Not able to use LDAP/AD login, There was an error authenticating the LDAP user: Could not find user in LDAP directory #6509
Comments
|
All users are imported on LDAP sync although ending up not being able to login. |
|
Any luck in finding a cause for our issue ? |
|
Hello @madslorenzen! It sounds like your authentication query is off: Are you connecting to active directory? I've seen case-sensitivity issues with this field in particular. If you have exhausted all possibilities, and it continues to be an issue - please let me know! 👍 |
|
Hi HinchK, Thank you for your reply. So I have to say that the issues persists, please help. |
|
Mads! Have you tried: |
|
I have now tried uid=samaccountname. After the configuration change, I did a LDAP Sync of the user accounts with success, but still are not able to login with AD accounts. Error messages are the same. |
|
Ok @madslorenzen - lets address two things from here: Please check that the user accounts you are trying to log in with are "activated" in the system - ll Snipe-IT versions >4.4 require PHP 7.1.3 or higher. Please update your instance's PHP to at leasst 7.1.3, and restart your web server. |
|
All AD users are activated. Our PHP version is 7.0.32 - I will try to upgrade it to 7.1.3 now. |
|
With PHP version 7.2.10 the error continues. Still unable to log in with AD synced users. |
|
|
|
@HinchK Do you have any further suggestions on what we can do ? |
|
When using wireshark on the domain controller, I only see the Bind users password sent., never the user I try to authenticate. I only see a ldap success to find the login user, but I do not see a password beeing sent, or checked. |
|
After the LDAP bind SerachRequest that gives success in finding the login user, I only see these three entryes, before the LDAP unbind. All three reqests from SnipeIT server towards DC |
|
@HinchK Do you have any further suggestions ? |
|
|
|
Hi - This setting has been set and tested several times without success. It it now the setting also: |
|
Tested LDAP sync with success, LDAP login with error: |
|
|
|
check your php version |
|
snipe-it version 4.66 also sucess |
|
Stated the versions earlier in the ticket : |
|
|
|
|
|
Tried to insert &(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2)) to LDAP Filter, No luck. Same result. Able to Test LDAP Sync - able to to LDAP sync under People, but not able to login - or test LDAP login - fails with not able to bind. |
|
@madslorenzen after doing some research, I regret to say that without our insight into active directory, we are just trying to hit a moving target. What we are doing here is matching usernames for usernames, from snipe-it to active directory. This is pretty much whatever your domain's uid/username field LABEL is, mapped to one we pulled into Snipe-IT from the Sync. Rather than get inside your domain - I did a little research and was able to compile a a sample list of common Snipe-IT LDAP Authentication Settings that I have had to implement over the years. In some of these cases, we have had to use a setting like This is by far the most common: More LDAP Authentication Queries: |
|
@madslorenzen It's a question of LDAP Authentication Queries. |
|
Hello, You closed my ticket over Christmas ☹
I would like it reopened.
You write it is an AD auth question, but AD imports correctly, but we are not able to get it to authenticate.
From: snipe <notifications@github.com>
Sent: 4. januar 2019 08:45
To: snipe/snipe-it <snipe-it@noreply.github.com>
Cc: Mads Askov Lorenzen <Mads.Lorenzen@kraftvaerk.com>; Mention <mention@noreply.github.com>
Subject: Re: [snipe/snipe-it] Not able to use LDAP/AD login, There was an error authenticating the LDAP user: Could not find user in LDAP directory (#6509)
Closed #6509<#6509>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#6509 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AWR0uPlYHb-PLoiNQBBRA6DMkf7VSLyhks5u_wZjgaJpZM4ZTaiL>.
|
|
For futher insight to AD, we are able to assist ? We also started this support by asking for paid support – before we got forwarded to here.
|
|
Also – when testing ldap, i get success, but when testing ldap authentication using the same credentials as the ad connect account, ldap auth still fails.
I REALLY NEED HELP WITH THIS !
From: Mads Askov Lorenzen
Sent: 7. januar 2019 11:59
To: 'snipe/snipe-it' <reply@reply.github.com>
Subject: RE: [snipe/snipe-it] Not able to use LDAP/AD login, There was an error authenticating the LDAP user: Could not find user in LDAP directory (#6509)
For futher insight to AD, we are able to assist ? We also started this support by asking for paid support – before we got forwarded to here.
|
|
Did you get this figured out? I just got mine working after struggling with it for some time. Might be able to help you if you still need. |
|
Hi @pvnick , I'm having trouble myself. Can you share your settings ? |
|
@dieorod - I had this same exact problem. It turned out to be my Base Bind DN. The problem showed up after I upgraded to v4.6.15. Plus it isn't helpful that the error doesn't indicate any errors for the actual problem. This took me days to figure out!!! Below is an example of my base bind dn. Base Bind DN My example: OU=Sync,DC=your,DC=domain,DC=com I hope this is helpful. |
|
Having a similar issue in docker on AD. |
|
My issue was a dumb one - I didn't check the box "This is an Active Directory server" because I thought it was referring to the server that snipeit was hosted on. After checking that box everything worked fine. |
|
I was able to test auth with credentials, but i'm getting a bind error now
on trying to do an ldap sync.
…On Fri, Jun 21, 2019 at 7:35 AM diegorod ***@***.***> wrote:
My issue was a dumb one - I didn't check the box "This is an Active
Directory server" because I thought it was referring to the server that
snipeit was hosted on. After checking that box everything worked fine.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#6509?email_source=notifications&email_token=AHL3FUYDROXNPMYKQB3YXQTP3S4IHA5CNFSM4GKNVCF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYIHEIQ#issuecomment-504394274>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHL3FUZCYTJQB4R4WAM25K3P3S4IHANCNFSM4GKNVCFQ>
.
|
|
@diegorod this actually got mine working. I assumed it meant is the server I'm hosting the website on an AD server so I never checked it. |
This fixed my issue. Thank you @diegorod ! |
|
Ok that’s great news!
From: Charles <notifications@github.com>
Sent: Thursday, September 26, 2019 1:13 PM
To: snipe/snipe-it <snipe-it@noreply.github.com>
Cc: Cameshia Cargle <ccargle@txamfoundation.com>; Comment <comment@noreply.github.com>
Subject: Re: [snipe/snipe-it] Not able to use LDAP/AD login, There was an error authenticating the LDAP user: Could not find user in LDAP directory (#6509)
My issue was a dumb one - I didn't check the box "This is an Active Directory server" because I thought it was referring to the server that snipeit was hosted on. After checking that box everything worked fine.
This fixed my issue. Thank you @diegorod<https://github.com/diegorod> !
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub<#6509?email_source=notifications&email_token=AGEAFJGEIDQ5XHT37RL6WODQLT3UFA5CNFSM4GKNVCF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7WPTCI#issuecomment-535624073>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AGEAFJBVBRZAZS4XFJRGAZ3QLT3UFANCNFSM4GKNVCFQ>.
|
this helped me !!! |
Yep, thought the same. It's worded weird... |
thanks bro! this fixed my issue!!! you r the best one! |
Please confirm you have done the following before posting your bug report:
Describe the bug
A clear and concise description of what the bug is.
We are unable to login with via LDAP. This error is shown : production.ERROR: There was an error authenticating the LDAP user: Could not find user in LDAP directory
LDAP connection test from LDAP settings page is successful, but when trying to test with user credentials further down, it fails. We have tried many diffrent ways, read just about all bug reports and troubleshooted after them, but no luck.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
I would expect to be able to login with AD credentials.
Screenshots
If applicable, add screenshots to help explain your problem.
Server (please complete the following information):
Desktop (please complete the following information):
Error Messages
Debug mode turned on, Login Failed. USER did not successfully bind to LDAP.
no.
no
No (It is AD / LDAP)
storage/logsand your webserver's logs.Additional context
Fresh
Manual Installation
Everything runs, except the issue.
We did not.
Add any other context about the problem here.
Please do not post an issue without answering the related questions above. If you have opened a different issue and already answered these questions, answer them again, once for every ticket. It will be next to impossible for us to help you.
The text was updated successfully, but these errors were encountered: