search

DirectoryTree / LdapRecord-Laravel

Multi-domain LDAP Authentication & Management for Laravel.
https://ldaprecord.com/docs/laravel/v3
MIT License
492 stars 51 forks source link

Can't auth on server #529

Closed domjesus closed 1 year ago

domjesus commented 1 year ago

Hello, firstly thanks for the tool. My issue is that locally I can run the operations without problems on port 389, logging the results, but on server, where only accept with ssl (port 636) the query don't returns ok.

This the log running locally:

[2023-05-03 11:47:40] local.INFO: LDAP (ldap://ldap.domain.com:389) - Operation: Search - Base DN: ou=INSS,dc=gov,dc=br - Filter: (&(objectclass=\74\6f\70)(objectclass=\70\65\72\73\6f\6e)(objectclass=\6f\72\67\61\6e\69\7a\61\74\69\6f\6e\61\6c\70\65\72\73\6f\6e)(objectclass=\69\6e\65\74\6f\72\67\70\65\72\73\6f\6e)(uid=\31\34\39\31\39\31\39)) - Selected: (entryuuid,*) - Time Elapsed: 57.56
[2023-05-03 11:47:40] local.INFO: User [username.usergivenname] has been successfully discovered for authentication.
[2023-05-03 11:47:40] local.INFO: Object with name [username.usergivenname] is being imported.
[2023-05-03 11:47:40] local.INFO: Object with name [username.usergivenname] is being synchronized.
[2023-05-03 11:47:40] local.INFO: Object with name [username.usergivenname] has been successfully synchronized.
[2023-05-03 11:47:40] local.INFO: User [username.usergivenname] is authenticating.
[2023-05-03 11:47:40] local.INFO: LDAP (ldap://ldap.domain.com:389) - Operation: Attempting - Username: uid=username.usergivenname,ou=111111.CCC,ou=22222.GGG,ou=33333.SSS,ou=01.001.PRES,ou=NNN,dc=gov,dc=br
[2023-05-03 11:47:40] local.INFO: LDAP (ldap://ldap.domain.com:389) - Operation: Binding - Username: uid=username.usergivenname,ou=111111.CCC,ou=22222.GGG,ou=33333.SSS,ou=01.001.PRES,ou=NNN,dc=gov,dc=br
[2023-05-03 11:47:40] local.WARNING: LDAP (ldap://ldap.domain.com:389) - Operation: Failed - Username: uid=username.usergivenname,ou=111111.CCC,ou=22222.GGG,ou=33333.SSS,ou=01.001.PRES,ou=NNN,dc=gov,dc=br - Reason: Invalid credentials
[2023-05-03 11:47:40] local.INFO: LDAP (ldap://ldap.domain.com:389) - Operation: Binding - Username:
[2023-05-03 11:47:40] local.INFO: LDAP (ldap://ldap.domain.com:389) - Operation: Bound - Username:
[2023-05-03 11:47:40] local.INFO: User [username.usergivenname] has failed LDAP authentication.

The log on server:

info dev 2023-05-03 11:31:01 LDAP (ldaps://ldap.dataprev.gov.br:636) - Operation: Search - Base DN: ou=INSS,dc=gov,dc=br - Filter: (&(objectclass=\74\6f\70)(objectclass=\70\65\72\73\6f\6e)(objectclass=\6f\72\67\61\6e\69\7a\61\74\69\6f\6e\61\6c\70\65\72\73\6f\6e)(objectclass=\69\6e\65\74\6f\72\67\70\65\72\73\6f\6e)(uid=\31\35\36\33\36\35\34)) - Selected: (entryuuid,*) - Time Elapsed: 104.88 info dev 2023-05-03 11:31:01 LDAP (ldaps://ldap.domain.com.br:636) - Operation: Bound - Username: info dev 2023-05-03 11:31:01 LDAP (ldaps://ldap.domain.com.br:636) - Operation: Binding - Username:

On server the query stops on "Operation: Bound", don't do the attempt of import, sync and auth.

Here my configs on config/ldap.php: 

  "default" => "default"
  "connections" => array:1 [▼
    "default" => array:8 [▼
      "hosts" => array:2 [▼
        0 => "ldap.domain.com.br"
      ]
      "username" => null
      "password" => null
      "port" => 636
      "base_dn" => "ou=INSS,dc=gov,dc=br"
      "timeout" => 5
      "use_ssl" => true
      "use_tls" => false
    ]
  ]
  "logging" => "true"
  "cache" => array:2 [▼
    "enabled" => false
    "driver" => "file"
  ]
]

This is the config/auth.php

  "table" => "usuario"
  "defaults" => array:2 [▼
    "guard" => "web"
    "passwords" => "users"
  ]
  "guards" => array:2 [▼
    "web" => array:2 [▼
      "driver" => "session"
      "provider" => "ldap"
    ]
    "api" => array:3 [▶]
  ]
  "providers" => array:2 [▼
    "ldap" => array:3 [▼
      "driver" => "ldap"
      "model" => "LdapRecord\Models\OpenLDAP\User"
      "database" => array:4 [▼
        "model" => "App\Models\Usuario"
        "sync_passwords" => false
        "sync_existing" => array:1 [▼
          "uid" => "uid"
        ]
        "sync_attributes" => array:5 [▼
          "nome" => "cn"
          "nome_ldap" => "cn"
          "siape" => "employeeNumber"
          "email" => "mail"
          "uid" => "uid"
        ]
      ]
    ]
    "users" => array:2 [▶]
  ]
  "passwords" => array:1 [▶]
  "password_timeout" => 10800
]

I created a file with contents "TLS_REQCERT never" in /etc/ldap/ldap.conf, like mentioned here https://ldaprecord.com/docs/core/v2/configuration/#debugging

I'm using php 8.1 and Laravel 9.52.7 and "directorytree/ldaprecord-laravel": "^2.7.3",

If anyone can help me I thanks.

domjesus commented 1 year ago

I found, my ldap server needs a username and password. I passed and all get works fine. Thanks.