Enable or disable ldap auth per user

[Restingo]

Is it possible to enable or disable ldap authentication and "fall back" to database directly with a field in the user table?

[stevebauman]

Hi @Restingo,

You would have to do this prior to calling Auth::attempt() so that you may send the fallback credentials conditionally.

If you're using Laravel's older authentication foundation, you could do this:

// app/Http/Controllers/Auth/LoginController.php

protected function credentials()
{
    $credentials = [
        'mail' => $request->email,
        'password' => $request->password, 
    ];

    if ($user = User::whereEmail($request->email)->whereFallback(true)->first()) {
        $credentials['fallback'] = $request->only('email', 'password');
    }

    return $credentials;
}

[Restingo]

Okay but if I think correctly I don't need multiple guards but either

1. a way to disable LDAP for some users in LDAP guard
2. a way to change the provider for a guard

Am I right?

[Restingo]

Or as a third possibility, include a manual direct fallback in DatabaseUserProvider?

[Restingo]

@stevebauman would you accept a PR, implement it yourself or don't want such feature in your project?

[Restingo]

?

[stevebauman]

Hi @Restingo, apologies for the late reply.

Okay but if I think correctly I don't need multiple guards

I'm honestly not sure how you would implement that. If you were to dynamically swap the provider out upon authentication for a specific guard, you would somehow have to retrieve that same provider and set it on the same guard upon every request for logged in users.

You would likely have to save the provider in the users session, and restore that provider before the auth middleware gets called. Problem is, that auth middleware is configurable by developers in the default Laravel stack and can be removed, replaced or moved up/down the middleware chain, making this much more difficult to choreograph. LdapRecord-Laravel shouldn't touch or assume any knowledge of the Guard driver (i.e. session vs token). If you're talking about doing this in your own application however, then you can absolutely do that 👍

Or as a third possibility, include a manual direct fallback in DatabaseUserProvider?

I'm not sure if this is the right approach. If we're falling directly back to the EloquentUserProvider, it defeats the purpose of using the ldap authentication driver.

Would you accept a PR, implement it yourself or don't want such feature in your project?

This particular authentication approach seems very application specific. I'm not sure if this is a feature many would use, since you could just use the eloquent provider instead of ldap. Please correct me if I'm not understanding properly.