnya disini kita akan melakukan settingan user model pada laravel, silahkan tambahkan source code berikut sesuai dengan file yang telah ditentukan
/app/Models/User.php
<?php
namespace App\Models;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Adldap\Laravel\Traits\HasLdapUser;
class User extends Authenticatable
{
use HasLdapUser;
protected $fillable = [
'id',
'name',
'email',
'username',
];
}
/app/database/migrations/yyyy_mm_d_create_users_table.php
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
Schema::create('users', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->string("username")->unique();
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
Schema::dropIfExists('users');
}
};
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=belajar_laravel_ldap
DB_USERNAME=cakdunsite
DB_PASSWORD=secret
note : sesuaikan settingan dengan kondisi database teman-teman semuanya...
jika konfigurasi model dan database sudah terkoneksi, selanjutnya kita akan membuat sebuah table users di database, dengan cara menjalankan perintah berikut ini :
php artisan migrate
Langkah 6. Perubahan konfigurasi authentication default
secara default laravel akan menggunakan model user untuk melakukan authentication ke sistem, jadi disini kita akan merubah konfigurasi default tersebut untuk menggunakan LDAP, silahkan ikuti konfigurasi berikut dan sesuaikan dengan file-filenya,
config/auth.php
<?php
return [
/*
|--------------------------------------------------------------------------
| Authentication Defaults
|--------------------------------------------------------------------------
|
| This option controls the default authentication "guard" and password
| reset options for your application. You may change these defaults
| as required, but they're a perfect start for most applications.
|
*/
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
|
| Next, you may define every authentication guard for your application.
| Of course, a great default configuration has been defined for you
| here which uses session storage and the Eloquent user provider.
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| Supported: "session"
|
*/
'guards' => [
'web' => [
'driver' => 'session',
'provider' => 'users',
],
'ldap' => [ // ✅ Tambahkan guard untuk LDAP
'driver' => 'session',
'provider' => 'ldap_users',
],
],
/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
|
| All authentication drivers have a user provider. This defines how the
| users are actually retrieved out of your database or other storage
| mechanisms used by this application to persist your user's data.
|
| If you have multiple user tables or models you may configure multiple
| sources which represent each model / table. These sources may then
| be assigned to any extra authentication guards you have defined.
|
| Supported: "database", "eloquent"
|
*/
'providers' => [
'users' => [
'driver' => 'eloquent',
'model' => App\Models\User::class,
],
'ldap_users' => [ // ✅ Provider khusus LDAP
'driver' => 'ldap',
'model' => App\Models\User::class,
],
// 'users' => [
// 'driver' => 'eloquent',
// 'model' => App\Models\User::class,
// ],
// 'users' => [
// 'driver' => 'database',
// 'table' => 'users',
// ],
],
/*
|--------------------------------------------------------------------------
| Resetting Passwords
|--------------------------------------------------------------------------
|
| You may specify multiple password reset configurations if you have more
| than one user table or model in the application and you want to have
| separate password reset settings based on the specific user types.
|
| The expiry time is the number of minutes that each reset token will be
| considered valid. This security feature keeps tokens short-lived so
| they have less time to be guessed. You may change this as needed.
|
| The throttle setting is the number of seconds a user must wait before
| generating more password reset tokens. This prevents the user from
| quickly generating a very large amount of password reset tokens.
|
*/
'passwords' => [
'users' => [
'provider' => 'users',
// 'table' => 'password_reset_tokens',
'expire' => 60,
'throttle' => 60,
],
],
/*
|--------------------------------------------------------------------------
| Password Confirmation Timeout
|--------------------------------------------------------------------------
|
| Here you may define the amount of seconds before a password confirmation
| times out and the user is prompted to re-enter their password via the
| confirmation screen. By default, the timeout lasts for three hours.
|
*/
'password_timeout' => 10800,
];
app/Provides/AppServiceProvider.php
<?php
namespace App\Providers;
use Illuminate\Support\ServiceProvider;
use App\Auth\LdapUserProvider;
use Illuminate\Support\Facades\Auth;
class AppServiceProvider extends ServiceProvider
{
/**
* Register any application services.
*/
public function register(): void
{
//
}
/**
* Bootstrap any application services.
*/
public function boot(): void
{
// add ldap configuration authentication
Auth::provider('ldap', function ($app, array $config) {
return new LdapUserProvider($app['hash'], $config['model']);
});
}
}
app/Providers/RouteServiceProvider.php
<?php
namespace App\Providers;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Foundation\Support\Providers\RouteServiceProvider as
ServiceProvider;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Route;
class RouteServiceProvider extends ServiceProvider
{
/**
* The path to your application's "home" route.
*
* Typically, users are redirected here after authentication.
*
* @var string
*/
public const HOME = '/';
/**
* Define your route model bindings, pattern filters, a
nd other route configuration.
*/
public function boot(): void
{
RateLimiter::for('api', function (Request $request) {
return Limit::perMinute(60)->by($request->user()?->id ?:
$request->ip());
});
$this->routes(function () {
Route::middleware('api')
->prefix('api')
->group(base_path('routes/api.php'));
Route::middleware('web')
->group(base_path('routes/web.php'));
});
}
}
routes/web.php
<?php
use App\Http\Controllers\AuthController;
use App\Http\Controllers\DashboardController;
use App\Http\Controllers\DebugController;
use Illuminate\Support\Facades\Route;
/*
|--------------------------------------------------------------------------
| Web Routes
|--------------------------------------------------------------------------
|
| Here is where you can register web routes for your application. These
| routes are loaded by the RouteServiceProvider and all of them will
| be assigned to the "web" middleware group. Make something great!
|
*/
// Route::get("/login", [AuthController::class, 'login'])->name("login");
Route::middleware("guest")->group(function () {
Route::get("/login", [AuthController::class, 'login'])->name("login");
Route::post("/login", [AuthController::class, 'authenticate']);
});
Route::middleware("auth:web")->group(function () {
Route::get("/", [DashboardController::class, 'index']);
Route::get("/logout", [AuthController::class, 'logout']);
});
Langkah 7. Membuat Script Authentication & Dashboard
nahh pada langkah 7 ini kita akan membuat sebuah script authentication dan dashboard controller yang nantinya kita fungsikan untuk melakukan uji coba authentication LDAP, untuk itu silahkan simak langkah-langkah berikut :
membuat file authcontroller & Dashboard Controller
$ php artisan make:AuthController$ php artisan make:DashboardController
dan silahkan pastekan script berikut kedalam file AuthController & DashboardController
app/Http/Controllers/AuthController.php
<?php
namespace App\Http\Controllers;
use Exception;
use App\Models\User;
use Illuminate\Http\Request;
use Adldap\Laravel\Facades\Adldap;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Session;
class AuthController extends Controller
{
// login form
public function login()
{
return view("auth.login");
}
// authenticate
public function authenticate(Request $request)
{
$request->validate([
"username" => "required|string",
"password" => "required|string"
]);
$username = $request->username;
$password = $request->password;
// return $password;
// check user in LDAP
$user = Adldap::search()->where("uid", $username)->first();
// proses authentication
if ($user && Adldap::auth()->attempt($user->getDn(), $password)) { // cek userDn dan password user sudah sesuai atau belum
// saving to db
$userModel =
User::updateOrCreate(
['username' => $user->getAttribute('uid')[0]], // Cek berdasarkan username
[
'name' => $user->getAttribute('cn')[0] ?? 'Unknown',
'email' => $user->getAttribute('mail')[0] ?? null,
]
);
// authenticate
Auth::guard("web")->login($userModel);
// $request->session()->regenerate();
// return redirect()->intended("/");
if (Auth::check()) {
$request->session()->regenerate();
// dd(Auth::check(), Auth::user(), session()->all());
return redirect()->intended("/");
} else {
// // invalid password
return redirect()->back()->withErrors([
"message1" => "Invalid Username / Password"
]);
}
}
// // invalid password
return redirect()->back()->withErrors([
"message1" => "Invalid Username / Password"
]);
}
// logout
public function logout(Request $request)
{
Auth::logout();
$request->session()->invalidate();
$request->session()->regenerate();
return redirect("/login");
}
}
app/Http/Controllers/DashboardController.php
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class DashboardController extends Controller
{
// index
public function index()
{
// // return "ok";
// echo "Halaman Dashboard";
// dd(Auth::check(), Auth::user(), session()->all());
// dd(Auth::user()->name);
$hasil = "UserID : " . Auth::user()->id . "| Name : " . Auth::user()->name;
return $hasil;
}
}
Langkah 8. Testing
pada langkah ini, kita akan melakukan uji coba apakah proses konfigurasi dan script yang kita buat sudah dapat menggunakan LDAP untuk proses authentication, untuk itu silahkan ikuti langkah-langkah berikut untuk melakukan uji coba
Menjalankan aplikasi laravel
$ php artisan serve
jika server sudah berjalan, silahkan buka web browser dan akses url berikut http://localhost:8000 (port default laravel), maka tampilannya akan terlihat seperti berikut :
selanjutnya silahkan login menggunakan akun LDAP teman-teman semuanya, jika dia berhasil login, maka tampilanya akan sebagai berikut :
sampai pada proses ini, pembahasan terkait authentication laravel menggunakan LDAP telah selesai, jika ada pertanyaan atau kendala teman-teman pada saat proses pembuatanya silahkan tinggalkan pesan di kolom komentar
akhir kata saya ucapkan terimakasih....
0 Komentar