LDAP Sync Fails With Google Workspace

[Late-Bleep]

Debug mode

• [X] I have enabled debug mode
• [X] I have read checked the Common Issues page

Describe the bug

We have followed the instructions here and get the error " Could not bind to LDAP: Can't contact LDAP server" when clicking the Test LDAP Synchronisation button.

Reproduction steps

1.Follow these instructions to configure Google Secure LDAP

2. Test LDAP synchronization

Expected behavior

Receive a successful test message once Test LDAP Sync is performed.

Screenshots

Snipe-IT Version

v6.0.10 - build 8673

Operating System

Windows Server 2022

Web Server

Apache

PHP Version

8.1

Operating System

Windows 10

Browser

Google Chrome

Version

105

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

[03:21:32] LOG.debug: Preparing to test LDAP connection
[03:21:32] LOG.debug: attempting to bind to LDAP for LDAP test
[03:21:33] LOG.debug: Bind failed
[03:21:33] LOG.debug: Exception was: Could not bind to LDAP: Can't contact LDAP server

Additional context

This is an upgrade (used the manual method) however we've never had LDAP with Google Workspace setup in the previous versions. We've now configured Snipe-IT to update using the Git method. We previously had LDAP working as expected with our local AD server. We have not manually edited any data directly in the database With the exception of this issue Snipe-IT works exactly as intended.

[welcome[bot]]

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

[Late-Bleep]

Also just to add to this, we've run the troubleshooting steps in Google's LDAP documentation (mentioned in this comment https://github.com/snipe/snipe-it/issues/9108#issuecomment-1225812992)

The return code was 0 so I don't believe it's a firewall issue.

[Late-Bleep]

Any chance we could get some assistance with this? We're all out of ideas on what to test.

[henningkessler]

I had a similar Problem on FreeBSD and the reason was that my version of ldap-php or openldap was not supporting SNI which is needed to connect to Googles LDAP service. Maybe your issues is similar? I had to run ldapsearch from the command line in debug mode to get that error message.

[Late-Bleep]

I had a similar Problem on FreeBSD and the reason was that my version of ldap-php or openldap was not supporting SNI which is needed to connect to Googles LDAP service. Maybe your issues is similar? I had to run ldapsearch from the command line in debug mode to get that error message.

Thanks for the reply, I suspected this but ran the connectivity testing that Google suggested (https://apps.google.com/supportwidget/articlehome?hl=en&article_url=https%3A%2F%2Fsupport.google.com%2Fa%2Fanswer%2F9190869%3Fhl%3Den&product_context=9190869&product_name=UnuFlow&trigger_context=a) which returned this Verify return code: 0 (ok) so I don't believe it's an SNI issue.

[spencer-ze]

+1 I had Google LDAP services working perfectly last week. Just attempted to resync and have the same errors. Hope you're able to find a resolution, my searches have turned up empty so far.

[Late-Bleep]

Unfortunately we haven't found any resolution yet and have opted to use AD LDAP instead

[JiDW]

Same issue here. We followed the documentation but we got the same error message.

[JiDW]

After more test: if you spam the "Test Sync" button, it sometimes works!

I was able to sync my LDAP by pushing the button 20 or more times.

This is obviously not working as intended, but it does show my settings are correct.