LDAP error "no such object"


#1

Hello everybody,

I have a problem to get LDAP working together with phabricator. We have an ldap server and also a nextcloud instance using ldap authentication, so I can exclude a general ldap setup problem.

I have the following ldap settings:
Hostname : ldap-host
Port : 389
Base Distinguished Name : dc=pieye,dc=org
Search Attribute : (sAMAccountName=$(login))
Always Search : Yes
Anonymous Username : cn=admin,dc=pieye,dc=org
Anonymous Password : ****
Real Name attributes :
LDAP Version : 3
Referrals : No
Use TLS : No
Active Directory Domain :

I execute /bin/auth ldap --trace and get the following output, if I enter the correct password for the user:

[2] phabricator_auth
<<< [2] 1,684 us

[3] SELECT * FROM auth_providerconfig ORDER BY id DESC
<<< [3] 358 us
Enter LDAP Credentials

LDAP Username:  Proeller

[4] $ stty -echo
<<< [4] 5,722 us

LDAP Password:  >>> [5] <exec> $ stty echo

<<< [5] 5,090 us

Connecting to LDAP…

[6] connect (ldap-host:389)
<<< [6] 345 us

[7] bind (cn=admin,dc=pieye,dc=org)
<<< [7] 1,295 us

[8] search (dc=pieye,dc=org, sn=Proeller)
<<< [8] 942 us

[9] bind (cn=Markus Proeller,ou=people,dc=pieye,dc=org)
<<< [9] 323 us

[10] search (dc=pieye,dc=org, sn=Proeller)
<<< [10] 298 us
[2018-01-24 16:26:53] EXCEPTION: (Exception) LDAP Exception: LDAP search failed.
LDAP Error #32: No such object at [/src/auth/PhutilLDAPAuthAdapter.php:455]
arcanist(head=master, ref.master=165df12046e5), phabricator(head=master, ref.master=9d5d59f75949), phutil(head=master, ref.master=0a4487d37cd7)
#0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:415]
#1 PhutilLDAPAuthAdapter::searchLDAP(string, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:377]
#2 PhutilLDAPAuthAdapter::searchLDAPForRecord(string) called at [/src/auth/PhutilLDAPAuthAdapter.php:253]
#3 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:161]
#4 PhutilLDAPAuthAdapter::getLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:114]
#5 PhutilLDAPAuthAdapter::getAccountID() called at [/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
#6 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/PhutilArgumentParser.php:441]
#7 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php:333]
#8 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/setup/manage_auth.php:21]

If I enter a wrong password for the user I get the following output:

[2] phabricator_auth
<<< [2] 1,752 us

[3] SELECT * FROM auth_providerconfig ORDER BY id DESC
<<< [3] 206 us
Enter LDAP Credentials

LDAP Username:  Proeller

[4] $ stty -echo
<<< [4] 5,960 us

LDAP Password:  >>> [5] <exec> $ stty echo

<<< [5] 5,656 us

Connecting to LDAP…

[6] connect (ldap-host:389)
<<< [6] 423 us

[7] bind (cn=admin,dc=pieye,dc=org)
<<< [7] 1,322 us

[8] search (dc=pieye,dc=org, sn=Proeller)
<<< [8] 60,621 us

[9] bind (cn=Markus Proeller,ou=people,dc=pieye,dc=org)
<<< [9] 531 us
[2018-01-24 16:38:50] EXCEPTION: (PhutilAuthCredentialException) at [/src/auth/PhutilLDAPAuthAdapter.php:440]
arcanist(head=master, ref.master=165df12046e5), phabricator(head=master, ref.master=9d5d59f75949), phutil(head=master, ref.master=0a4487d37cd7)
#0 PhutilLDAPAuthAdapter::raiseConnectionException(resource, string) called at [/src/auth/PhutilLDAPAuthAdapter.php:481]
#1 PhutilLDAPAuthAdapter::bindLDAP(resource, string, PhutilOpaqueEnvelope) called at [/src/auth/PhutilLDAPAuthAdapter.php:251]
#2 PhutilLDAPAuthAdapter::loadLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:161]
#3 PhutilLDAPAuthAdapter::getLDAPUserData() called at [/src/auth/PhutilLDAPAuthAdapter.php:114]
#4 PhutilLDAPAuthAdapter::getAccountID() called at [/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:59]
#5 PhabricatorAuthManagementLDAPWorkflow::execute(PhutilArgumentParser) called at [/src/parser/argument/PhutilArgumentParser.php:441]
#6 PhutilArgumentParser::parseWorkflowsFull(array) called at [/src/parser/argument/PhutilArgumentParser.php:333]
#7 PhutilArgumentParser::parseWorkflows(array) called at [/scripts/setup/manage_auth.php:21]

This means to me, that the connection to the LDAP server works, the anonymous user can connect to it, but something doesn’t work after that. Can someone help me please?


#2

i have the same problerm,did u fixed it?
i think it’s pha’s problerm,my ldap server works fine with gitlab and jenkins and wiki
when i use ldapsearch like this:ldapsearch -x -b ou=people,dc=xxxx,dc=com -D “cn=admin,dc=smartirsec,dc=com” “cn=myname” -W
i can got the user,but with pha,
i got :
LDAP Exception: LDAP search failed.
LDAP Error #32: No such object


#3

I’m using phabricator with LDAP (openldap) without problems.
Very simple Setup:
Search attribute: uid
Always Search disabled

  # bin/auth ldap --trace
 >>> [2] (+0) <connect> phabricator_auth
<<< [2] (+1) <connect> 1,885 us
>>> [3] (+2) <query> SELECT * FROM `auth_providerconfig` ORDER BY `id` DESC
<<< [3] (+3) <query> 227 us
Enter LDAP Credentials
      LDAP Username:  *username*
>>> [4] (+1,988) <exec> $ stty -echo
<<< [4] (+1,994) <exec> 6,139 us
    LDAP Password:  *correct password*
>>> [5] (+5,179) <exec> $ stty echo
<<< [5] (+5,187) <exec> 7,319 us

Connecting to LDAP...
>>> [6] (+5,187) <ldap> connect (localhost:389)
<<< [6] (+5,198) <ldap> 11,173 us
>>> [7] (+5,198) <ldap> bind (uid=*username*,ou=People,dc=mydomain,dc=de)
<<< [7] (+5,199) <ldap> 603 us
>>> [8] (+5,199) <ldap> search (ou=People,dc=mydomain,dc=de, uid=*username*)
<<< [8] (+5,199) <ldap> 295 us
Found LDAP Account: *username*

the simplest variant.