[Support] Basic Authentication Search: Operations error

yaplej commented 2 years ago

Environment:

LDAP Server Type: ActiveDirectory
LdapRecord-Laravel Major Version: v2
PHP Version: 8.1.4
Laravel Framework Version: 9.2
Breeze Version: 1.9

Please bear with me I am new to Laravel. I am trying to setup basic/plain LDAP authentication without a username and password in the LDAP connection. This appears like it was supported at some point but maybe its not working now?

Testing LDAP appears to work just fine.

Testing LDAP connection [default]...
+------------+------------+----------+-------------------------+---------------+
| Connection | Successful | Username | Message                 | Response Time |
+------------+------------+----------+-------------------------+---------------+
| default    | ✔ Yes      |          | Successfully connected. | 217.51ms      |
+------------+------------+----------+-------------------------+---------------+

I am trying to use a very minimal amount of configuration for the LDAP connection in the .env file.

LDAP_DEFAULT_HOSTS=example.com
LDAP_DEFAULT_USERNAME=null
LDAP_DEFAULT_PASSWORD=null
LDAP_DEFAULT_BASE_DN="dc=example,dc=com"

However when authenticating it looks as if I am getting a connection to the LDAP server but then it throws an exception.

[2022-05-17 15:04:54] local.INFO: LDAP (ldap://[REDACTED]:389) - Operation: Binding - Username:   
[2022-05-17 15:04:54] local.INFO: LDAP (ldap://[REDACTED]:389) - Operation: Bound - Username:   
[2022-05-17 15:04:54] local.INFO: LDAP (ldap://[REDACTED]:389) - Operation: Binding - Username:   
[2022-05-17 15:04:54] local.INFO: LDAP (ldap://[REDACTED]:389) - Operation: Bound - Username:  

[2022-05-17 15:04:54] local.ERROR: ldap_search(): Search: Operations error {"exception":"[object] (LdapRecord\\LdapRecordException(code: 2): ldap_search(): Search: Operations error at C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\LdapRecordException.php:26)
[stacktrace]
#0 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\HandlesConnection.php(184): LdapRecord\\LdapRecordException::withDetailedError(Object(ErrorException), Object(LdapRecord\\DetailedError))
#1 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Ldap.php(237): LdapRecord\\Ldap->executeFailableOperation(Object(Closure))
#2 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(716): LdapRecord\\Ldap->search('', '(&(objectclass=...', Array, false, 1)
#3 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(394): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}(Object(LdapRecord\\Ldap))
#4 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(477): LdapRecord\\Connection->runOperationCallback(Object(Closure))
#5 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(455): LdapRecord\\Connection->retry(Object(Closure))
#6 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(358): LdapRecord\\Connection->tryAgainIfCausedByLostConnection(Object(LdapRecord\\LdapRecordException), Object(Closure))
#7 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(718): LdapRecord\\Connection->run(Object(Closure))
#8 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(456): LdapRecord\\Query\\Builder->run('(&(objectclass=...')
#9 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(688): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}()
#10 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(459): LdapRecord\\Query\\Builder->getCachedResponse('(&(objectclass=...', Object(Closure))
#11 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(241): LdapRecord\\Query\\Builder->query('(&(objectclass=...')
#12 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(263): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}()
#13 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(242): LdapRecord\\Query\\Builder->onceWithColumns(Array, Object(Closure))
#14 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(793): LdapRecord\\Query\\Builder->get(Array)
#15 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\LdapUserRepository.php(100): LdapRecord\\Query\\Builder->first()
#16 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\Auth\\UserProvider.php(48): LdapRecord\\Laravel\\LdapUserRepository->findByCredentials(Array)
#17 [internal function]: LdapRecord\\Laravel\\Auth\\UserProvider->LdapRecord\\Laravel\\Auth\\{closure}(Array)
#18 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\Auth\\UserProvider.php(78): call_user_func(Object(Closure), Array)
#19 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\Auth\\NoDatabaseUserProvider.php(40): LdapRecord\\Laravel\\Auth\\UserProvider->fetchLdapUserByCredentials(Array)
#20 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Auth\\SessionGuard.php(370): LdapRecord\\Laravel\\Auth\\NoDatabaseUserProvider->retrieveByCredentials(Array)
#21 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Auth\\AuthManager.php(336): Illuminate\\Auth\\SessionGuard->attempt(Array)
#22 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Support\\Facades\\Facade.php(337): Illuminate\\Auth\\AuthManager->__call('attempt', Array)
#23 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\ExecutionLoopClosure.php(55) : eval()'d code(1): Illuminate\\Support\\Facades\\Facade::__callStatic('attempt', Array)
#24 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\ExecutionLoopClosure.php(55): eval()
#25 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\ExecutionClosure.php(89): Psy\\{closure}()
#26 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\Shell.php(382): Psy\\ExecutionClosure->execute()
#27 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\Shell.php(353): Psy\\Shell->doInteractiveRun()
#28 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(171): Psy\\Shell->doRun(Object(Symfony\\Component\\Console\\Input\\ArrayInput), Object(Psy\\Output\\ShellOutput))
#29 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\Shell.php(328): Symfony\\Component\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArrayInput), Object(Psy\\Output\\ShellOutput))
#30 C:\\Users\\[REDACTED]\\vendor\\laravel\\tinker\\src\\Console\\TinkerCommand.php(81): Psy\\Shell->run()
#31 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\BoundMethod.php(36): Laravel\\Tinker\\Console\\TinkerCommand->handle()
#32 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\Util.php(41): Illuminate\\Container\\BoundMethod::Illuminate\\Container\\{closure}()
#33 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\BoundMethod.php(93): Illuminate\\Container\\Util::unwrapIfClosure(Object(Closure))
#34 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\BoundMethod.php(37): Illuminate\\Container\\BoundMethod::callBoundMethod(Object(Illuminate\\Foundation\\Application), Array, Object(Closure))
#35 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\Container.php(651): Illuminate\\Container\\BoundMethod::call(Object(Illuminate\\Foundation\\Application), Array, Array, NULL)
#36 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Console\\Command.php(136): Illuminate\\Container\\Container->call(Array)
#37 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Command\\Command.php(291): Illuminate\\Console\\Command->execute(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Illuminate\\Console\\OutputStyle))
#38 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Console\\Command.php(121): Symfony\\Component\\Console\\Command\\Command->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Illuminate\\Console\\OutputStyle))
#39 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(989): Illuminate\\Console\\Command->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#40 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(299): Symfony\\Component\\Console\\Application->doRunCommand(Object(Laravel\\Tinker\\Console\\TinkerCommand), Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#41 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(171): Symfony\\Component\\Console\\Application->doRun(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#42 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Console\\Application.php(102): Symfony\\Component\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#43 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Console\\Kernel.php(129): Illuminate\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#44 C:\\Users\\[REDACTED]\\artisan(37): Illuminate\\Foundation\\Console\\Kernel->handle(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#45 {main}

[previous exception] [object] (ErrorException(code: 2): ldap_search(): Search: Operations error at C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Ldap.php:235)
[stacktrace]
#0 [internal function]: LdapRecord\\Ldap->LdapRecord\\{closure}(2, 'ldap_search(): ...', 'C:\\\\Users\\\\[REDACTED]...', 235)
#1 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Ldap.php(235): ldap_search(Object(LDAP\\Connection), '', '(&(objectclass=...', Array, false, 1, 0, 0)
#2 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\HandlesConnection.php(171): LdapRecord\\Ldap->LdapRecord\\{closure}()
#3 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Ldap.php(237): LdapRecord\\Ldap->executeFailableOperation(Object(Closure))
#4 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(716): LdapRecord\\Ldap->search('', '(&(objectclass=...', Array, false, 1)
#5 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(394): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}(Object(LdapRecord\\Ldap))
#6 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(477): LdapRecord\\Connection->runOperationCallback(Object(Closure))
#7 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(455): LdapRecord\\Connection->retry(Object(Closure))
#8 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Connection.php(358): LdapRecord\\Connection->tryAgainIfCausedByLostConnection(Object(LdapRecord\\LdapRecordException), Object(Closure))
#9 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(718): LdapRecord\\Connection->run(Object(Closure))
#10 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(456): LdapRecord\\Query\\Builder->run('(&(objectclass=...')
#11 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(688): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}()
#12 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(459): LdapRecord\\Query\\Builder->getCachedResponse('(&(objectclass=...', Object(Closure))
#13 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(241): LdapRecord\\Query\\Builder->query('(&(objectclass=...')
#14 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(263): LdapRecord\\Query\\Builder->LdapRecord\\Query\\{closure}()
#15 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(242): LdapRecord\\Query\\Builder->onceWithColumns(Array, Object(Closure))
#16 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord\\src\\Query\\Builder.php(793): LdapRecord\\Query\\Builder->get(Array)
#17 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\LdapUserRepository.php(100): LdapRecord\\Query\\Builder->first()
#18 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\Auth\\UserProvider.php(48): LdapRecord\\Laravel\\LdapUserRepository->findByCredentials(Array)
#19 [internal function]: LdapRecord\\Laravel\\Auth\\UserProvider->LdapRecord\\Laravel\\Auth\\{closure}(Array)
#20 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\Auth\\UserProvider.php(78): call_user_func(Object(Closure), Array)
#21 C:\\Users\\[REDACTED]\\vendor\\directorytree\\ldaprecord-laravel\\src\\Auth\\NoDatabaseUserProvider.php(40): LdapRecord\\Laravel\\Auth\\UserProvider->fetchLdapUserByCredentials(Array)
#22 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Auth\\SessionGuard.php(370): LdapRecord\\Laravel\\Auth\\NoDatabaseUserProvider->retrieveByCredentials(Array)
#23 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Auth\\AuthManager.php(336): Illuminate\\Auth\\SessionGuard->attempt(Array)
#24 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Support\\Facades\\Facade.php(337): Illuminate\\Auth\\AuthManager->__call('attempt', Array)
#25 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\ExecutionLoopClosure.php(55) : eval()'d code(1): Illuminate\\Support\\Facades\\Facade::__callStatic('attempt', Array)
#26 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\ExecutionLoopClosure.php(55): eval()
#27 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\ExecutionClosure.php(89): Psy\\{closure}()
#28 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\Shell.php(382): Psy\\ExecutionClosure->execute()
#29 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\Shell.php(353): Psy\\Shell->doInteractiveRun()
#30 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(171): Psy\\Shell->doRun(Object(Symfony\\Component\\Console\\Input\\ArrayInput), Object(Psy\\Output\\ShellOutput))
#31 C:\\Users\\[REDACTED]\\vendor\\psy\\psysh\\src\\Shell.php(328): Symfony\\Component\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArrayInput), Object(Psy\\Output\\ShellOutput))
#32 C:\\Users\\[REDACTED]\\vendor\\laravel\\tinker\\src\\Console\\TinkerCommand.php(81): Psy\\Shell->run()
#33 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\BoundMethod.php(36): Laravel\\Tinker\\Console\\TinkerCommand->handle()
#34 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\Util.php(41): Illuminate\\Container\\BoundMethod::Illuminate\\Container\\{closure}()
#35 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\BoundMethod.php(93): Illuminate\\Container\\Util::unwrapIfClosure(Object(Closure))
#36 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\BoundMethod.php(37): Illuminate\\Container\\BoundMethod::callBoundMethod(Object(Illuminate\\Foundation\\Application), Array, Object(Closure))
#37 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Container\\Container.php(651): Illuminate\\Container\\BoundMethod::call(Object(Illuminate\\Foundation\\Application), Array, Array, NULL)
#38 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Console\\Command.php(136): Illuminate\\Container\\Container->call(Array)
#39 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Command\\Command.php(291): Illuminate\\Console\\Command->execute(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Illuminate\\Console\\OutputStyle))
#40 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Console\\Command.php(121): Symfony\\Component\\Console\\Command\\Command->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Illuminate\\Console\\OutputStyle))
#41 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(989): Illuminate\\Console\\Command->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#42 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(299): Symfony\\Component\\Console\\Application->doRunCommand(Object(Laravel\\Tinker\\Console\\TinkerCommand), Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#43 C:\\Users\\[REDACTED]\\vendor\\symfony\\console\\Application.php(171): Symfony\\Component\\Console\\Application->doRun(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#44 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Console\\Application.php(102): Symfony\\Component\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#45 C:\\Users\\[REDACTED]\\vendor\\laravel\\framework\\src\\Illuminate\\Foundation\\Console\\Kernel.php(129): Illuminate\\Console\\Application->run(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#46 C:\\Users\\[REDACTED]\\artisan(37): Illuminate\\Foundation\\Console\\Kernel->handle(Object(Symfony\\Component\\Console\\Input\\ArgvInput), Object(Symfony\\Component\\Console\\Output\\ConsoleOutput))
#47 {main}
"}

If I enter a username & password into the .env LDAP connection configuration it does work.

stevebauman commented 2 years ago

Hi @yaplej!

Please bear with me I am new to Laravel. I am trying to setup basic/plain LDAP authentication without a username and password in the LDAP connection. This appears like it was supported at some point but maybe its not working now?

This is only possible if your ActiveDirectory server has anonymous binding enabled. When binding anonymously, your permissions must be open enough so that users who need to sign into your Laravel application can be read from your ActiveDirectory server, along with the attribute you are using for authentication.

If anonymous binding is disabled, you must configure a username and password to connect to your Active Directory server.

Think of it like a database. LdapRecord needs credentials to discover the user who is attempting to sign into your Laravel application by the attribute of your choosing. Without this access, we cannot locate users by any attribute. You would have to have users enter in their full distinguished name to be able to sign in.

Let me know if you have any further questions 👍

stevebauman commented 2 years ago

Hmm I see you mentioned you're able to connect successfully via a null username and password. If you intent to use anonymous binding, can you ensure that you can view users inside of your directory? You can do this by placing this inside your web.php routes file and visiting your application:

use LdapRecord\Models\ActiveDirectory\User;

dd(User::all());

If results are indeed returned, we can look into this further and see if it's a bug 👍

yaplej commented 2 years ago

We don't allow anonymous binding so that makes sense. It might change the functionality but would it be possible to use the user provided credentials to perform the binding and lookup?

stevebauman commented 2 years ago

It might change the functionality but would it be possible to use the user provided credentials to perform the binding and lookup?

You'd somehow have to pre-bind (before you call Auth::attempt()) and accept user input with the users full Distinguished Name (i.e. cn=John Doe,ou=users,dc=local,dc=com) or their userPrincipalName (i.e. jdoe@local.com, when using ActiveDirectory) and their password. Keep in mind that PHP is stateless, so connectivity to your LDAP server would only last the duration of that single request.

LdapRecord aims to be compatible with all LDAP servers. Pre-binding in this way is would only work with ActiveDirectory, since you'd obviously aim to have users insert their userPrinicpalName (an ActiveDirectory only attribute).

I'd recommend setting up a read-only user on the domain with computer login rights stripped, and access to read a limited set of attributes on users whom you expect to sign into your application.

This is a very common practice -- as even network connected printers require a username and password for searching LDAP directories and performing operations.

yaplej commented 2 years ago

Everything is working as it should then.

I was just a little confused why I could not get it to work anonymously as the documentation hinted around. Was just missing that our LDAP/ActiveDirectory would have to allow anonymous bindings for that to work. I assumed it was trying to bind with the provided users credentials to verify them.

Yes, I agree is not unreasonable to require a read-only user for LDAP authentication. Especially to maintain interoperability.

Thank you.

stevebauman commented 2 years ago

Ok, thanks for the quick replies @yaplej. Please don't hesitate to create further issues if you have any other questions 👍

DirectoryTree / LdapRecord-Laravel

[Support] Basic Authentication Search: Operations error #434