LDAP: Bind failed about davis HOT 10 CLOSED

Hi

I'm no LDAP expert, but I know that DN patterns must be precisely crafted for it to work on ldap_bind. See this comment here — could that be it?

When you talk about ldap-base, you talk about a PHP package or a Linux package?

from davis.

hi all,
how can i add the bind parameters? in my ldap configuration i have disabled the anonymous checks for security reasons but now the user query always fails.

I am using the docker version by the way
regards

from davis.

Hello @thelittleblackbird

You can specify params in the LDAP_* env params (see here) — does that answer your question?

from davis.

Hi,
sorry but this is not enough. I need some params to make a bind connection with a password. I dont see any other env not even in the code to create such connection.

I need to specify the bind connection string and a password.

I am afraid that with those variables i am only able to do an anonymous search, that in my case is not enough :(

from davis.

I would really like to debug this. But I cannot find any logs. Neither in /var/log/* nor in /var/www/davis/var/log*.

Is there a way to increase verbosity? Or where are the php logs being stored to?

from davis.

I need some params to make a bind connection with a password. I dont see any other env not even in the code to create such connection.

Having some kind of raw PHP script that you use (and that succeeds in connecting), using the standard php ldap lib, could help me understand what I need to change in the implementation. Would that be possible?

Neither in /var/log/* nor in /var/www/davis/var/log*.

If you run a server locally you get all the logs in the console directly. In the container, you get all the logs in /var/www/davis/var/log/prod.log, but only if you have an error (it's the fingers_crossed filter, explained here)

from davis.

hi all,

i checked it again and I saw this code in the src/Services/LDAPAuth.php

    try {
        $bind = ldap_bind($ldap, $dn, $password);
        if ($bind) {
            $success = true;
        }
    } catch (\ErrorException $e) {
        error_log($e->getMessage());
        error_log('LDAP Error: '.ldap_error($ldap).' ('.ldap_errno($ldap).')');
    }

This is the snippet of code necessary to launch a bind connection. but dont know how to pass the password to that function.
the other two parameters can be mapped to LDAP_AUTH_URL and LDAP_DN_PATTERN respectively.

so the point is that if i set the $dn to domain name pointing to an user with password (not anonymous connection) then i can not pass the password and therefore the connection fails.

right now with just a variable in the .env for setting the password would be enough (think so)

PS: mi think i said that i couldnt locate the code in charge of the function, but here it is. so clearlyi need to sleep more.

regards

from davis.

but dont know how to pass the password to that function.

I don't really understand: the password is the one provided by the user when accessing a resource. If you try in the browser, you will be prompted with an auth dialog box in which you can enter username and password. These are then passed to the validateUserPass function of the LDAPAuth service, which in turns calls the ldapOpen method.

from davis.

hi all,

I spent a bit more time investigating this problem i found that mistake was in my side.

it is working and i am able to sync several profiles counts. So I was totally mistaken.

I have found a problem with the integration with thunderbird and samsung calendar. But this is a totally new history

regards and thanks

from davis.

Hi @thelittleblackbird

Glad you had it working ✨

I have found a problem with the integration with thunderbird and samsung calendar

Don't hesitate to open new issues with this if you can, I'll do my best to debug / fix

from davis.