LDAP sync doesnt work with Active Directory #11119
Comments
|
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can. |
|
We've been testing this specifically with AD, so I'm sure it does work, it just might need some configuration tweaks. @uberbrady can you take a look? |
|
Make sure that your DC can be resolved by name correctly on your web host. |
Just tested again. I can't get it to work. Also tested just IP usage for the ldap:// address and the other ad's replicas as well. Via commandline "php artisan snipeit:ldap-sync --summary" i'll always receive the error message "Object of class LDAP\Connection could not be converted to string". |
|
What version of PHP are you running? The "LDAP\Connection" change is only with PHPv8.1 - which we are trying to support, but I'd be curious to hear if you have better luck running against PHPv8.0 |
|
I had PHPv8.1.2 running but i now downgraded to version PHP 8.0.19 and it works flawlessly immediately. So there seems to be an issue with PHPv8.1.2. |
|
@uberbrady is there anything we can do to make this forward-compatible now? |
|
This definitely seems to be a regression, we were on (I believe) v5.1.3 running under php 7.4, I ran "php upgrade.php" expecting to go to v5.1.10 (?) as there was no blog post about v6 being released, instead the script updated us to v6/master and now our previously perfectly working ldap connection to local AD servers produces the same 500 server error page. Existing user logins work fine, but new logins we have just tried to set up don't work. |
|
As far as we're aware, this isn't a regression, and we didn't post a blog post because it would be identical to the release notes, which are pretty detailed. php upgrade always updates to master, and always has, unless you give it a branch or a tag name. It does appear as though there is a potential issue with PHP 8.1.x, but 7.4.x-8.0.x should work fine. |
|
All I can tell you is it was working fine coupling php7.4 + v5.1.3 and now no longer seems to work with php7.4 + v6. EDIT: Just flicked on debugging helpfully, error displayed is "ErrorException: Trying to access array offset on value of type null" from app/Http/Controllers/Users/LDAPImportController.php:60 I'd respectfully suggest most people are likely coming from your website, and may not be familiar with github, so having a release notes section exclusively there isn't the most visible. |
|
The only way to download Snipe-IT is via Github, so it would be kind of weird for them not to be familiar with it. We do not provide downloads directly from the website. Our mailing list announcement also sent people directly to the releases page. Our blog is the least viewed of all of our assets, as it has something like 8 subscribers (it's pretty new.) We reworked a lot of the LDAP functionality (which was previously not-ideal for larger directories) in v6, but it's not broken, as you can see from the OP on this issue. If you could be more specific with respect to the specific 500 error you're seeing (via the logs), that would be more helpful. |
Thanks, that at least gives us something to work with. |
|
What do you get if you run the LDAP sync directly via cli? |
|
Sorry, can you simple simon for me the command you want me to run? |
|
https://snipe-it.readme.io/docs/ldap-sync
|
|
"php artisan snipeit:ldap-sync" seemed to run with no issues |
|
Additionally, going to "Update LDAP/AD Settings" webpage and running the "Test LDAP Sync" button works fine: " Successfully connected to LDAP server. Successfully bound to LDAP server. A sample of 10 users returned from the LDAP server based on your settings:" |
|
Another option to try is:
|
|
"php artisan snipeit:ldap-sync --json_summary" gives no output, however "php artisan snipeit:ldap-sync --summary" gives a full output of all our users being updated ok. |
|
I am seeing the same issue. I downgraded from 8.1 to 7.4 and got successful LDAP queries without changing a single LDAP setting. I was able to Test LDAP Login with 8.1, but Test LDAP Synchronization failed with 500 on PHP 8.1. |
|
I don't know why the autolinking isn't working, but this PR: #11197 might fix it (it did for me). |
|
I think you have to mention the linked ticket in the body of the PR now :( |
Debug mode
Describe the bug
When i try to connect our AD to our local SnipeIT Instance, i always receive the error "500 Server Error. Please check your server logs for more information."
When i change the login credentials for example i receive the error that those are not correct. So SnipeIT establishes the connection but runs into an issue here. These are my settings:
Server: ldap://DNSNAME (pingable and nc able to the ldap port of that server)
Bind: CN=Administrator,OU=_ADMINISTRATION,DC=company,DC=de
Base Bind DN: OU=Users,DC=company,DC=de
LDAP Filter: &(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))
Username field: samaccountname
Last Name: sn
First Name: givenname
LDAP Auth query: sAMAccountName=
LDAP Version: 3
Reproduction steps
Expected behavior
LDAP Connection succeds
Screenshots
Snipe-IT Version
6.0.1
Operating System
Ubuntu 22.04 LTS
Web Server
Apache
PHP Version
8.1.2
Operating System
No response
Browser
No response
Version
No response
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
Additional context
No response
The text was updated successfully, but these errors were encountered: