我正在开发一个Cake
PHP项目,目前正在构建它的用户身份验证部分.问题是我的身份验证信息(即:密码)没有存储在我的数据库中 – 身份验证源是LDAP,但我的问题同样适用于任何非数据库源.
似乎Cake仅在本地数据库中存在时处理密码. The Cake Cookbook suggests你可以通过使用$this-> Auth-> authorize变量告诉它一个不同的控制器/模型/对象来提供授权程序,但是看看代码(特别是the Auth::startup() function)看起来像Cake总会尝试首先查询数据库,检查匹配的用户名/密码,然后查看使用Auth-> authorize指定的备用对象.也就是说,更改授权只会添加第二级过滤器,它不会替换数据库查找.
// The process 1. User provides details 2. Cake checks the database 3. If OK,then check the custom object method 4. If OK,return true // What I'd like: 1. User provides details. 2. Check the custom object method 3. If OK,return true 4. Profit.
关于如何做到这一点的任何想法,希望没有黑客核心文件?
假设您只是绑定LDAP并从MysqL存储/检索用户数据,这种方法将作为“桥梁”工作,它将自动为成功登录创建帐户:
// app/controllers/components/ldap_auth.PHP <?PHP App::import('Component','Auth'); class LdapAuthComponent extends AuthComponent { /** * Don't hash passwords */ function hashPasswords($data){ return $data; } /** * We will initially identify the user */ function identify($user=null,$conditions=null) { // bind credentials against ldap $ldapUser = $this->_ldapAuth($user); // do your stuff if (!$ldapUser) { return null; // if bind fails,then return null (as stated in api) } // get the cake model you would normally be authenticating against $model =& $this->getModel(); // default is User // check for existing User in MysqL $user = $model->find('first',array('conditions' => array( 'username' => $ldapUser['cn'] )); // if no existing User,create a new User if (!$user) { $user = $model->save(array('User' => array( 'username' => $ldapUser['cn'],// .. map needed ldap fields to MysqL fields .. ))); if (!$user) { $this->cakeError('ldapcreateuser'); } // pass the id of the newly created User to Auth's identify return parent::identify($model->id,$conditions); } // pass the id of the existing User to Auth's identify return parent::identify($user[$this->usermodel][$model->primaryKey],$conditions); } /** * Lets check LDAP * * @return mixed Array of user data from ldap,or false if bind fails */ function _ldapAuth($user) { $username = $user[$this->usermodel][$this->fields['username']]; $password = $user[$this->usermodel][$this->fields['password']]; // use the PHP ldap functions here return $ldapUser; } } ?>
要使用,请在应用程序中将所有对Auth的引用替换为LdapAuth,或者按照instructions here进行操作.
请注意,虽然受保护的_ldapAuth()方法可以抽象为LdapUser模型,并且该模型应该从LdapSource读取,并且LDAP服务器连接设置应该在database.PHP配置中,并且LdapAuthComponent应该适合使用可配置的字段映射,这些都不是“完成它”的要求.
