Unable to authenticate users via LDAP

[jolosan]

Hello, I'm using MRBS version 1.11.14

I'm trying to validate users against one corporate LDAP server, but the configuration I have doesn't work.
I also have the ldap debug option activated.
The output in the apache error log is:

---

[Tue Sep 24 08:10:03.216427 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(730): got LDAP connection using ldap://ldapad.edu.gva.es:389, referer: http://172.21.4.245/web/admin.php
[Tue Sep 24 08:10:03.216596 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap->action(794): constructed dn 'sAMAccountName=jf.lopezsanchezmon,ou=EDUCACION,dc=edu,dc=gva,dc=es' and user_search 'sAMAccountName=jf.lopezsanchezmon' using 'sAMAccountName', referer: http://172.21.4.245/web/admin.php
[Tue Sep 24 08:10:03.216704 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap::validateUserCallback(247): base_dn 'ou=EDUCACION,dc=edu,dc=gva,dc=es' dn 'sAMAccountName=jf.lopezsanchezmon,ou=EDUCACION,dc=edu,dc=gva,dc=es' user 'jf.lopezsanchezmon', referer: http://172.21.4.245/web/admin.php
[Tue Sep 24 08:10:03.252637 2024] [php:notice] [pid 3074] [client 172.21.4.72:48896] [MRBS DEBUG] MRBS\Auth\AuthLdap::validateUserCallback(319): bind to 'sAMAccountName=jf.lopezsanchezmon,ou=EDUCACION,dc=edu,dc=gva,dc=es' failed: Invalid credentials [80090308: LdapErr: DSID-0C09050F, comment: AcceptSecurityContext error, data 52e, v4563], referer: http://172.21.4.245/web/admin.php

---

The ldap configuration section I have is:
$ldap_host = "ldapad.edu.gva.es";
$ldap_v3 = true;
$ldap_tls = false;
$ldap_base_dn = "ou=EDUCACION,dc=edu,dc=gva,dc=es";
$ldap_dn_search_dn = "cn=consulta_DA,ou=EDUCACION,dc=edu,dc=gva,dc=es";
$ldap_dn_search_password = "******";
$ldap_user_attrib = "sAMAccountName";

And if I use the ldapsearch command I get a valid response:
ldapsearch -x -b "OU=EDUCACION,DC=edu,DC=gva,DC=es" -D [email protected] -w ****** -H ldap://ldapad.edu.gva.es '(&(memberof=CN=GRP_12001231,OU=EDUCACION,dc=edu,dc=gva,dc=es)(memberof=CN=DOCENTE_A3,OU=EDUCACION,dc=edu,dc=gva,dc=es))'| grep sAMAccountName

Perharps I'm missing something in the ldap configuration section.

Thanks in advance.

[campbell-m]

I don't know. Does this post help?

[jberanek]

You've confused LDAP settings. Instead of

$ldap_user_attrib = 'SAMAccountName';

You want:

$ldap_dn_search_attrib = 'SAMAccountName';

What you have is instructing MRBS to login a user as:

Samaccountname=[TYPEDUSER],[BASEDN]

instead of a discovered DN for the user.

[jberanek]

By the way the giveaway in the debug is the phrase "constructed dn..."

[jolosan]

Thanks for your help, but I'm not been able to make it work.
After doing your suggested changes, the log raises a language error.
Anyway I've changed authentication to the one based on a DB.
So I won't need by now the Ldap authentication.

[frmoronari]

Hi guys,
I have same problem, and i needed one solution for this.
In troubleshooting, i detect error on ldap debug informing message:
No username found. Check the value of $ldap_user_attrib in the MRBS config file. It is currently set to 'uid'.
With this, i replace $ldap_user_attrib = "uid"; for $ldap_user_attrib = "userPrincipalName"; in file systemdefaults.inc.php.
Now i have full Active Directory LDAP integration.