Auth: Add LDAP authenticator - refs BT#22300

Author: AngelFQC

config/authentication.dist.yaml

@@ -63,3 +63,27 @@ parameters:
                     script_users_delta: false
                     script_usergroups_delta: false
                     group_filter_regex: ''
+
+            ldap:
+                enabled: false
+                title: 'LDAP'
+                connection_string: 'ldap://localhost:389'
+                protocol_version: 3
+                referrals: false
+                dn_string: '{username}'
+                query_string: null
+                base_dn: 'DC=cblue,DC=be'
+                search_dn: 'CN=admin,dc=cblue,dc=be'
+                search_password: 'pass'
+                filter: null
+                uid_key: 'uid'
+                password_attribute: 'userPassword'
+                data_correspondence:
+                    firstname: 'givenName'
+                    lastname: 'sn'
+                    email: 'mail'
+                    locale: null
+                    role: null
+                    phone: null
+                    active: null
+                    admin: null

config/packages/security.yaml

@@ -120,6 +120,7 @@ security:
                 - Chamilo\CoreBundle\Security\Authenticator\OAuth2\FacebookAuthenticator
                 - Chamilo\CoreBundle\Security\Authenticator\OAuth2\KeycloakAuthenticator
                 - Chamilo\CoreBundle\Security\Authenticator\OAuth2\AzureAuthenticator
+                - Chamilo\CoreBundle\Security\Authenticator\Ldap\LdapAuthenticator
 
     access_control:
         - { path: ^/login/token/check, roles: PUBLIC_ACCESS }

config/services.yaml

@@ -162,6 +162,18 @@ services:
         arguments:
             - '%env(AZURE_STORAGE_CONNECTION_STRING)%'
 
+    Chamilo\CoreBundle\Security\Authenticator\Ldap\ExtAdapter: ~
+
+    Symfony\Component\Ldap\Ldap:
+        arguments: [ '@Chamilo\CoreBundle\Security\Authenticator\Ldap\ExtAdapter' ]
+        tags:
+            - ldap
+
+    Symfony\Component\Ldap\Security\CheckLdapCredentialsListener:
+        arguments: [ '@security.ldap_locator' ]
+        tags:
+            - { name: kernel.event_subscriber, dispatcher: security.event_dispatcher.main }
+
 cocur_slugify:
     lowercase: true
 

src/CoreBundle/Controller/SecurityController.php

@@ -16,6 +16,7 @@
 use Chamilo\CoreBundle\Repository\Node\AccessUrlRepository;
 use Chamilo\CoreBundle\Repository\Node\CourseRepository;
 use Chamilo\CoreBundle\Repository\TrackELoginRecordRepository;
+use Chamilo\CoreBundle\Security\Authenticator\Ldap\LdapAuthenticator;
 use Chamilo\CoreBundle\Security\Authenticator\LoginTokenAuthenticator;
 use Chamilo\CoreBundle\Settings\SettingsManager;
 use DateTime;
@@ -219,6 +220,16 @@ public function loginTokenCheck(): Response
         return new Response(null, Response::HTTP_NO_CONTENT);
     }
 
+    /**
+     * @see LdapAuthenticator
+     */
+    #[Route('/login/ldap/check', name: 'login_ldap_check', methods: ['POST'])]
+    public function ldapLoginCheck(): Response
+    {
+        // this response was managed in LdapAuthenticator class
+        return new Response(null, Response::HTTP_NO_CONTENT);
+    }
+
     /**
      * Validates the provided TOTP code for the given user.
      *

src/CoreBundle/Helpers/AuthenticationConfigHelper.php

@@ -159,4 +159,19 @@ public function getOAuthProviderOptions(string $providerType, array $config): ar
 
         return array_filter($defaults, fn ($value) => null !== $value);
     }
+
+
+    /**
+     * @return array<string, mixed>
+     */
+    public function getLdapConfig(?AccessUrl $url): array
+    {
+        $authentication = $this->getAuthSources($url);
+
+        if (isset($authentication['ldap'])) {
+            return $authentication['ldap'];
+        }
+
+        return [];
+    }
 }

src/CoreBundle/Security/Authenticator/Ldap/ExtAdapter.php

@@ -0,0 +1,29 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Security\Authenticator\Ldap;
+
+use Chamilo\CoreBundle\Helpers\AuthenticationConfigHelper;
+use Symfony\Component\Ldap\Adapter\ExtLdap\Adapter;
+
+class ExtAdapter extends Adapter
+{
+    public function __construct(
+        private readonly AuthenticationConfigHelper $authConfigHelper,
+    ) {
+        $params = $this->authConfigHelper->getLdapConfig(null);
+
+        $config = [
+            'connection_string' => $params['connection_string'] ?? 'ldap://localhost:389',
+            'options' => [
+                'protocol_version' => $params['protocol_version'] ?? 3,
+                'referrals' => $params['referrals'] ?? false,
+            ],
+        ];
+
+        parent::__construct($config);
+    }
+}