Skip to content

[Ldap] Add support for sasl_bind and whoami LDAP operations #20292

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 8, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions components/ldap.rst
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,19 @@ distinguished name (DN) and the password of a user::

When the LDAP server allows unauthenticated binds, a blank password will always be valid.

You can also use the :method:`Symfony\\Component\\Ldap\\Ldap::saslBind` method
for binding to an LDAP server using `SASL`_::

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The method in Symfony is called saslBind() and not sasl_bind()

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Fixed.

// this method defines other optional arguments like $mech, $realm, $authcId, etc.
$ldap->saslBind($dn, $password);

After binding to the LDAP server, you can use the :method:`Symfony\\Component\\Ldap\\Ldap::whoami`
method to get the distinguished name (DN) of the authenticated and authorized user.

.. versionadded:: 7.2

The ``saslBind()`` and ``whoami()`` methods were introduced in Symfony 7.2.

Once bound (or if you enabled anonymous authentication on your
LDAP server), you may query the LDAP server using the
:method:`Symfony\\Component\\Ldap\\Ldap::query` method::
Expand Down Expand Up @@ -183,3 +196,5 @@ Possible operation types are ``LDAP_MODIFY_BATCH_ADD``, ``LDAP_MODIFY_BATCH_REMO
``LDAP_MODIFY_BATCH_REMOVE_ALL``, ``LDAP_MODIFY_BATCH_REPLACE``. Parameter
``$values`` must be ``NULL`` when using ``LDAP_MODIFY_BATCH_REMOVE_ALL``
operation type.

.. _`SASL`: https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer
Loading