From 37e23491022c0440573378809b964b0eacc848a9 Mon Sep 17 00:00:00 2001 From: Florent Morselli Date: Thu, 13 Feb 2025 09:36:07 +0100 Subject: [PATCH] Add `role_fetcher` option to LDAP security configuration The `role_fetcher` option allows defining a service to fetch user roles from the LDAP server by implementing `RoleFetcherInterface`. This option was introduced in Symfony 7.3, and it supersedes `default_roles` when set. The `MemberOfRoles` implementation can be used to retrieve roles from the `ismemberof` attribute. --- security/ldap.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/security/ldap.rst b/security/ldap.rst index 081be764290..923d74807dc 100644 --- a/security/ldap.rst +++ b/security/ldap.rst @@ -256,6 +256,23 @@ This is the default role you wish to give to a user fetched from the LDAP server. If you do not configure this key, your users won't have any roles, and will not be considered as authenticated fully. +role_fetcher +............ + +**type**: ``string`` **default**: ``null`` + +When your LDAP service provides user roles, you can use this configuration option +to define the role fetcher service. The role fetcher service must implement the +``Component\Ldap\Security\RoleFetcherInterface`` interface. +``default_roles`` is ignored when ``role_fetcher`` is set. + +``Symfony\Component\Ldap\Security\MemberOfRoles`` is a concrete implementation +of the ``RoleFetcherInterface`` that fetches roles from the ``ismemberof`` attribute. + +.. versionadded:: 7.3 + + The configuration option ``role_fetcher`` was introduced in Symfony 7.3. + uid_key .......