FR3DLdapBundle - Binding requires username in DN form

Question

I'm using FR3DLdapBundle with FOSUserBundle.

Symfony 2.5.6

FOSUserBundle ~2.0@dev

FR3DLdapBundle ~2.0@dev

$ldapManager = $this->get('fr3d_ldap.ldap_manager');
print_r($ldapManager->findUserByUsername('nhoang@ldap.example.com'));

But I catch one error.

Binding requires username in DN form 
CRITICAL - Uncaught PHP Exception FR3D\LdapBundle\Driver\LdapDriverException: "An error occur with the search operation." at myproj\vendor\fr3d\ldap-bundle\FR3D\LdapBundle\Driver\ZendLdapDriver.php line 55 

I have done everything in the installation documents

config.yml

fr3d_ldap:
    driver:
        host:                ldap.example.com
        port:                389
        username:            ldapadmin@ldap.example.com
        password:            password
        bindRequiresDn:      true
        baseDn:              dc=ldap,dc=example,dc=com
        accountFilterFormat: (&(uid=%s)) # Optional. sprintf format %s will be the username
    user:
        baseDn: dc=ldap,dc=example,dc=com
        filter: (&(ObjectClass=Person))
        attributes:
          - { ldap_attr: uid,  user_method: setUsername }

security.yml

providers:
    chain_provider:
        chain:
            providers: [fos_userbundle, fr3d_ldapbundle]        

    fr3d_ldapbundle:
        id: fr3d_ldap.security.user.provider

    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    admin:
        pattern: /admin/(.*)
        form_login:
            provider:       fos_userbundle
            csrf_provider:  form.csrf_provider
            login_path:     _admin_login
            check_path:     _admin_login_check
            default_target_path: /admin
        logout:
            path:           _admin_logout
            target:         _admin_login
        anonymous:  true
    main:
        pattern: ^/
        fr3d_ldap: ~
        form_login:
            provider:       chain_provider
            csrf_provider:  form.csrf_provider            
            default_target_path: /profile
        logout: true
        anonymous: true
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false

    default:
        anonymous: ~

I don't get how to make this work.

Answer 1

We faced the very same issue when trying to make our internal auxiliary tool to work with corporate domain authentication.

We had to do the following to get it to work:

Even though fr3d documentation says this is for OpenLDAP only, we tried to set special auth account username in the following form under driver settings (instead of AuthAccount@dns.example.com, and yes, our corporate LDAP is Microsoft AD):

config.yml

fr3d_ldap:
        driver:
            host:                dns.example.com
            port:                389
            username:            CN=AuthAccount,OU=Pseudo Accounts,OU=Managed Objects,DC=example,DC=com
            password:            yourPassw0rd
            bindRequiresDn:      true

Note there is no baseDn at all (already set in username, otherwise further filtering will work incorrectly).

After that the issue is gone and the only thing left is to correctly set the user settings:

user:
            baseDn: OU=Managed Objects,DC=example,DC=com
            filter: (&(sAMAccountName=%s))

Still have some work to do with attributes and so on, but with the above settings the LDAP auth itself started to work fine and we were able to log in to our tool with domain credentials.