Common Bundle Laravel Package

Product Decisions This Supports

• LDAP Integration Acceleration: Reduces development time for LDAP-based authentication in Symfony projects by providing a pre-built, configurable authenticator (BypassableLdapLoginFormAuthenticator). Enables faster implementation of enterprise-grade SSO or legacy system integrations.
• Consistent Controller Base: Standardizes controller inheritance across teams, reducing boilerplate code (e.g., dependency injection, security checks) and enforcing best practices via AbstractController.
• Environment-Specific Bypass Logic: Supports feature flags for development/staging environments (e.g., bypass_environments) or specific user identifiers (e.g., bypass_user_identifiers), enabling safer testing and debugging without modifying core logic.
• Build vs. Buy: Justifies buying this package for teams already using Symfony 5.4+ with LDAP needs, avoiding reinventing authentication/authorization patterns. For teams with unique LDAP requirements (e.g., multi-protocol support), a custom solution may still be preferable.
• Roadmap Prioritization: Aligns with initiatives like:
  • Migrating legacy PHP apps to Symfony.
  • Implementing centralized authentication (e.g., for microservices).
  • Reducing technical debt in authentication layers.

When to Consider This Package

• Adopt if:

  • Your Symfony 5.4+ project requires LDAP authentication with basic bypass rules (environments/users).
  • You need a lightweight, MIT-licensed solution to avoid licensing costs or proprietary dependencies.
  • Your team lacks LDAP expertise but wants a Symfony-native implementation (no PHP-LDAP extensions outside Symfony’s ecosystem).
  • You prioritize rapid prototyping over long-term maintenance (package is unmaintained post-2022 but stable for its scope).

• Look elsewhere if:

  • You need active maintenance or Symfony 6/7 compatibility (package is abandoned).
  • Your LDAP setup requires advanced features (e.g., multi-domain support, custom schema mapping, or non-standard protocols like Active Directory).
  • You’re using non-Symfony PHP frameworks (this is Symfony-specific).
  • Security/compliance requires auditable, actively maintained dependencies (this package has no stars/issues/metrics).
  • You need custom authentication flows beyond form-based LDAP (e.g., OAuth2 hybrids).

How to Pitch It (Stakeholders)

For Executives:

"This package cuts 3–5 days of dev effort to implement LDAP authentication in Symfony, reducing costs for our [legacy system migration/SSO rollout]. It’s a lightweight, MIT-licensed solution that aligns with our tech stack (Symfony 5.4+) and includes built-in safeguards for dev/staging environments. While unmaintained, it’s stable for our immediate needs and avoids vendor lock-in. We’ll mitigate risk by forking it if needed."

For Engineering:

*"This bundle provides two key wins:

1. LDAP Authenticator: Drop-in replacement for Symfony’s default form authenticator, with configurable bypasses for local/dev testing. Uses Symfony’s enable_authenticator_manager for modern security patterns.
2. AbstractController: Standardizes controller setup across the codebase, reducing boilerplate (e.g., auto-wiring services) and enforcing security checks via Symfony’s dependency injection.

Tradeoffs:

• No active maintenance: We’ll treat it as a ‘build’ with a fork plan if issues arise.
• Symfony 5.4 only: Blocks upgrades, but we can scope this to legacy projects.
• LDAP-only: Not a replacement for OAuth2 or database auth.

Next Steps:

1. Evaluate if our LDAP requirements fit the basic config.
2. Benchmark against building a custom authenticator (likely 1–2 weeks of work).
3. Propose a PoC for the [AbstractController] to measure boilerplate reduction."*

Risk Mitigation:

• Fork the repo to add tests/updates if needed.
• Isolate dependencies in a dedicated feature branch during evaluation.
• Document assumptions (e.g., "This assumes LDAP schema matches default Symfony user provider").