Closed posledov closed 8 years ago
Looks like the search filter is incorrect. You're searching for the service account and not the membership group.
first of all look at output of ldapsearch :) the filter is 100% correct.
and let me explain you...
define('LDAP_AUTH_BINDDN', 'cn=rss,ou=services,dc=example');
cn=rss,ou=services,dc=example — it's service account in my openldap, and it has objectClass "groupOfNames", so it's absolutely normal for:
dn: cn=rss,ou=services,dc=example
objectClass: simpleSecurityObject
objectClass: top
objectClass: groupOfNames
cn: rss
member: uid=oleg,dc=example.net,ou=accounts,dc=example
member: uid=igor,dc=example.net,ou=accounts,dc=example
userPassword:: eW2vdzLQaG3zaHRwVWWraQ==
the problem is fixed by using ldap:389+starttls, but appear a new one... exactly like this https://tt-rss.org/forum/viewtopic.php?t=1968&p=21507#p21507 (fixed by migrating to https://github.com/corux/TTRSS-Auth-LDAP/ )
ldapsearch works as it should be from the same machine where is ttrss:
but the webui returns "incorrect user name and password"
logs http://pastebin.com/ArVFBXQa