Snipe-it: LDAP User Can't Log In

Need log output, etc.
http://docs.snipeitapp.com/getting-help.html

Sorry about that.

• Version of Snipe-IT: v2.1.0-8
• OS: Ubuntu 14.04.3 LTS
• Install method: used the install.sh method
• Browser error: "The username or password is incorrect"
• Specific page: logon page
• Attached log from /app/storage/logs

log-apache2handler-2016-02-04.txt

Didn't see anything nefarious in the apache logs.
Haven't edited any data manually in the database.
So far in the installation I've:

• Synchronized LDAP and imported my users.
• Added various Companies, Asset Models, Manufacturers, Suppliers - basic setup stuff.
• Added and assigned assets to imported users.
• Logged out of the local account and tried logging in with my domain account.

Let me know what else I can provide to help :)

[2016-02-04 14:17:28] production.DEBUG: Authenticating user against database. [] []
[2016-02-04 14:37:07] production.ERROR: 0 [] []
[2016-02-04 17:15:05] production.DEBUG: LDAP is enabled. [] []
[2016-02-04 17:15:05] production.DEBUG: Sentry lookup complete [] []
[2016-02-04 17:15:05] production.DEBUG: Local user bbjarn exists in database. Authenticating existing user against LDAP. [] []
[2016-02-04 17:15:05] production.DEBUG: User did not authenticate correctly against LDAP. Local user was not updated. [] []
[2016-02-04 17:15:05] production.DEBUG: Authenticating user against database. [] []
[2016-02-04 17:15:05] production.DEBUG: Local authentication: User bbjarn not found

That last one is actually incorrect - "User foo not found" can be shown when the user or the password is incorrect, but [2016-02-04 14:37:07] production.ERROR: 0 [] [] is interesting. I'm not sure what that would mean.

To update, I totally flattened the server and rebuilt it. I'm having the same problem, users imported from Active Directory are unable to log in with their credentials. I turned on debug logging and tried checked, getting the exact same errors that you listed. Any ideas?

What are your LDAP settings? (post a redacted screenshot)

Screenshot pasted in. I removed the LDAP server, Bind username / password, and Base DN (it points to an OU where all of our users live at). Had to play with the LDAP filter, for some reason leaving as &(objectclass=user)(objectcategory=person) wouldn't pull in all users correctly, but adding (sn=_)(givenname=_) seemed to fix it.

Your auth problem will be solved by changing the "LDAP Authentication Query" to samaccountname=.

Sure enough, that worked! Thank you so much.

Hi there,

I'm facing the same issue with LDAP. Currently, users has been imported successfully but none of them are able to login with domain account. Error message: Error: The username or password is incorrect.

System info:

Snipe-IT version v3.4.0
PHP Version 5.5.38
Laravel Version 5.2.45

error log:

[2016-11-11 13:37:49] production.DEBUG: LDAP is enabled.
[2016-11-11 13:37:49] production.DEBUG: Local auth lookup complete
[2016-11-11 13:37:49] production.DEBUG: Binding user to LDAP.
[2016-11-11 13:37:49] production.DEBUG: Local user xxxxxx exists in database. Authenticating existing user against LDAP.
[2016-11-11 13:37:49] production.DEBUG: User xxxxxx did not authenticate correctly against LDAP. Local user was not updated.
[2016-11-11 13:37:49] production.DEBUG: Authenticating user against database.
[2016-11-11 13:37:50] production.DEBUG: Local authentication failed.

Attached is LDAP Config settings.

Thanks a lot for support

samaccountname= should be standard..... this issue was wasting a lot of time... I even thought it was an issue within the docker container and I started to analyse the ldap import using... php artisan snipeit:ldap-sync --summary

samaccountname= should be standard

Not sure what you mean? That's in the documentation.

samaccountname= in the LDAP Authentication query solved it for me.

samaccountname= should be standard

Not sure what you mean? That's in the documentation.

I think @mwiora meant is that it should be the default value in the field. In the docs, it's written "Usually sAMAccountName=" so why not put this value by default in the field?