The User-ID attribute has not been returned

heiglandreas / authLdap

LDAP-Authentication for WordPress

http://andreas.heigl.org/cat/dev/wp/authldap/

MIT License

69 stars 38 forks source link

The User-ID attribute has not been returned #226

Closed mikibarzilay closed 2 years ago

mikibarzilay commented 2 years ago

Dear colleagues, I'm facing an issue with authLDAP on WordPress ver. 5.9.3 running on Linux (RHEL 8.3) and PHP 8 (REMI) using php80-php-ldap-8.0.20-1.el8.remi.x86_64. My LDAP based on Windows Active Directory.

I'm unable to login to WP, in debug log I'm receiving: Exception getting LDAP user: The User-ID attribute has not been returned.

I'm able to execute the same LDAP filter on Windows PowerShell I'm attaching screenshot with my configuration.

I tried the situation both with WP user exists and non-exist.

I'm going to appreciate any advise.

Micky 2022-06-29_02-09 2022-06-29_02-06 2022-06-29_02-04

heiglandreas commented 2 years ago

Hey there.

Thanks for reaching out.

Two questions though to understand better what's going on:

Did it work previously or is that a new issue?
Did you install the extension from the plugin-directory or from github master?

What I recognize though immediately - though I'm not sure that's the cause of the issue - is that the attribute usually is written samAccountName with a lower-case 's'. That shouldn't cause an issue as LDAP-attributes should be case-insensitive, though... 😕

Ah no.

what have you configured as User-ID attribute? By default that is uid but your LDAP does not provide such an attribute. You might want to overwrite that with samAccountName instead.

mikibarzilay commented 2 years ago

Hey, Thank you for your quickly response. It's the first time I'm using the plugin on a new WordPress (Multisite) installation.

I have manually downloaded the plugin from the WordPress Plugins site (not GitHub) and install it.

About samAccountName, I executed the same filter in PowerShell and copied the SamAccoutName returned properties.

Thanks Micky

heiglandreas commented 2 years ago

Yeah. The casing shouldn't be the issue. I rather think it's the config of the "Settings for creating new users"

The default values are based on an OpenLDAP, but as you are using an ActiveDirectory you will need to adapt this mapping.

For more information check out https://andreas.heigl.org/2010/08/22/authldap/

mikibarzilay commented 2 years ago

Thank you for your response. I forgot to upload a screenshot of "Settings fpr creating new Users" section. Herein attached.

Please advise. Thank you for your support

Micky

heiglandreas commented 2 years ago

Ah! OK.

I see that the description is a bit missleading there and I will rephrase that in one of the next releases. Thanks for the hint :wink:

The User-ID attribute should be the attribute you used in the filter. Not the filter itself. So instead of the (&(objectclass=user)(SamAccountName=%s)) it should be SamAccountName

You can also think about whether to use the UserPrincipalName for the Mail Attribute and the GivenName or the Name for the Name Attribute

mikibarzilay commented 2 years ago

Thank you. It's working with SamAccount in the USer-ID Attribute field.

Thank you so much. Micky

heiglandreas commented 2 years ago

Thought so :wink:

Have fun!