Symfony authentication with LDAP

Question

I really appreciate if someone could help me to use LDAP authentication at symfony2 Framework. The main idea is to use properly LDAP to know all users without using an interne table and without login (insert username/password), let's say that I want to be something like automatic identification.

Answer 1

You are looking for single sign on. You really do not have to deal with LDAP but your web server must be configured properly. Web server is dealing with authenticating instead your app. Then you can get user login from REMOTE_USER enviroment variable. It is credentials for you that you can trust. In Symfony is special security provider for that (starting from version 2.6).

Update: Added more specific info for IIS

1. Enable Windows Authentication on IIS (some maybe helpful link and make sure your server and clients are in domain).
2. Try to catch $_SERVER['REMOTE_USER'] in easy PHP script - you should see your domain login.

If everything will going well you can play with Symfony remote_user provider from link above. You also need to have users in database (ie. only domain login, email and maybe some flags) for using roles, logging etc. Also be sure that your server is in local intranet zone.

Update 2: Added Symfony configuration example

security.yml

security:
  role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  providers:
    in_memory:
      memory:
        users:
          - { name: 'DOMAIN\login', roles: [ 'ROLE_USER' ] }

  firewalls:
    dev:
      pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    secured_area:
      pattern: ^/demo
      remote_user:
        provider: in_memory

  access_control:
    - { path: ^/demo/secured/login, roles: ROLE_ADMIN }

This is example for clean Symfony 2.6 installation with AcmeDemoBundle. Try to play with it on your own. On homepage you are not logged in at all. If windows authentication is working and your login is DOMAIN\login you will be logged in after clicking on Run the demo button. If you try to access /demo/secured/login you will get 403. I hope it is enough as introduction what Symfony could do for you.