LDAP Authentication Fails Sometimes


#1

I’m trying to set up a Phabricator instance to authenticate users against Active Directory using the LDAP Auth module.

These are my settings:

LDAP Hostname: ldaps://ad.companyname.com
LDAP Port: 636
Base Distinguished Name: DC=ad,DC=companyname,DC=com
** Search Attributes**: (&(sAMAccountName=${login})(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Always Search: True
Anonymous Username: AD\service_account
Anonymous Password: XXX
Username Attribute: sAMAccountName
Realname Attributes: displayName
LDAP Version: 3
ActiveDirectory Domain: ad.companyname.com

Most of the time, LDAP authentication works. However, every so often, it throws an error:

LDAP Exception: Failed to bind to LDAP server (as user “AD\service_account”).
LDAP Error #-1: Can’t contact LDAP server

If you try it again - sometimes it takes one or two extra tries - you can log in successfully. I’m a bit perplexed because this works 100% of the time when I use bin/auth ldap to log in on the command line - and also when I run queries using ldapsearch.

EDIT: Nevermind. Fixed it!