Please confirm you have done the following before posting your bug report:
- [x] I have enabled debug mode
- [x] I have read checked the Common Issues page
Describe the bug
I set up the LDAP with snipe it. Test LDAP is OK. But Test LDAP login always show the "ldap_search(): Search: No such object".
To Reproduce
Steps to reproduce the behavior:
- Go to 'Admin'
- Click on 'LDAP'
- Scroll down to 'Test LDAP Login'
- Click on 'Test LDAP Login'
- See error
Expected behavior
Can use LDAP username and password login with snipe it.
Screenshots
Server (please complete the following information):
- Snipe-IT Version 4.7.4
- OS: Docker
Desktop (please complete the following information):
- OS: macOS
- Browser: chrome
- Version: 75.0.3770.100
Error Messages
[16:44:58] LOG.debug: Preparing to test LDAP login
[16:44:58] LOG.debug: Attempting to bind to LDAP for LDAP test
[16:44:58] LOG.debug: Attempting to login using distinguished name:cn=zhang-zb,cn=users,dc=xxx,dc=org
[16:44:58] LOG.debug: LDAP login failed
Additional context
I lookup our openldap server log. I found when the snipe it login to the ldap, it will bind twice. The first time use the LDAP Bind Username what I set up in snipe it. The second time, it will bind the server use my test username. I think the twice bind is very strange, because if you use the username to bind the server, you just can get the information for 'cn=zhang-zb,cn=users,dc=xxx,dc=org', you can not get the information for base DN 'cn=users,dc=xxx,dc=org'
z-zhenbin
All 13 comments
I experience the same issue with LDAP ACLs that restrict users from accessing anything but their own entry in the directory (which setups like the most popular OpenLDAP docker container seem to do by default).
What is fixing this for me is no longer searching the directory, but directly loading the user entry via its DN (app/Models/Ldap.php, master as of today):
- if (!$results = ldap_search($connection, $baseDn, $filterQuery)) {
+ if (!$results = ldap_read($connection, $userDn, $settings->ldap_filter)) {
The LDAP setup seems to be redone on the develop branch, but I'm seeing similar search calls that I would imagine run into the same issue.
a3li
on 16 Jul 2019
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Don't take it personally, we just need to keep a handle on things. Thank you for your contributions!
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 14 Sep 2019
This is still relevant, dear bot. I was hoping your owner would comment on my approach to fixing this which I guess does not 100% concur with the way the LDAP setup in Snipe-IT is supposed to work.
a3li
on 20 Sep 2019
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know!
stale[bot]
on 20 Sep 2019
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Don't take it personally, we just need to keep a handle on things. Thank you for your contributions!
stale[bot]
on 19 Nov 2019
see above
a3li
on 19 Nov 2019
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know!
stale[bot]
on 19 Nov 2019
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Don't take it personally, we just need to keep a handle on things. Thank you for your contributions!
stale[bot]
on 19 Jan 2020
This issue has been automatically closed because it has not had recent activity. If you believe this is still an issue, please confirm that this issue is still happening in the most recent version of Snipe-IT and reply to this thread to re-open it.
stale[bot]
on 26 Jan 2020
I have the same problem with openldap
splin13
on 6 Oct 2020
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know!
stale[bot]
on 6 Oct 2020
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know!
stale[bot]
on 6 Oct 2020
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know!
stale[bot]
on 6 Oct 2020
Related issues
Neor5804
·
3Comments
ericdude101
·
5Comments
sbenoit89
·
5Comments
memtech3
·
4Comments
comisso
·
4Comments
Most helpful comment
I experience the same issue with LDAP ACLs that restrict users from accessing anything but their own entry in the directory (which setups like the most popular OpenLDAP docker container seem to do by default).
What is fixing this for me is no longer searching the directory, but directly loading the user entry via its DN (
app/Models/Ldap.php,masteras of today):The LDAP setup seems to be redone on the
developbranch, but I'm seeing similarsearchcalls that I would imagine run into the same issue.