vjGuardADPlugin - 1.0.1

Active Directory authentication - Identity management - SSO with NTLM protocol.

You are currently browsing
the website for symfony 1

Visit the Symfony2 website

« Back to the Plugins Home


Forgot your password?
Create an account



advanced search
Information Readme Dependencies Releases Changelog Contribute
Show source


The vjGuardADPlugin packages authentification using Active Directory, proposes management of users (only from AD), groups (create on AD and on database) and permissions and Single Sign On (SSO) with NTLM protocol if activated.

It replaces the vjAuthPlugin which won't be supported soon !


  • Install the plugin and the dependency

    $ symfony plugin:install sfFormExtraPlugin
    $ symfony plugin:install vjGuardADPlugin
  • Publish the assets

    $ symfony plugin:publish-assets
  • Clear the cache

    $ symfony cc

Secure your application

To secure a symfony application:

  • Enable the module vjGuardADAuth in settings.yml

         enabled_modules: [..., vjGuardADAuth]
  • Change the default login modules in settings.yml

      login_module:           vjGuardADAuth
      login_action:           login
      secure_module:          vjGuardADAuth
      secure_action:          secure
  • Secure some modules or your entire application in security.yml

        is_secure: on
  • Add some parameters in app.yml

          options:   # theses options are usefull for the adldap class, the documentation is online
            account_suffix:            '@mysite.fr'
            base_dn:                   'DC=mysite,DC=fr'
            domain_controllers:        [ "myDC1.mysite.fr", "myDC2.mysite.fr" ]
            ad_username:               'username_administrator_active_directory'
            ad_password:               'password_administrator_active_directory'
            recursive_groups:          false
          # if ntlm activated, autologon with the windows username (there are some issues with the NTLM protocol, they are documented farther in this readme)
          ntlm_active:                 true
          # the name of the group authorized to acces to application
          group_authorize:             GROUP
          # the master OU in your AD where will be create the groups
          master_ou:                   'OU=ENFANT2,OU=ENFANT1,OU=PARENT'
          # the value is added after the name of the group
          # ie : I add the group 'administrator', in AD, the group created will be 'administrator_SECURE_GROUP' but still appear as 'administrator' in your web interface
          # if useless, set false
          secure_group_name:           _SECURE_GROUP
          # an array of group not allowed to be created
          # if useless, set false
          group_not_allowed:           [ group1, group2 ]

Identity management from AD

To secure a symfony application:

  • Enable the module vjGuardADUser, vjGuardADGroup, vjGuardADPermission in settings.yml

         enabled_modules: [..., vjGuardADUser, vjGuardADGroup, vjGuardADPermission]
  • Build forms, filters, model and database

    $ symfony doctrine:build --all --and-load="plugins/vjGuardADPlugin/data/fixtures/"
  • Clear the cache

    $ symfony cc
  • Update the file apps/your_app/lib/myUser.class.php

    class myUser extends vjGuardADSecurityUser
  • Download jQuery (http://jquery.com/) in web/js/ and add in apps/your_app/config/view.yml

    javascripts:    [jquery-1.3.2.min.js]
  • A "local" super admin is created with the plugin (Don't forget to remove this user when you add another user who has app-admin right (in a new group for example) !)

    Identifiant (login)    : admin
    Mot de passe (password): admin

Override admin generator's datas

This plugin has some french datas. I don't have internationalized the plugin. I hope I'll have time to :)

  • Override the title of the list of vjGuardADUser (ie)

              title:  "User's list"

NTLM Configuration

The NTLM protocol talk some issues. It uses to make some modifications on each computer (for each user more precisely).

  • For Microsoft Internet Explorer, you need to modify 3 keys on the windows registry (ie for the Intranet domain : www.yourDomain.com)

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yourDomain.com]
  • For Mozilla Firefox, you need to modify the configuration of the browser (type about:config on the url)

      search ntlm
      network.automatic-ntlm-auth.allow-proxies   true
      network.automatic-ntlm-auth.trusted-uris    yourDomain.com
      network.ntlm.send-lm-response               true

Theses fixs work on IE6, IE7, IE8 and FF3.5 but I think they work too on FF2 and FF3.


  • internationalization

  • any idea, advice, issue, other ? please email me :)