Skip to content

Commit 609db7e

Browse files
javiereguiluzjaviereguiluz
committed
minor #17089 [Ldap][Security] Deprecate {username} in favor of {user_identifier} (javiereguiluz)
This PR was merged into the 6.2 branch. Discussion ---------- [Ldap][Security] Deprecate {username} in favor of {user_identifier} Fix #17078. Commits ------- 156e0a3 [Security] Deprecate {username} in favor of {user_identifier}
2 parents a022fea + 156e0a3 commit 609db7e

File tree

2 files changed

+25
-20
lines changed

2 files changed

+25
-20
lines changed

reference/configuration/security.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -610,9 +610,9 @@ This is the name of your configured LDAP client.
610610
dn_string
611611
.........
612612

613-
**type**: ``string`` **default**: ``{username}``
613+
**type**: ``string`` **default**: ``{user_identifier}``
614614

615-
This is the string which will be used as the bind DN. The ``{username}``
615+
This is the string which will be used as the bind DN. The ``{user_identifier}``
616616
placeholder will be replaced with the user-provided value (their login).
617617
Depending on your LDAP server's configuration, you may need to override
618618
this value.
@@ -622,7 +622,7 @@ query_string
622622

623623
**type**: ``string`` **default**: ``null``
624624

625-
This is the string which will be used to query for the DN. The ``{username}``
625+
This is the string which will be used to query for the DN. The ``{user_identifier}``
626626
placeholder will be replaced with the user-provided value (their login).
627627
Depending on your LDAP server's configuration, you will need to override
628628
this value. This setting is only necessary if the user's DN cannot be derived

security/ldap.rst

Lines changed: 22 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -290,14 +290,19 @@ filter
290290

291291
This key lets you configure which LDAP query will be used. The ``{uid_key}``
292292
string will be replaced by the value of the ``uid_key`` configuration value
293-
(by default, ``sAMAccountName``), and the ``{username}`` string will be
294-
replaced by the username you are trying to load.
293+
(by default, ``sAMAccountName``), and the ``{user_identifier}`` string will be
294+
replaced by the user identified you are trying to load.
295+
296+
.. deprecated:: 6.2
297+
298+
Starting from Symfony 6.2, the ``{username}`` string was deprecated in favor
299+
of ``{user_identifier}``.
295300

296301
For example, with a ``uid_key`` of ``uid``, and if you are trying to
297302
load the user ``fabpot``, the final string will be: ``(uid=fabpot)``.
298303

299304
If you pass ``null`` as the value of this option, the default filter is used
300-
``({uid_key}={username})``.
305+
``({uid_key}={user_identifier})``.
301306

302307
To prevent `LDAP injection`_, the username will be escaped.
303308

@@ -324,15 +329,15 @@ number or contain white spaces.
324329
dn_string
325330
.........
326331

327-
**type**: ``string`` **default**: ``{username}``
332+
**type**: ``string`` **default**: ``{user_identifier}``
328333

329334
This key defines the form of the string used to compose the
330-
DN of the user, from the username. The ``{username}`` string is
335+
DN of the user, from the username. The ``{user_identifier}`` string is
331336
replaced by the actual username of the person trying to authenticate.
332337

333338
For example, if your users have DN strings in the form
334339
``uid=einstein,dc=example,dc=com``, then the ``dn_string`` will be
335-
``uid={username},dc=example,dc=com``.
340+
``uid={user_identifier},dc=example,dc=com``.
336341

337342
query_string
338343
............
@@ -342,8 +347,8 @@ query_string
342347
This (optional) key makes the user provider search for a user and then use the
343348
found DN for the bind process. This is useful when using multiple LDAP user
344349
providers with different ``base_dn``. The value of this option must be a valid
345-
search string (e.g. ``uid="{username}"``). The placeholder value will be
346-
replaced by the actual username.
350+
search string (e.g. ``uid="{user_identifier}"``). The placeholder value will be
351+
replaced by the actual user identifier.
347352

348353
When this option is used, ``query_string`` will search in the DN specified by
349354
``dn_string`` and the DN resulted of the ``query_string`` will be used to
@@ -376,7 +381,7 @@ Configuration example for form login
376381
form_login_ldap:
377382
# ...
378383
service: Symfony\Component\Ldap\Ldap
379-
dn_string: 'uid={username},dc=example,dc=com'
384+
dn_string: 'uid={user_identifier},dc=example,dc=com'
380385
381386
.. code-block:: xml
382387
@@ -393,7 +398,7 @@ Configuration example for form login
393398
<config>
394399
<firewall name="main">
395400
<form-login-ldap service="Symfony\Component\Ldap\Ldap"
396-
dn-string="uid={username},dc=example,dc=com"/>
401+
dn-string="uid={user_identifier},dc=example,dc=com"/>
397402
</firewall>
398403
</config>
399404
</srv:container>
@@ -408,7 +413,7 @@ Configuration example for form login
408413
$security->firewall('main')
409414
->formLoginLdap()
410415
->service(Ldap::class)
411-
->dnString('uid={username},dc=example,dc=com')
416+
->dnString('uid={user_identifier},dc=example,dc=com')
412417
;
413418
};
414419
@@ -428,7 +433,7 @@ Configuration example for HTTP Basic
428433
stateless: true
429434
http_basic_ldap:
430435
service: Symfony\Component\Ldap\Ldap
431-
dn_string: 'uid={username},dc=example,dc=com'
436+
dn_string: 'uid={user_identifier},dc=example,dc=com'
432437
433438
.. code-block:: xml
434439
@@ -447,7 +452,7 @@ Configuration example for HTTP Basic
447452
448453
<firewall name="main" stateless="true">
449454
<http-basic-ldap service="Symfony\Component\Ldap\Ldap"
450-
dn-string="uid={username},dc=example,dc=com"/>
455+
dn-string="uid={user_identifier},dc=example,dc=com"/>
451456
</firewall>
452457
</config>
453458
</srv:container>
@@ -463,7 +468,7 @@ Configuration example for HTTP Basic
463468
->stateless(true)
464469
->formLoginLdap()
465470
->service(Ldap::class)
466-
->dnString('uid={username},dc=example,dc=com')
471+
->dnString('uid={user_identifier},dc=example,dc=com')
467472
;
468473
};
469474
@@ -484,7 +489,7 @@ Configuration example for form login and query_string
484489
form_login_ldap:
485490
service: Symfony\Component\Ldap\Ldap
486491
dn_string: 'dc=example,dc=com'
487-
query_string: '(&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))'
492+
query_string: '(&(uid={user_identifier})(memberOf=cn=users,ou=Services,dc=example,dc=com))'
488493
search_dn: '...'
489494
search_password: 'the-raw-password'
490495
@@ -505,7 +510,7 @@ Configuration example for form login and query_string
505510
<!-- ... -->
506511
<form-login-ldap service="Symfony\Component\Ldap\Ldap"
507512
dn-string="dc=example,dc=com"
508-
query-string="(&amp;(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))"
513+
query-string="(&amp;(uid={user_identifier})(memberOf=cn=users,ou=Services,dc=example,dc=com))"
509514
search-dn="..."
510515
search-password="the-raw-password"/>
511516
</firewall>
@@ -524,7 +529,7 @@ Configuration example for form login and query_string
524529
->formLoginLdap()
525530
->service(Ldap::class)
526531
->dnString('dc=example,dc=com')
527-
->queryString('(&(uid={username})(memberOf=cn=users,ou=Services,dc=example,dc=com))')
532+
->queryString('(&(uid={user_identifier})(memberOf=cn=users,ou=Services,dc=example,dc=com))')
528533
->searchDn('...')
529534
->searchPassword('the-raw-password')
530535
;

0 commit comments

Comments
 (0)