LDAP Rule Failure

[jollyrogers11]

I am trying to add an LDAP Rule and apply the rule when the user logs in. I am in a Laravel project so I added the rule in auth.php:

The rule seems to be working when I call Auth::attempt. I deliberately changed the group the rule was looking for on authentication so it would fail and now I am not sure how to distinguish between a user not putting in the correct credentials or if this rule failed. Am I missing something easy?

[stevebauman]

Hi @jollyrogers11,

If you enable logging you should see the user rejection output in the logs:

LdapRecord-Laravel/src/LdapUserAuthenticator.php

Line 98 in 35f1162

$this->rejected($user);

LdapRecord-Laravel/src/Events/Auth/Rejected.php

Line 17 in 35f1162

return "User [{$this->object->getName()}] has failed validation. They have been denied authentication.";

[jollyrogers11]

Hi @stevebauman,

I am seeing that in the log file so I know it is failing:

I was just wondering if there is a way to communicate the failure to the user at the time of authentication. In my LoginController I am doing the following:

Instead of just letting them know their login was not successful, I wanted to let them know they do not have access to login. Is there a way to do that?

[stevebauman]

Hi @jollyrogers11,

Understood!

You could listen for the Rejected event, and then abort with the redirect message:

use Illuminate\Support\Facades\Event;
use LdapRecord\Laravel\Events\Auth\Rejected;

// ...

public function login(Request $request)
{
    Event::listen(Rejected::class, function () {
        abort(redirect('/')->with(['oneError' => 'Sorry, your login attempt was rejected.']));
    });

    // Auth::attempt() ... 
}

Let me know if that works for you 👍

[jollyrogers11]

Thanks @stevebauman!!

That is exactly what I was looking for.

[stevebauman]

Excellent, happy to help @jollyrogers11!