@@ -246,7 +246,7 @@ Authenticating against an LDAP server can be done using either the form
246246login or the HTTP Basic authentication providers.
247247
248248They are configured exactly as their non-LDAP counterparts, with the
249- addition of two configuration keys:
249+ addition of two configuration keys and one optional key :
250250
251251service
252252.......
@@ -295,6 +295,19 @@ than one is found.
295295Examples are provided below, for both ``form_login_ldap `` and
296296``http_basic_ldap ``.
297297
298+ query_string
299+ ............
300+
301+ **type **: ``string `` **default **: ``null ``
302+
303+ This optional key defines the form of the query used in order to search the
304+ DN of the user, from the username. The ``{username} `` string is replaced by
305+ the actual username of the person trying to authenticate.
306+
307+ This setting is only necessary if the users DN cannot be derived statically
308+ using the `dn_string ` config option.
309+
310+
298311Configuration example for form login
299312....................................
300313
@@ -404,5 +417,66 @@ Configuration example for HTTP Basic
404417 ),
405418 );
406419
420+
421+ .....................................................
422+
423+ ..configuration-block ::
424+
425+ ..code-block ::yaml
426+
427+ # app/config/security.yml
428+ security :
429+ # ...
430+
431+ firewalls :
432+ main :
433+ # ...
434+ form_login_ldap :
435+ login_path :login
436+ check_path :login_check
437+ # ...
438+ service :ldap
439+ dn_string :' dc=example,dc=com'
440+ query_string :' (&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))'
441+
442+ code-block ::xml
443+
444+ <!-- app/config/security.xml-->
445+ <?xml version =" 1.0" encoding =" UTF-8"
446+ <srv : container xmlns =" http://symfony.com/schema/dic/security"
447+ xmlns : xsi =" http://www.w3.org/2001/XMLSchema-instance"
448+ xmlns : srv =" http://symfony.com/schema/dic/services"
449+ xsi : schemaLocation =" http://symfony.com/schema/dic/services
450+ http://symfony.com/schema/dic/services/services-1.0.xsd" >
451+
452+ <config >
453+ <firewall name =" main"
454+ <form-login-ldap
455+ login-path =" login"
456+ check-path =" login_check"
457+ service =" ldap"
458+ dn-string =" dc=example,dc=com"
459+ query-string =" (& (uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))"
460+ </firewall >
461+ </config >
462+ </srv : container >
463+
464+ code-block ::php
465+
466+ $container->loadFromExtension('security', array(
467+ 'firewalls' => array(
468+ 'main' => array(
469+ 'form_login_ldap' => array(
470+ 'login_path' => 'login',
471+ 'check_path' => 'login_check',
472+ 'service' => 'ldap',
473+ 'dn_string' => 'dc=example,dc=com',
474+ 'query_string' => '(& (uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))',
475+ // ...
476+ ),
477+ ),
478+ )
479+ );
480+
407481`RFC4515` :http://www.faqs.org/rfcs/rfc4515.html
408482.. _`LDAP injection` :http://projects.webappsec.org/w/page/13246947/LDAP%20Injection