LDAP Authentication with Symfony 2.8

Question

I'm trying to use the new LdapUserProvider in Symfony 2.8. I believe I have configured everything per the docs.

My user can successfully authenticate, and then gets redirected to the secured page. After the redirection is where the issue begins. Symfony tries to bind as the authenticated user, but with a null password, which is rejected by open ldap.

Here are the relevant log entries and config values.

Config:

services:
    app.ldap:
        class: Symfony\Component\Ldap\LdapClient
        arguments: [ "localhost" ]

Security:

security:
    firewalls:
        restricted_area:
            provider: app_users
            form_login_ldap:
                service: app.ldap
                dn_string: "uid={username},DC=mydomain,DC=net"
                check_path: login_check
                login_path: login
    providers:
        app_users:
            ldap:
                service: app.ldap
                base_dn: dc=mydomain,dc=net
                search_dn: cn=Manager,DC=mydomain,DC=net
                search_password: secretPassword
                filter: "(&(aptAccountEnabled=1)(ObjectClass=aptAccount)(uid={username}))"
                default_roles: ROLE_USER

And the log file:

[2015-12-18 13:55:11] request.INFO: Matched route "login_check". {"route_parameters":{"_route":"login_check"},"request_uri":"http://ancdev.admin.aptalaska.net/~dmorphis/Portal/web/app_dev.php/Login/Verify"} []
[2015-12-18 13:55:11] security.DEBUG: Read existing security token from the session. {"key":"_security_restricted_area"} []
[2015-12-18 13:55:11] security.DEBUG: User was reloaded from a user provider. {"username":"dan.smartrg","provider":"Symfony\\Component\\Security\\Core\\User\\LdapUserProvider"} []
[2015-12-18 13:55:26] security.INFO: User has been authenticated successfully. {"username":"dan.smartrg"} []
<snip>
[2015-12-18 13:55:26] security.DEBUG: Stored the security token in the session. {"key":"_security_restricted_area"} []
<snip>
[2015-12-18 13:55:27] request.INFO: Matched route "home.index". {"route_parameters":{"_controller":"Apt\\PortalBundle\\Controller\\DefaultController::indexAction","_route":"home.index"},"request_uri":"http://ancdev.admin.aptalaska.net/~dmorphis/Portal/web/app_dev.php/"} []
[2015-12-18 13:55:28] security.DEBUG: Read existing security token from the session. {"key":"_security_restricted_area"} []
[2015-12-18 13:55:28] security.DEBUG: User was reloaded from a user provider. {"username":"dan.smartrg","provider":"Symfony\\Component\\Security\\Core\\User\\LdapUserProvider"} []
[2015-12-18 13:56:15] php.DEBUG: ldap_bind(): Unable to bind to server: Server is unwilling to perform {"type":2,"file":"/home/dmorphis/public_html/Portal/vendor/symfony/symfony/src/Symfony/Component/Ldap/LdapClient.php","line":73,"level":28928} []
[2015-12-18 13:56:15] app.ERROR: Bad credentials. [{"file":"/home/dmorphis/public_html/Portal/app/cache/dev/classes.php","line":2697,"function":"authenticate","class":"Symfony\\Component\\Security\\Core\\Authentication\\Provider\\UserAuthenticationProvide <truncated>
[2015-12-18 13:56:15] security.INFO: An AuthenticationException was thrown; redirecting to authentication entry point.

Answer 1

Finally I found what was the problem.

You have to chain the UserProvider:

chain_provider:
    chain:
             providers: [in_memory, app_users]
    in_memory:
        memory: ~
    app_users:
        ldap:
           .....</i>