Get "User 'x' has failed LDAP authentication" Error For New Users in Active Directory

[AltiumWilliam]

• Laravel Version: 5.7
• Adldap2-Laravel Version: 5.1
• PHP Version: 7.2.8
• LDAP Type: ActiveDirectory
• Web Server: IIS

Description:

Package works fine for old users and I can Import All Users from Active Directory, but when I create new user, the new user can't login and I get theses Logs:

[2019-02-20 13:38:04] local.INFO: User 'sam' has been successfully found for authentication.
[2019-02-20 13:38:04] local.INFO: User 'sam' is being synchronized.
[2019-02-20 13:38:04] local.INFO: User 'sam' has been successfully synchronized.
[2019-02-20 13:38:04] local.INFO: User 'sam' is authenticating with username: 'sam'
[2019-02-20 13:38:04] local.INFO: User 'sam' has successfully passed LDAP authentication.
[2019-02-20 13:38:04] local.INFO: User 'sam' has been successfully logged in.
[2019-02-20 13:38:53] local.INFO: User 'test user' has been successfully found for authentication.
[2019-02-20 13:38:53] local.INFO: User 'test user' is being synchronized.
[2019-02-20 13:38:53] local.INFO: User 'test user' has been successfully synchronized.
[2019-02-20 13:38:53] local.INFO: User 'test user' is authenticating with username: 'test'
[2019-02-20 13:38:53] local.INFO: User 'test user' has failed LDAP authentication.

as you can see, the old user "sam" can login successfully but new user "test" can't, In the active directory I set "lonon to" for user "test" to "All Computer" but there is no success, user "sam" only can logon to one computer and on that computer every thing is ok.
I set "test" user as local admin on the test system but no success.

I bring all value in config/adldap and config/adldap_auth to .env file, I use thease values for config:
LDAP_AUTO_CONNECT=true
LDAP_ACCOUNT_PREFIX=
LDAP_ACCOUNT_SUFFIX=
LDAP_HOSTS=..***
LDAP_PORT=389
LDAP_TIMEOUT=5
LDAP_BASE_DN=dc=,dc=,dc=***
LDAP_USERNAME=administrator@..***
LDAP_PASSWORD=supersecretpassword
LDAP_USE_SSL=false
LDAP_USE_TLS=false

LDAP_CONNECTION=default
LDAP_USERNAMES_LDAP_DISCOVER=samaccountname #was cn #was userprincipalname
LDAP_USERNAMES_LDAP_AUTHENTICATE=samaccountname #was cn #was userprincipalname # was distinguishedname
LDAP_USERNAMES_ELOQUENT=username
LDAP_USERNAMES_WINDOWS_DISCOVER=samaccountname
LDAP_USERNAMES_WINDOWS_KEY=AUTH_USER
LDAP_PASSWORD_SYNC=true
LDAP_PASSWORD_COLUMN=password
LDAP_SYNC_ATTR_USERNAME=samaccountname #was cn #was userprincipalname
LDAP_SYNC_ATTR_NAME=displayname #was displayname #was cn
LDAP_LOGIN_FALLBACK=false
LDAP_LOGGING_ENABLED=true

I change several times the values of LDAP_USERNAMES_LDAP_DISCOVER, LDAP_USERNAMES_LDAP_AUTHENTICATE, LDAP_SYNC_ATTR_USERNAME, LDAP_SYNC_ATTR_NAME to get answer from codes.

[stevebauman]

Hi @SaeidJorablo,

When you created this new user in active directory, did you remove the default “User must change password on next logon” flag that is set on new users?

Your LDAP server is simply rejecting the bind attempt, so it’s either the password or their account flags.

[AltiumWilliam]

Hi @stevebauman , thanks for your reply.
Yes, I unchecked "User must change password on next logon" flag, I try "All Computer" on "Lon on to..." option. In my last try, I found Users with space or Unicode character in their display name can't log in. for test I change the display name and I have a success log on. but must of my users have space on their display-name "first-name last-name". I confused so much!!!