Open mateuszdomagalayosi opened 1 year ago
I don't know if it matters in PHP or if it's just a typo here, but 'ldap_bdn' is present twice in your configuration. Also, might as well set 'ldap_user_dn_attribute' to dn or whatever Active Directory uses. Also also, I suspect SSL and TLS should not be both on at the same time (one of them means ldaps://, the other means "StartTLS" mode, NOT TLS as in TLS 1.1/1.2/1.3). I think you only need "Use LDAP through SSL (LDAPS)"
I wonder how it is possible to have ldap_bdn twice in config....
And Andrei-Paul is absolutely right with SSL and TLS, never enable both, choose the one that better fits your needs.
@Andrei-Paul @useronkel Duplicate of ldap_bdn is my typo. After disabling TLS nothing changed, still seeing the same error in nginx log.
@mateuszdomagalayosi I'm not an LDAP specialist. I'm wondering if it is possible to have empty "Distinguished Name" field when performing AD query? Could you try to identify this value and set in configuration page?
@nilsteampassnet Still the same error after adding "distinguishedName" to User Distinguished Name
Also i tried to fill LDAP group object filter using filters from https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx , but i dont quite understand how should this work. Changing other filters has no affect either.
I had a similar issue, the fix for me was to add the CA cert to the ldap.conf. I did the following:
I also have the following settings:
'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '1',
'log_connections' => '1',
'log_accessed' => '0',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '1',
'item_duplicate_in_same_folder' => '1',
'duplicate_item' => '1',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html/TeamPass',
'cpassman_url' => 'https://
Hope it helps!
@bananatree23 Checked and changed config to look like yours, but still doesnt work. How (objectclass=)(objectclass=) in ldap_group_object_filter works? (objectclass=group)?
@bananatree23 Checked and changed config to look like yours, but still doesnt work. How (objectclass=)(objectclass=) in ldap_group_object_filter works? (objectclass=group)?
Yes, I just added the user groups which I want to be able to login for now. I don't know if it is the intended use, but it works for me.
Example for how I did it: (objectclass=TEST-GROUP)(objectclass=TEST-GROUP2)
Did you configure the ldap.conf? It didn't work for me until I did that.
My ldap.conf looks like this (/etc/ldap/ldap.conf):
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-provider.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/mycert.cer
Steps to reproduce
Actual behaviour
Only "In progress ..." message appears
Server configuration
Operating system: Debian 11, SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
Web server: Nginx 1.24.0-1~bullseye
Database: 10.5.19-MariaDB-0+deb11u2
PHP version: 8.2
Teampass version: 3.0.8
Teampass configuration file:
Updated from an older Teampass or fresh install: Fresh install
Client configuration
Browser: Chrome and Firefox
Operating system: Windows 10 22H2
Logs
Web server error log
Log from the web-browser developer console (CTRL + SHIFT + i)