Hello everybody,
I have a problem to get LDAP working together with phabricator. We have an ldap server and also a nextcloud instance using ldap authentication, so I can exclude a general ldap setup problem.
I have the following ldap settings:
Hostname : ldap-host
Port : 389
Base Distinguished Name : dc=pieye,dc=org
Search Attribute : (sAMAccountName=$(login))
Always Search : Yes
Anonymous Username : cn=admin,dc=pieye,dc=org
Anonymous Password : ****
Real Name attributes :
LDAP Version : 3
Referrals : No
Use TLS : No
Active Directory Domain :
I execute /bin/auth ldap --trace and get the following output, if I enter the correct password for the user:
[2] phabricator_auth
<<< [2] 1,684 us[3] SELECT * FROM
auth_providerconfig
ORDER BYid
DESC
<<< [3] 358 us
Enter LDAP Credentials
LDAP Username: Proeller
[4] $ stty -echo
<<< [4] 5,722 us
LDAP Password: >>> [5] <exec> $ stty echo
<<< [5] 5,090 us
Connecting to LDAP…
[6] connect (ldap-host:389)
<<< [6] 345 us[7] bind (cn=admin,dc=pieye,dc=org)
<<< [7] 1,295 us[8] search (dc=pieye,dc=org, sn=Proeller)
<<< [8] 942 us[9] bind (cn=Markus Proeller,ou=people,dc=pieye,dc=org)
<<< [9] 323 us[10] search (dc=pieye,dc=org, sn=Proeller)
<<< [10] 298 us
[2018-01-24 16:26:53] EXCEPTION: (Exception) LDAP Exception: LDAP search failed.
LDAP Error #32: No such object at [/src/auth/PhutilLDAPAuthAdapter.php:455]
arcanist(head=master, ref.master=165df12046e5), phabricator(head=master, ref.master=9d5d59f75949), phutil(head=master, ref.master=0a4487d37cd7)
#0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:415]
#1 PhutilLDAPAuthAdapter::searchLDAP(string, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:377]
#2 PhutilLDAPAuthAdapter::searchLDAPForRecord(string) called at [/src/auth/PhutilLDAPAuthAdapter.php:253]
#3 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:161]
#4 PhutilLDAPAuthAdapter::getLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:114]
#5 PhutilLDAPAuthAdapter::getAccountID() called at [/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
#6 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/PhutilArgumentParser.php:441]
#7 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php:333]
#8 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/setup/manage_auth.php:21]
If I enter a wrong password for the user I get the following output:
[2] phabricator_auth
<<< [2] 1,752 us[3] SELECT * FROM
auth_providerconfig
ORDER BYid
DESC
<<< [3] 206 us
Enter LDAP Credentials
LDAP Username: Proeller
[4] $ stty -echo
<<< [4] 5,960 us
LDAP Password: >>> [5] <exec> $ stty echo
<<< [5] 5,656 us
Connecting to LDAP…
[6] connect (ldap-host:389)
<<< [6] 423 us[7] bind (cn=admin,dc=pieye,dc=org)
<<< [7] 1,322 us[8] search (dc=pieye,dc=org, sn=Proeller)
<<< [8] 60,621 us[9] bind (cn=Markus Proeller,ou=people,dc=pieye,dc=org)
<<< [9] 531 us
[2018-01-24 16:38:50] EXCEPTION: (PhutilAuthCredentialException) at [/src/auth/PhutilLDAPAuthAdapter.php:440]
arcanist(head=master, ref.master=165df12046e5), phabricator(head=master, ref.master=9d5d59f75949), phutil(head=master, ref.master=0a4487d37cd7)
#0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:481]
#1 PhutilLDAPAuthAdapter::bindLDAP(resource, string, PhutilOpaqueEnvelope) called at [/src/auth/PhutilLDAPAuthAdapter.php:251]
#2 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:161]
#3 PhutilLDAPAuthAdapter::getLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:114]
#4 PhutilLDAPAuthAdapter::getAccountID() called at [/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
#5 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/PhutilArgumentParser.php:441]
#6 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php:333]
#7 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/setup/manage_auth.php:21]
This means to me, that the connection to the LDAP server works, the anonymous user can connect to it, but something doesn’t work after that. Can someone help me please?