Can Connects but Cant Authenticate either with Auth::attempt or Adldap::auth->attempt

[nathankamau]

• Laravel Version: 5.5.45
• Adldap2-Laravel Version: 4.0
• PHP Version: 7.0.32
• LDAP Type: ActiveDirectory

Hi, I can successfully bind to the AD but cant authenticate both Auth::attempt or Adldap::auth()->attempt().

Both return nullss Here is my .env

// .env
ADLDAP_ACCOUNT_PREFIX="ourdomain\\"
ADLDAP_CONTROLLERS="our ip"
ADLDAP_PORT=389
ADLDAP_TIMEOUT=60
ADLDAP_BASEDN='dc=ourdomain,dc=co,dc=org'
ADLDAP_ADMIN_ACCOUNT_PREFIX="ourdomain\\"
ADLDAP_ADMIN_USERNAME=username
ADLDAP_ADMIN_PASSWORD=password
ADLDAP_USE_SSL=false
ADLDAP_USE_TLS=false

// adldap.php
return [
    'connections' => [
        'default' => [
            'auto_connect' => env('ADLDAP_AUTO_CONNECT', false),
            'connection' => Adldap\Connections\Ldap::class,
            'schema' => Adldap\Schemas\ActiveDirectory::class,
            'connection_settings' => [
                'account_prefix' => env('ADLDAP_ACCOUNT_PREFIX', ''),
                'account_suffix' => env('ADLDAP_ACCOUNT_SUFFIX', ''),
                'domain_controllers' => explode(' ', env('ADLDAP_CONTROLLERS', '')),
                'port' => env('ADLDAP_PORT', 389),
                'timeout' => env('ADLDAP_TIMEOUT', 5),
                'base_dn' => env('ADLDAP_BASEDN', ''),
                'admin_account_prefix' => env('ADLDAP_ADMIN_ACCOUNT_PREFIX', ''),
                'admin_account_suffix' => env('ADLDAP_ADMIN_ACCOUNT_SUFFIX', ''),
                'admin_username' => env('ADLDAP_ADMIN_USERNAME', ''),
                'admin_password' => env('ADLDAP_ADMIN_PASSWORD', ''),
                'follow_referrals' => false,
                'use_ssl' => env('ADLDAP_USE_SSL', false),
                'use_tls' => env('ADLDAP_USE_TLS', false), 
            ], 
        ], 
    ],  
];

// adldap_auth.php
return [  
    'connection' => env('ADLDAP_CONNECTION', 'default'), 
    'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class, 
    'rules' => [ 
        Adldap\Laravel\Validation\Rules\DenyTrashed::class, 
    ], 
    'scopes' => [ 
        Adldap\Laravel\Scopes\UpnScope::class, 
    ],

    'usernames' => [  
        'ldap' => [ 
            'discover' => 'userprincipalname', 
            'authenticate' => 'userprincipalname', 
        ], 

        'eloquent' => 'username',  
        'windows' => [ 
            'discover' => 'userprincipalname', 
            'key' => 'AUTH_USER', 
        ], 
    ], 
    'passwords' => [ 
        'sync' => env('ADLDAP_PASSWORD_SYNC', false), 
        'column' => 'password', 
    ], 

    'login_fallback' => env('ADLDAP_LOGIN_FALLBACK', false),   
    'sync_attributes' => [

        'username' => 'samaccountname', 
        'name' => 'cn', 
    ], 
    'logging' => [ 
        'enabled' => true, 
        'events' => [

            \Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
            \Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
            \Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
            \Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
            \Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
            \Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
            \Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
            \Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
            \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
            \Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
            \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class, 
        ], 
    ], 
];

Description:

Where would I be going wrong.

[stevebauman]

Hi @nathankamau,

Are you wanting to authenticate users by username or email?

[nathankamau]

Hi, By username

On Fri, 15 Feb 2019, 4:54 pm Steve Bauman <notifications@github.com wrote:

Hi @nathankamau https://github.com/nathankamau,

Are you wanting to authenticate users by username or email?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Adldap2/Adldap2-Laravel/issues/667#issuecomment-464058175, or mute the thread https://github.com/notifications/unsubscribe-auth/AHsLO4joYCuuJ46uzYoGE3bUcMkjHuCEks5vNrwdgaJpZM4a8XAJ .

[stevebauman]

Ok sounds good.

1. Remove your configured prefixes completely (ADLDAP_ACCOUNT_PREFIX & ADLDAP_ADMIN_ACCOUNT_PREFIX)
2. Set your ADLDAP_ACCOUNT_SUFFIX to your User Principal Name suffix. This is usually equal to your base DN segments (i.e. "@ourdomain.co.org")
3. Set the ldap.disover option to samaccountname
4. Ensure your user database migration contains the username database column
5. You're all set!

Note: After changing the configuration, make sure it's not being cached by running php artisan config:clear once modified.

Give the above a shot and let me know if it works for you. Also, check your logs to see what is going on behind the scenes (in storage/logs/).

[nathankamau]

Hi Steve, I did the above but still could not authenticate with Auth::attempt($creds) however the Adldap::auth()->attempt() returns true. What could I be missing?

[nathankamau]

Hi Steve, Solve it with help from here . Changed auto_connect to true Then 'sync_attributes' => [ 'username' => 'samaccountname', 'name' => 'cn', ] With the above logged in successfully.

Thanks alot Steve.

[stevebauman]

Awesome glad your were able to get it working, thanks for following up @nathankamau!