Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"No bind successfull" if LDAP search returns no result #158

Open
fraenki opened this issue Aug 7, 2018 · 3 comments
Open

"No bind successfull" if LDAP search returns no result #158

fraenki opened this issue Aug 7, 2018 · 3 comments
Assignees
@heiglandreas
Labels
bug help wanted

Comments

@fraenki
Copy link

fraenki commented Aug 7, 2018

I'm testing version 2.0.3, but my attempt to authenticate/register always fails with:

[AuthLDAP] User 'test' logging in
[AuthLDAP] about to do LDAP authentication
[AuthLDAP] connect to LDAP server
[AuthLDAP] No bind successfull

To further debug this I've added some debug messages to src/LdapList.php. This revealed that $this->items is empty in the bind() function:

authLdap/src/LdapList.php

Lines 57 to 65 in 797b32e

foreach ($this->items as $key => $item) {
try {
$item->bind();
} catch (\Exception $e) {
unset($this->items[$key]);
continue;
}
$allFailed = false;
}

What could be the reason? I've notices that it gets properly filled in addLdap() function and in the authenticate() function $this->items still contains data. No idea why it's empty when bind() is called.

FWIW, I'm using PHP 7.2.7 in my test environment.

My LDAP server requires a binduser/bindpw, so my connection string looks like this:
ldap://user:password@ldap.example.com/dc=example,dc=com
@heiglandreas
Copy link
Owner

$this->items contains an array of possible LDAP-Servers. When the bind is not successful the corresponding entry is removed and therefore at one point the array is empty when there was no way to connect to an LDAP-Server.

As you are only using one and there seems to be a connection problem that one server is removed from the possible servers and none is left…

And as the authenticate-method first tries to bind with the binduser (to find the logging in user) that might be the failing bind.

What do you use as user? Are you using an URI-Encoded DN? Like ldap://uid=ldapadmin,dc=example,dc=com:P%40s$w0rd@ldap.example.com/dc=example,dc=com? Otherwise it might not work.

And what is your LDAP-Backend? Are you authenticating against an AD? Or an Openldap? Or anything else? As AD might offer other options as most of the others…

@heiglandreas heiglandreas self-assigned this Aug 7, 2018
@fraenki
Copy link
Author

fraenki commented Aug 7, 2018

Thanks, found it. In my case the LDAP search returned no result. I'd suggest to add a debug message for this case:
https://github.com/fraenki/authLdap/commit/6cfa37ad0f0d6bf150136b78812e7cadcd8c4295

@heiglandreas
Copy link
Owner

Thanks for raising this issue! That case should not cause the Item-Array to become empty! I need to fix that ASAP.

@fraenki fraenki changed the title No bind successfull "No bind successfull" if LDAP search returns no result Aug 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heiglandreas heiglandreas

Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@heiglandreas @fraenki