symfony
diff --git a/‎UPGRADE-4.4.md
Lines changed: 1 addition & 0 deletions b/‎UPGRADE-4.4.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎UPGRADE-5.0.md
Lines changed: 1 addition & 0 deletions b/‎UPGRADE-5.0.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/composer.json
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/composer.json
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Ldap/Security/User/LdapUser.php
Lines changed: 90 additions & 0 deletions b/‎src/Symfony/Component/Ldap/Security/User/LdapUser.php
Lines changed: 90 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Ldap/Security/User/LdapUserProvider.php
Lines changed: 161 additions & 0 deletions b/‎src/Symfony/Component/Ldap/Security/User/LdapUserProvider.php
Lines changed: 161 additions & 0 deletions
@@ -141,6 +141,7 @@ Routing
 Security
 --------
 
+ * The `LdapUserProvider` class has been deprecated, use `Symfony\Component\Ldap\Security\User\LdapUserProvider` instead.
  * Implementations of `PasswordEncoderInterface` and `UserPasswordEncoderInterface` should add a new `needsRehash()` method
 
 Stopwatch
 
@@ -372,6 +372,7 @@ Routing
 Security
 --------
 
+ * The `LdapUserProvider` class has been removed, use `Symfony\Component\Ldap\Security\User\LdapUserProvider` instead.
  * Implementations of `PasswordEncoderInterface` and `UserPasswordEncoderInterface` must have a new `needsRehash()` method
  * The `Role` and `SwitchUserRole` classes have been removed.
  * The `getReachableRoles()` method of the `RoleHierarchy` class has been removed. It has been replaced by the new
 
@@ -175,7 +175,7 @@
             <deprecated>The "%service_id%" service is deprecated since Symfony 4.1.</deprecated>
         </service>
 
-        <service id="security.user.provider.ldap" class="Symfony\Component\Security\Core\User\LdapUserProvider" abstract="true">
+        <service id="security.user.provider.ldap" class="Symfony\Component\Ldap\Security\User\LdapUserProvider" abstract="true">
             <argument /> <!-- security.ldap.ldap -->
             <argument /> <!-- base dn -->
             <argument /> <!-- search dn -->
 
@@ -51,7 +51,8 @@
         "symfony/twig-bundle": "<4.4",
         "symfony/var-dumper": "<3.4",
         "symfony/framework-bundle": "<4.4",
-        "symfony/console": "<3.4"
+        "symfony/console": "<3.4",
+        "symfony/ldap": "<4.4"
     },
     "autoload": {
         "psr-4": { "Symfony\\Bundle\\SecurityBundle\\": "" },
 
@@ -0,0 +1,90 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Ldap\Security\User;
+
+use Symfony\Component\Ldap\Entry;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ *
+ * @internal
+ */
+class LdapUser implements UserInterface
+{
+    private $entry;
+    private $username;
+    private $password;
+    private $roles;
+    private $extraFields;
+
+    public function __construct(Entry $entry, string $username, ?string $password, array $roles = [], array $extraFields = [])
+    {
+        if (!$username) {
+            throw new \InvalidArgumentException('The username cannot be empty.');
+        }
+
+        $this->entry = $entry;
+        $this->username = $username;
+        $this->password = $password;
+        $this->roles = $roles;
+        $this->extraFields = $extraFields;
+    }
+
+    public function getEntry(): Entry
+    {
+        return $this->entry;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getRoles()
+    {
+        return $this->roles;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getSalt()
+    {
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getUsername()
+    {
+        return $this->username;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function eraseCredentials()
+    {
+    }
+
+    public function getExtraFields(): array
+    {
+        return $this->extraFields;
+    }
+}
@@ -0,0 +1,161 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Ldap\Security\User;
+
+use Symfony\Component\Ldap\Entry;
+use Symfony\Component\Ldap\Exception\ConnectionException;
+use Symfony\Component\Ldap\LdapInterface;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+
+/**
+ * LdapUserProvider is a simple user provider on top of ldap.
+ *
+ * @author Grégoire Pineau <lyrixx@lyrixx.info>
+ * @author Charles Sarrazin <charles@sarraz.in>
+ * @author Robin Chalas <robin.chalas@gmail.com>
+ */
+class LdapUserProvider implements UserProviderInterface
+{
+    private $ldap;
+    private $baseDn;
+    private $searchDn;
+    private $searchPassword;
+    private $defaultRoles;
+    private $uidKey;
+    private $defaultSearch;
+    private $passwordAttribute;
+    private $extraFields;
+
+    public function __construct(LdapInterface $ldap, string $baseDn, string $searchDn = null, string $searchPassword = null, array $defaultRoles = [], string $uidKey = null, string $filter = null, string $passwordAttribute = null, array $extraFields = [])
+    {
+        if (null === $uidKey) {
+            $uidKey = 'sAMAccountName';
+        }
+
+        if (null === $filter) {
+            $filter = '({uid_key}={username})';
+        }
+
+        $this->ldap = $ldap;
+        $this->baseDn = $baseDn;
+        $this->searchDn = $searchDn;
+        $this->searchPassword = $searchPassword;
+        $this->defaultRoles = $defaultRoles;
+        $this->uidKey = $uidKey;
+        $this->defaultSearch = str_replace('{uid_key}', $uidKey, $filter);
+        $this->passwordAttribute = $passwordAttribute;
+        $this->extraFields = $extraFields;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function loadUserByUsername($username)
+    {
+        try {
+            $this->ldap->bind($this->searchDn, $this->searchPassword);
+            $username = $this->ldap->escape($username, '', LdapInterface::ESCAPE_FILTER);
+            $query = str_replace('{username}', $username, $this->defaultSearch);
+            $search = $this->ldap->query($this->baseDn, $query);
+        } catch (ConnectionException $e) {
+            throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username), 0, $e);
+        }
+
+        $entries = $search->execute();
+        $count = \count($entries);
+
+        if (!$count) {
+            throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username));
+        }
+
+        if ($count > 1) {
+            throw new UsernameNotFoundException('More than one user found');
+        }
+
+        $entry = $entries[0];
+
+        try {
+            if (null !== $this->uidKey) {
+                $username = $this->getAttributeValue($entry, $this->uidKey);
+            }
+        } catch (InvalidArgumentException $e) {
+        }
+
+        return $this->loadUser($username, $entry);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function refreshUser(UserInterface $user)
+    {
+        if (!$user instanceof LdapUser) {
+            throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
+        }
+
+        return new LdapUser($user->getEntry(), $user->getUsername(), $user->getPassword(), $user->getRoles());
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function supportsClass($class)
+    {
+        return LdapUser::class === $class;
+    }
+
+    /**
+     * Loads a user from an LDAP entry.
+     *
+     * @return LdapUser
+     */
+    protected function loadUser($username, Entry $entry)
+    {
+        $password = null;
+        $extraFields = [];
+
+        if (null !== $this->passwordAttribute) {
+            $password = $this->getAttributeValue($entry, $this->passwordAttribute);
+        }
+
+        foreach ($this->extraFields as $field) {
+            $extraFields[$field] = $this->getAttributeValue($entry, $field);
+        }
+
+        return new LdapUser($entry, $username, $password, $this->defaultRoles, $extraFields);
+    }
+
+    /**
+     * Fetches a required unique attribute value from an LDAP entry.
+     *
+     * @param Entry|null $entry
+     * @param string     $attribute
+     */
+    private function getAttributeValue(Entry $entry, $attribute)
+    {
+        if (!$entry->hasAttribute($attribute)) {
+            throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn()));
+        }
+
+        $values = $entry->getAttribute($attribute);
+
+        if (1 !== \count($values)) {
+            throw new InvalidArgumentException(sprintf('Attribute "%s" has multiple values.', $attribute));
+        }
+
+        return $values[0];
+    }
+}