How to connect to OpenLDAP using adldap2 ? #106
Comments
Hi @paszczus, At the moment, OpenLDAP isn't supported (see root Adldap2 repository requirements). However some functionality should still work. I believe binding to OpenLDAP requires usernames to be full DN's. Try using the full distinguished name of your administrator to bind rather than the domains suffix. For example, in your configuration: // Set the account suffix to blank.
'account_suffix' => '',
// Set the admin username to the full DN of the account.
'admin_username' => 'cn=root,dc=foo,dc=bar',
'admin_password' => 'secret', This is most likely why you're getting back the error |
Thank you @stevebauman! Now i do not have any errors, but i am unable to login. Is there a way to debug why? BTW: What we need to do is a portal for migrating from OpenLDAP to Active Directory, so we need to be able to change OpenLDAP AND Active Directory attributes in same project. Is this possible at current version? |
Ok i found the reason why it is not working.
while there is no such "objectClass=person" in my LDAP - we have inetPersonOrg. I have changed person to inetPersonOrg in vendor/adldap2/adldap2/src/Schemas/ActiveDirectory.php but i still cannot connect because of "Bad character in search filter" : ?objectcategory=person |
Hi, Try to create the provider from this form: I´m not sure if it´s the right way... |
Thank you @Albvadi ! I have changed 'schema' in adldap.conf and now authorization in openldap logs looks better, but still i am unable to login:
|
In Laravel, the default field for login is email instead username and in the 2º line of the last log, the DN is setting with "mail=". It´s correct?? If not, if you are using the username, you need change this first. I´m beggining a Laravel App too and I follow the brilliant Quick Start - From Scratch and works like a charm... P.D: Sorry for my last comment... I mixed this repo and ADldap2 original repo and points you to set the provider... |
I have started from scratch and changed 'email' to 'username' same as in howto that you have provided but still no luck. mail=paszczus@foo.bar,vd=foo.bar,o=hosting,dc=foo,dc=bar |
@paszczus, if you're using OpenLDAP, you'll most likely need to configure your prefix and suffix in the configuration to encapsulate the users email. For example: // config/adldap.php
'account_prefix' => 'mail='
'account_suffix' => ',vd=foo.bar,o=hosting,dc=foo,dc=bar', |
@paszczus I just finished implementing the auth with laravel with OpenLDAP binding with the user's ldap credentials only. If you can run a ldapsearch from command line or use http://php.net/manual/en/function.ldap-get-dn.php to get the DN for the user you are trying to authenticate for it will be the DN you'd need to split for the prefix and suffix. I don't know if you're running into the same issue I did at first. Our group accounts and individual accounts have different DNs completely. I didn't notice until I tested both and one would auth and the other didn't depending on the DNs returned from the ldapsearch/ldap_get_dn() from above. For the 'schema' => Adldap\Schemas\OpenLDAP::class,
'base_dn' => 'dc=foo,dc=bar', // just your DCs from the account_suffix
// for the account_prefix and suffix make sure it really is the DN you, if you can get the DN from the ldapsearch or ldap_get_dn() from above
'account_prefix' => 'mail='
'account_suffix' => ',vd=foo.bar,o=hosting,dc=foo,dc=bar',
'admin_account_suffix' => '', // don't set a admin account suffix
// setting admin username/password to null only binds as the user
'admin_username' => env('ADLDAP_ADMIN_USERNAME', null),
'admin_password' => env('ADLDAP_ADMIN_PASSWORD', null), For the // email is the unique User model attribute you are authenicating with in the users table
// mail is the attribute from the ldap that you are matching the email with to authenticate
'username_attribute' => ['email' => 'mail'],
// I left LIMITATION_FILTER blank and it still worked for me
'limitation_filter' => env('ADLDAP_LIMITATION_FILTER', ''),
// login attribute should be your attribute from ldap that you are authenticating with
'login_attribute' => env('ADLDAP_LOGIN_ATTRIBUTE', 'mail'), |
Thank you guys! There is another problem with this, since i am using many domains i cannot staticly set vd=foo.bar cause other users from other.foo.bar domain will be not able to login. |
Hello,
I am trying to connect to LDAP server (running on OpenLDAP instead of Microsoft AD) but i am getting an error with bindAsAdministrator:
Is there a way to connect to OpenLDAP using adldap2? My user for conncet to ad is: cn=root,dc=foo,dc=bar instead of root@domain.tld.
The text was updated successfully, but these errors were encountered: