Ldap login error

[Ruben-Halmagyi]

• Laravel Version: 6.0
• Adldap2-Laravel Version: 6.0.8
• PHP Version: 7.2
• LDAP: ActiveDirectory

One out of three login attempts fails (log file attached), but we don't encounter this problem when we try ldapsearch for example.

Attached you also have the ldap.php file from the config (ldap_config.txt)

.env:

LDAP_LOGGING=true
LDAP_HOSTS=XXX.XXX.XXX.XXX  
LDAP_PORT=636  
LDAP_TIMEOUT=5
LDAP_BASE_DN="DC=ad,DC=redacted,DC=eu"
LDAP_USERNAME="cn=redacted user,CN=Users,dc=ad,dc=redacted,dc=eu"
LDAP_PASSWORD=redacted
LDAP_USE_TLS=false
LDAP_USE_SSL=true
LDAP_SUFFIX="@ad.redacted.eu"

ldap-log.txt

ldap_config.txt

[stevebauman]

Hi @Ruben-Halmagyi,

One out of three login attempts fails (log file attached), but we don't encounter this problem when we try ldapsearch for example.

How many hosts do you have configured in your .env?

Also, if you connect regularly to your AD server without SSL or TLS, does this still occur? I'm looking to see if that's possibly an issue.

[Ruben-Halmagyi]

Hi @stevebauman

First of all, thank you for your quick response.

We have only 1 host configured. I tried to connect to AD without SSL, and everything works fine every time.

[stevebauman]

No problem @Ruben-Halmagyi!

Okay, so strangely it seems SSL / TLS related.

I see in your config that you have LDAP_USE_SSL=true, but your custom options tell me that you're trying to use TLS? Can you confirm which one you're wanting to use (TLS / SSL)?

[Ruben-Halmagyi]

I am sorry if it got a bit confusing, we want to use SSL.

[stevebauman]

No worries! Okay, can you set the custom_options to an empty array and test to see if these options are causing these intermittent issues?

'custom_options' => [],

[Ruben-Halmagyi]

Hey, I've done as you asked, but still have the same issues, so unfortunately these options were not the cause of the problem.

[stevebauman]

Ok. Are you caching your configuration files by chance? If so, call php artisan config:clear and try again. Otherwise, let's dig deeper.

1. Is this intermittent connection issue consistent? Meaning, on every 3rd connection attempt, does it fail? Or is it random?
2. Is this Laravel application hosted on the same network that your AD server resides on? Or does it go through VPN / Internet to connect?
3. Do you see any error / warning event logs on your AD server on the failed connection attempt?

[stevebauman]

4. Check your PHP error logs after a failed connection attempt. Do you see anything in there?

[Ruben-Halmagyi]

We tried again after clearing the cache as you suggested, but the issue was still present.

1. Random
2. Different network but no latency basically they are at the same provider same datacenter. No VPN, just directly on public IP.
3. Nothing
4. No php error logs .

[stevebauman]

Okay, last shot. Are you using host names to connect to your AD server? Is DNS a possible issue? If so, can you try IP address instead and see if this persists?

Another idea, let's use raw LDAP commands and take LDAP out of the equation.

Somewhere in your application, attempt connecting and try making multiple requests by refreshing the page to see if it drops:

$connection = ldap_connect('ldap://127.0.0.1:389');

if (! ldap_bind($connection, 'username', 'secret')) {
    throw new \Exception('Unable to bind.');
}

die('Connected');