Unable to login via LDAP connection to active directory

Pasta98 · 2024-11-04 17:39:08

After upgrading from version 10.0.15 to 10.0.16 my connection to active directory no longer works. The connection test is successful but it is impossible to login, I just get 'incorrect username or password'.

My LDAP settings are:
Default server: Yes
Active: Yes
Server: ip address of active directory server
port: 389
Connection filter: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
BaseDN: cn=Users,dc=(org name),dc=com
Use bind: Yes
RootDn: cn=Administrador,cn=Users,dc=(org name),dc=com
password: (password)
login field: samaccountname
synchronization field: objectguid

I have an error in /var/log/glpi/php-errors.log which says 'LDAP search with baseDN (baseDN) and filter (connection filter) failed. Error: bad search filter (-7) in /var/www/html/glpi/src/AuthLDAP.php at line 3614'

Can anyone help me with this? I´ve tried everything I can find but nothing seems to make a difference.

krischeu · 2024-11-05 09:45:50

LDAP is still not working at my installation.
But I have no skills at AD with things like BaseDN/RootDN.
I am with glpi at version 10.0.16, Test is still ok. But no user is found to be imported.
Can you import a new user?

cconard96 · 2024-11-05 13:51:19

I don't see any changed between 10.0.15 and 10.0.16 that would have changed LDAP authentication/import/sync.

Your connection filter also appears to be correct (the default GLPI uses for Active Directory).

Pasta98 · 2024-11-05 15:49:36

No I can´t import any users either.

krischeu · 2024-11-06 09:46:32

Today, I got some time. --> You are using really DC=com? On a normal on premise installation of an AD the standard entry is local

I solved my problem - no users found for importing. The test was working.
I changed Connection filter to: (&(objectClass=user)(objectCategory=person))
BaseDN is now only this: DC=asdfasdf,DC=local
Login Feld: samaccountname
Synchronisationsfeld: objectguid

Last edited by krischeu (2024-11-06 09:47:29)

Pasta98 · 2024-11-06 15:43:46

Yes the DC is definitely correct, I tried using your connection filter and still nothing changes

Pasta98 · 2024-11-06 17:13:58

I´ve also noticed that all the users which were previously imported to GLPI when LDAP was working now have a "User missing in LDAP directory" message under authentication in their profiles.

Last edited by Pasta98 (2024-11-06 17:14:11)

Pasta98 · 2024-11-06 17:42:26

If I try to import users from Aministration-> Users-> LDAP directories-> Import new users and click on "expert mode", many users appear, but if I try to import them I get "Error on executing the action"

marioalpha · 2024-11-16 14:35:47

check that the parameters used are correct and have not changed in your AD
to do this there are various methods, I use ldapsearch.

Pasta98 · 2024-11-18 16:02:56

I ended up reinstalling and with the exact same settings it works perfectly now...

Last edited by Pasta98 (2024-11-18 16:03:10)

Forum GLPI-Project

Announcement

#1 2024-11-04 17:39:08

Unable to login via LDAP connection to active directory

#2 2024-11-05 09:45:50

Re: Unable to login via LDAP connection to active directory

#3 2024-11-05 13:51:19

Re: Unable to login via LDAP connection to active directory

#4 2024-11-05 15:49:36

Re: Unable to login via LDAP connection to active directory

#5 2024-11-06 09:46:32

Re: Unable to login via LDAP connection to active directory

#6 2024-11-06 15:43:46

Re: Unable to login via LDAP connection to active directory

#7 2024-11-06 17:13:58

Re: Unable to login via LDAP connection to active directory

#8 2024-11-06 17:42:26

Re: Unable to login via LDAP connection to active directory

#9 2024-11-16 14:35:47

Re: Unable to login via LDAP connection to active directory

#10 2024-11-18 16:02:56

Re: Unable to login via LDAP connection to active directory

Board footer