Authentication Active Directory in Laravel which package will you recommend if there are no admins in ldap?

Good day!
I tried to use
https://github.com/krenor/ldap-auth - there is some sort of internal error, because the count can't count
count(): Parameter must be an array or an object that implements Countable

https://github.com/jotaelesalinas/laravel-simple-l... - there the page just restarts without error, using dd() I realized that he does not even employ the method attemptLogin() although the idea it is the main

What can you do with the normal documentation and to no accounts admin
The ldap any user can read the data on the other, I just have to check username and password if you return true then everything is fine is allowed, false well, I think it is clear
March 23rd 20 at 19:30
1 answer
March 23rd 20 at 19:32
Solution
Why not raise the normal separate Identity Server (for example Keycloak) and work in Laravel with all the already familiar OpenId?

PS I do not remember who thanked for this software, but this man is also here. Thanks to him, whether
Active Directory in the company, I have no power over him and I got attached to him
So you have what you have
or is it some sort of layer? - Linnie42 commented on March 23rd 20 at 19:35
@Linnie42, is a layer - https://www.keycloak.org/. We are all exactly the same and we translate it is of the system with another product. All you need is to connect ldaps and configure the openID client application - Bert commented on March 23rd 20 at 19:38
@Bert, Thanks, I read the documentation, it seems what I need, but I guess then the question arises as to tie in with laravel)) well expect in the near future, although I'll try to figure it out myself) - Linnie42 commented on March 23rd 20 at 19:41
@Linnie42, the conventional Single Sign-on) you can thank me later when systems will be more than one) - Bert commented on March 23rd 20 at 19:44
@Linnie42, well, just aim for the OpenId + jwt - Bert commented on March 23rd 20 at 19:47
@Bert, systems are not expected to have more than one, that won't be such a corporate network, and all sit on one, security will not allow)) but with the setting up of the Federation until the problem and the problem is not in keycloak, but that is not an admin on ldap(( keycloak says that 0 users are synchronized when the bind type put none, and when put to simple error, while I enter my username and password correctly, then googled, turned out to be necessary to login to write in the format uid=user,dc=corp,dc=company,dc=ru ' but this generated another error - Linnie42 commented on March 23rd 20 at 19:50
@Linnie42, if you write in a personal then you can even call up and I'll give the normal configs and tell the nuances. Free, don't worry) - Bert commented on March 23rd 20 at 19:53
Thank you all for interesting product keycloack (cloaca for keys?). Have been looking for like that - should help me. @Bert, if that too personal? :) - flossie.Lockman commented on March 23rd 20 at 19:56
Not yet tested keyscloack, but I just want the question - do I understand correctly that when transferring to the server keycloack domain password will not need to enter because it uses the current account system. Right? After all, the point of this was to ban the entry of domain passwords anywhere except at the entrance to the system where it is almost impossible to intercept. - flossie.Lockman commented on March 23rd 20 at 19:59
@flossie.Lockman, is not correct. Such stories ended around the time when she died of ActiveX in IE. The browser is always individual life, but the password is common and to change it it will be possible from the browser too - Bert commented on March 23rd 20 at 20:02
@flossie.Lockman, looking for something - Bert commented on March 23rd 20 at 20:05
@flossie.Lockman, When I read the documentation, I stumbled on Kerberos, as I understand it what you need. In the case of windows systems, you must have implemented Kerberos in the domain, after authentication system, Kerberos can authenticate you and other services. In Keycloak this functionality is available in the Authentication tab
5dd3e2c60707e611490525.png
⇑ this is the keycloak admin panel (After the publication saw the quality in General is written there Kerberos)
5dd3e3047bb83476383795.png
Docks Mike

All in kerberos from the docks keycloak - Linnie42 commented on March 23rd 20 at 20:08

Find more questions by tags LaravelActive DirectoryLDAP