Why can not I log in with my LDAP credentials on Symfony3?
Question
I've install FR3LdapBundle & FOSUserBundle with Symfony3 successfully as per my blog, and I'm able to authenticate against this test LDAP server; but now I'm trying to authenticate against our internal Active Directory Server. Here is the change in config (I have obsfucated the config information on purpose):
fr3d_ldap:
driver:
host: somehost
username: administrateur
password: somepass
port: 389
accountDomainName: somedom.local
accountDomainNameShort: somedom
user:
usernameAttribute: administrateur
baseDn: ou=utilisateurs,dc=somedom,dc=local
attributes:
- { ldap_attr: administrateur, user_method: setUsername }
- { ldap_attr: mail, user_method: setEmail }
filter: (&(ObjectClass=person))
The above is the only change I made. In my DEV logs, when I log in I get these important messages:
[2017-05-09 15:56:54] ldap_driver.DEBUG: ldap_search(ou=utilisateurs,dc=somedom,dc=local, (&(&(ObjectClass=person)) (sAMAccountName=somedom\5cadministrateur)), [array]) {"action":"ldap_search","base_dn":"ou=utilisateurs,dc=somedom,dc=local","filter":"(&(&(ObjectClass=person))(sAMAccountName=somedom\\5cadministrateur))","attributes":[]} []
[2017-05-09 15:56:54] security.INFO: User somedom\administrateur not found on LDAP {"action":"loadUserByUsername","username":"somedom\\administrateur","result":"not found"} []
So I wonder if I need a special config?
1 answers
solution1
0 ACCPTED 2017-05-10 15:06:35
Login as:
administrateur
instead, in the log it shows you are trying to login as "somedom\\administrateur", but you don't need to add the domain.
I think that's the problem. Can you try it and if it doesn't work, I'll get you to try something else.
EDIT #2
I also see you have this set in your config.yml code:
attributes:
- { ldap_attr: administrateur, user_method: setUsername }
But instead should be:
attributes:
- { ldap_attr: samaccountname, user_method: setUsername }
Then if you use the LDAP browser, verify that the user exists in the baseDn you specified, and look for the attribute sAMAccountName and this is the user string you should enter in the login name field.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.