I am unable to connect to LDAP server. I am getting "bad LDAP server configuration"
If I try checking the connection using ldapsearch on command line it works fine. I have also tried connecting to host using telnet and that also connects fine.
I assume you are testing ldapsearch from the same server?
So which one is your actual configuration? You seem to have 2 different sets? Is the backslash after CN=Test intended? Have you just tried specifying the user as test@domain.org ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes we are doing ldapsearch from same server.
Now we are able to establish connection but we are unable to search the user.
2nd set of config is the actual config.
Also backslash is intended to escape the , character which is part of name like Test, User
This is the error log entry
2024-04-19 12:42:46 | Info | | ldap_set_option('17', '3') returned true | IssueLog |||
2024-04-19 12:42:46 | Info | | ldap_set_option('8', '0') returned true | IssueLog |||
2024-04-19 12:42:46 | Error | | ldap_authentication: no entry found with the query '(& (objectClass=user) (| (userPrincipalName=rathores) (sAMAccountName=rathores)))', base_dn = 'OU=Pro,OU=Users,OU=AT,dc=at,dc=ad,dc=tmo'. User not found in LDAP. | IssueLog |||
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We tried using email address also and there was no difference. We got same response.
However, I am just curious if this can be responsible for the issue because in ldapsearch same thing is working
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think your LDAP query may be wrong. Why use both userprincipalname (which usually looks like email address) and sAMAccountName?
2024-04-19 12:42:46 | Error | | ldap_authentication: no entry found with the query '(& (objectClass=user) (| (userPrincipalName=rathores) (sAMAccountName=rathores)))', base_dn = 'OU=Pro,OU=Users,OU=AT,dc=at,dc=ad,dc=tmo'. User not found in LDAP. | IssueLog |||
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't think so. Reason is that we have tried every possible combination in user query
We tried only userPrincipalName and also using only sAMAccountName and it did not work. We tried username, email in values but nothing worked.
However when we tried with only the objectClass without userPrincipalName or sAMAccountName then it returned all the users.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am unable to connect to LDAP server. I am getting "bad LDAP server configuration"
If I try checking the connection using ldapsearch on command line it works fine. I have also tried connecting to host using telnet and that also connects fine.
Following is the configuration.
'authent-ldap' => array (
'host' => 'localhost',
'port' => 389,
'default_user' => '',
'default_pwd' => '',
'base_dn' => 'dc=yourcompany,dc=com',
'user_query' => '(&(uid=%1$s)(inetuserstatus=ACTIVE))',
'options' => array (
17 => 3,
8 => 0,
),
'start_tls' => false,
'debug' => true,
'servers' => array (
'authent-ldap' =>
array (
'host' => 'ldaps://host:636',
'port' => NULL,
'default_user' => 'CN=Test\, User,OU=Pro,OU=Users,OU=AT,DC=at,DC=ad,DC=tmo',
'default_pwd' => '',
'base_dn' => 'OU=Pro,OU=Users,OU=AT,dc=at,dc=ad,dc=tmo',
'user_query' => '(& (objectClass=user) (| (userPrincipalName=%1$s) (sAMAccountName=%1$s)))',
'options' =>
array (
17 => 3,
8 => 0,
),
'start_tls' => false,
'debug' => true,
),
),
I assume you are testing ldapsearch from the same server?
So which one is your actual configuration? You seem to have 2 different sets? Is the backslash after CN=Test intended? Have you just tried specifying the user as test@domain.org ?
Yes we are doing ldapsearch from same server.
Now we are able to establish connection but we are unable to search the user.
2nd set of config is the actual config.
Also backslash is intended to escape the , character which is part of name like Test, User
This is the error log entry
2024-04-19 12:42:46 | Info | | ldap_set_option('17', '3') returned true | IssueLog |||
2024-04-19 12:42:46 | Info | | ldap_set_option('8', '0') returned true | IssueLog |||
2024-04-19 12:42:46 | Error | | ldap_authentication: no entry found with the query '(& (objectClass=user) (| (userPrincipalName=rathores) (sAMAccountName=rathores)))', base_dn = 'OU=Pro,OU=Users,OU=AT,dc=at,dc=ad,dc=tmo'. User not found in LDAP. | IssueLog |||
Just FYI,
The above command works fine and gives the following output
Last edit: Shantnu Jain 2024-04-23
I have also removed extra config. Now the config is
I have also added authent-ldap1 in ldapserver detail of the user.
Which LDAP server are you using? Microsoft Active Directory?
Apologies for late reply but I had to confirm this with the network team.
As for your query, yes we are using Microsoft Active Directory.
Any reason you didn't specify your user in a much more simple format? ( someuser@yourdomain.org ; or YOURDOMAIN\someuser )?
We tried using email address also and there was no difference. We got same response.
However, I am just curious if this can be responsible for the issue because in ldapsearch same thing is working
I think your LDAP query may be wrong. Why use both userprincipalname (which usually looks like email address) and sAMAccountName?
2024-04-19 12:42:46 | Error | | ldap_authentication: no entry found with the query '(& (objectClass=user) (| (userPrincipalName=rathores) (sAMAccountName=rathores)))', base_dn = 'OU=Pro,OU=Users,OU=AT,dc=at,dc=ad,dc=tmo'. User not found in LDAP. | IssueLog |||I don't think so. Reason is that we have tried every possible combination in user query
We tried only userPrincipalName and also using only sAMAccountName and it did not work. We tried username, email in values but nothing worked.
However when we tried with only the objectClass without userPrincipalName or sAMAccountName then it returned all the users.