LDAP error "no such object"

mproeller · 2018-01-24 15:39:56 UTC

Hello everybody,

I have a problem to get LDAP working together with phabricator. We have an ldap server and also a nextcloud instance using ldap authentication, so I can exclude a general ldap setup problem.

I have the following ldap settings:
Hostname : ldap-host
Port : 389
Base Distinguished Name : dc=pieye,dc=org
Search Attribute : (sAMAccountName=$(login))
Always Search : Yes
Anonymous Username : cn=admin,dc=pieye,dc=org
Anonymous Password : ****
Real Name attributes :
LDAP Version : 3
Referrals : No
Use TLS : No
Active Directory Domain :

I execute /bin/auth ldap --trace and get the following output, if I enter the correct password for the user:

[2] phabricator_auth
<<< [2] 1,684 us

[3] SELECT * FROM auth_providerconfig ORDER BY id DESC
<<< [3] 358 us
Enter LDAP Credentials

LDAP Username:  Proeller

[4] $ stty -echo
<<< [4] 5,722 us

LDAP Password:  >>> [5] <exec> $ stty echo

<<< [5] 5,090 us

Connecting to LDAP…

[6] connect (ldap-host:389)
<<< [6] 345 us

[7] bind (cn=admin,dc=pieye,dc=org)
<<< [7] 1,295 us

[8] search (dc=pieye,dc=org, sn=Proeller)
<<< [8] 942 us

[9] bind (cn=Markus Proeller,ou=people,dc=pieye,dc=org)
<<< [9] 323 us

[10] search (dc=pieye,dc=org, sn=Proeller)
<<< [10] 298 us
[2018-01-24 16:26:53] EXCEPTION: (Exception) LDAP Exception: LDAP search failed.
LDAP Error #32: No such object at [/src/auth/PhutilLDAPAuthAdapter.php:455]
arcanist(head=master, ref.master=165df12046e5), phabricator(head=master, ref.master=9d5d59f75949), phutil(head=master, ref.master=0a4487d37cd7)
#0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:415]
#1 PhutilLDAPAuthAdapter::searchLDAP(string, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:377]
#2 PhutilLDAPAuthAdapter::searchLDAPForRecord(string) called at [/src/auth/PhutilLDAPAuthAdapter.php:253]
#3 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:161]
#4 PhutilLDAPAuthAdapter::getLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:114]
#5 PhutilLDAPAuthAdapter::getAccountID() called at [/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
#6 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/PhutilArgumentParser.php:441]
#7 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php:333]
#8 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/setup/manage_auth.php:21]

If I enter a wrong password for the user I get the following output:

[2] phabricator_auth
<<< [2] 1,752 us

[3] SELECT * FROM auth_providerconfig ORDER BY id DESC
<<< [3] 206 us
Enter LDAP Credentials

LDAP Username:  Proeller

[4] $ stty -echo
<<< [4] 5,960 us

LDAP Password:  >>> [5] <exec> $ stty echo

<<< [5] 5,656 us

Connecting to LDAP…

[6] connect (ldap-host:389)
<<< [6] 423 us

[7] bind (cn=admin,dc=pieye,dc=org)
<<< [7] 1,322 us

[8] search (dc=pieye,dc=org, sn=Proeller)
<<< [8] 60,621 us

[9] bind (cn=Markus Proeller,ou=people,dc=pieye,dc=org)
<<< [9] 531 us
[2018-01-24 16:38:50] EXCEPTION: (PhutilAuthCredentialException) at [/src/auth/PhutilLDAPAuthAdapter.php:440]
arcanist(head=master, ref.master=165df12046e5), phabricator(head=master, ref.master=9d5d59f75949), phutil(head=master, ref.master=0a4487d37cd7)
#0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:481]
#1 PhutilLDAPAuthAdapter::bindLDAP(resource, string, PhutilOpaqueEnvelope) called at [/src/auth/PhutilLDAPAuthAdapter.php:251]
#2 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:161]
#3 PhutilLDAPAuthAdapter::getLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:114]
#4 PhutilLDAPAuthAdapter::getAccountID() called at [/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
#5 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/PhutilArgumentParser.php:441]
#6 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php:333]
#7 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/setup/manage_auth.php:21]

This means to me, that the connection to the LDAP server works, the anonymous user can connect to it, but something doesn’t work after that. Can someone help me please?

qiu_zhi · 2019-01-31 07:48:36 UTC

i have the same problerm,did u fixed it?
i think it’s pha’s problerm,my ldap server works fine with gitlab and jenkins and wiki
when i use ldapsearch like this:ldapsearch -x -b ou=people,dc=xxxx,dc=com -D “cn=admin,dc=smartirsec,dc=com” “cn=myname” -W
i can got the user,but with pha,
i got :
LDAP Exception: LDAP search failed.
LDAP Error #32: No such object

gjanak · 2019-02-03 21:12:41 UTC

I’m using phabricator with LDAP (openldap) without problems.
Very simple Setup:
Search attribute: uid
Always Search disabled

  # bin/auth ldap --trace
 >>> [2] (+0) <connect> phabricator_auth
<<< [2] (+1) <connect> 1,885 us
>>> [3] (+2) <query> SELECT * FROM `auth_providerconfig` ORDER BY `id` DESC
<<< [3] (+3) <query> 227 us
Enter LDAP Credentials
      LDAP Username:  *username*
>>> [4] (+1,988) <exec> $ stty -echo
<<< [4] (+1,994) <exec> 6,139 us
    LDAP Password:  *correct password*
>>> [5] (+5,179) <exec> $ stty echo
<<< [5] (+5,187) <exec> 7,319 us

Connecting to LDAP...
>>> [6] (+5,187) <ldap> connect (localhost:389)
<<< [6] (+5,198) <ldap> 11,173 us
>>> [7] (+5,198) <ldap> bind (uid=*username*,ou=People,dc=mydomain,dc=de)
<<< [7] (+5,199) <ldap> 603 us
>>> [8] (+5,199) <ldap> search (ou=People,dc=mydomain,dc=de, uid=*username*)
<<< [8] (+5,199) <ldap> 295 us
Found LDAP Account: *username*

the simplest variant.