How to get plain password user with Symfony2?

Question

I have to get the user's plain password for LDAP authentification and then retrieve LDAP user informations in the Active Directory with Symfony2.

/**
 * @Route("/infos-profil/{id}", name="infos_profil")
 * @Template()
 */
public function infosProfilAction($id)
{
    $em = $this->getDoctrine()->getManager();
    $user = $em->getRepository('MyUserBundle:LdapUser')->find($id); // Find User Entity
    if (!$user) {
        throw $this->createNotFoundException('Unable to find LdapUser entity.');
    }
    $login = $user->getUsername(); // Login
    $pass = $user->getPlainPassword(); // Password
    $ds = ldap_connect("12.34.56.789");  // Domain connexion
    if ($ds) {
        $r = ldap_bind($ds, $login, $pass); // LDAP User connexion
        if ($r) {
            $filter = "(&(objectClass=user)(samaccountname=".$login.")(cn=*))";
            $sr=ldap_search($ds, "ou=DOMAIN, ou=Test, ou=Users, dc=ats, dc=lan", $filter);
            $info = ldap_get_entries($ds, $sr); // Retrieve user's Active Direcory informations
        }
    }
    return array(
        'user' => $user,
        'info' => $info,
}

But it doesn't work, $pass is empty. When I put the plain password manually in the ldap_bind() function it works perfectly, I just have to get the plain password ! ...

Is it possible ?

Answer 1

You don't need the user's password to retrieve information about them from active directory. Once they are authenticated simply look them up via LDAP using their username, with either an anonymous connection or failing that, a known privileged account.

Answer 2

It isn't possible to retrieve plain password from database for obvious security reasons.

For your problem, you should create a custom Authentication Provider, following this tutorial : https://symfony.com/doc/4.4/security/custom_authentication_provider.html

This way, your provider will get the plain password from the login form and you will be able to send it to your LDAP server.