Closed treadmillian closed 5 years ago
Hi @treadmillian,
Is your base_dn
missing on purpose or no? This is crucial for locating records on your LDAP server.
If nothing is given, you won't receive any search results.
Good point, I found one of our Symfony3 projects that implements LDAP and this works fine. So I've now added, however, it's still not working. I noted from my Symfony3 config that it uses:
accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
filter: (&(ObjectClass=Person))
usernameAttribute: sAMAccountName # Optional
Can these be set in Adldap? I tried using combinations of these:
ADLDAP_ADMIN_ACCOUNT_SUFFIX=stc
ADLDAP_ACCOUNT_SUFFIX=stc
ADLDAP_ACCOUNT_PREFIX=stc
...but always get errors like;
(1/1) BindExceptionInvalid credentials
--
in Guard.php (line 80)
at Guard->bind('username', 'removed', '', 'stc')in Guard.php (line 94)
Full config file:
fr3d_ldap:
driver:
host: "%ldap_host%"
port: "%ldap_port%"
username: "%ldap_username%"
password: "%ldap_password%"
allowEmptyPassword: false # Optional
#bindRequiresDn: true # Optional
baseDn: removed
#accountFilterFormat: (&(sAMAccountName=%s)) # Optional. sprintf format %s will be the username
#optReferrals: false # Optional
useSsl: true # Enable SSL negotiation. Optional
#useStartTls: true # Enable TLS negotiation. Optional
accountCanonicalForm: 3 # ACCTNAME_FORM_BACKSLASH this is only needed if your users have to login with something like HOST\User
accountDomainNameShort: stc # if you use the Backslash form set both to Hostname than the Username will be converted to HOST\User
user:
baseDn: removed
filter: (&(ObjectClass=Person))
usernameAttribute: sAMAccountName # Optional
attributes: # Specify ldap attributes mapping [ldap attribute, user object method]
- { ldap_attr: samaccountname, user_method: setUsername }
- { ldap_attr: givenname, user_method: setFirstName }
- { ldap_attr: sn, user_method: setLastName }
- { ldap_attr: mail, user_method: setEmailAddress }
service:
user_hydrator: model.user.ldap.hydrator
One thing I did noticed, my login is STC\KS27
. However, if I try and login as KS27
, I get this error:
(1/1) UsernameRequiredExceptionA username must be specified.
--
in Guard.php (line 110)
at Guard->validateCredentials(null, 'removed')in Guard.php (line 34)
at Guard->attempt(null, 'removed')in Resolver.php (line 67)
at Resolver->authenticate(object(User), array('username' => 'KS27', 'password' => 'removed'))in DatabaseUserProvider.php (line 131)
at DatabaseUserProvider->validateCredentials(object(User), array('username' => 'KS27', 'password' => 'removed'))in SessionGuard.php (line 380)
at SessionGuard->hasValidCredentials(object(User), array('username' => 'KS27', 'password' => 'removed'))in SessionGuard.php (line 357)
at SessionGuard->attempt(array('username' => 'KS27', 'password' => 'removed'), false)in AuthenticatesUsers.php (line 77)
at LoginController->attemptLogin(object(Request))in AuthenticatesUsers.php (line 41)
@stevebauman Is this something you can help with?
Hi @treadmillian,
Is this something you can help with?
Of course, I'm absolutely here to help. We'll get you up and running.
Are you possibly able to upgrade to the newest v4.0
version? There are only configuration changes, but these changes may greatly reduce the time needed for debugging.
If you can upgrade, you will need to delete and re-publish the adldap_auth.php
configuration file.
Please let me know, thanks!
Hi @stevebauman
Unfortunately, that isn't an option for us at the moment, i.e. upgrading to PHP7.x
But more than willing to persevere to resolve the issue :)
Have you tried the prefix as stc\ or stc\\ (double slash for escaping the first, might need "quotes" in .env)? Could you use the userprincipalname to logon with so you could have a suffix of @domain.local? If your upn consists of the samaccount that is.
Closing due to inactivity.
Description:
As others have reported, I receive the error
These credentials do not match our records.
However, the system does definitely connect to the AD server and the following returns true:Steps To Reproduce:
What do remember after tracking the issue as far as I could go, is that
$this->query()
always returnednull
. I tried manually sending lots of different combinations of; field and username towhereEquals()
, but all returnednull
.vendor/adldap2/adldap2-laravel/src/Auth/Resolver.php
.env
adldap_auth.php
adldap.php
auth.php
app.php