(forgive me, I'm trying to get all the giant text out)
When I attempt authentication using ldap, login fails, and I don't see an actual SRCH happening on the ldap server side, I'm using this same bind user /pw on my mastodon server to do ldap auth with no issues and the search succeeds at the command line Current dokuwiki on Alma 8, OpenLDAP on Ubuntu 22
Please, what am I missing?
(have tried some variations to the below, with no joy, including
$conf['plugin']['authldap']['attributes'] = array('dn' , 'uid', 'memberof');
$conf['plugin']['authldap']['attributes'] = array('cn', 'displayname', 'mail', 'givenname', 'objectclass', 'sn', 'uid', 'memberof');
$conf['plugin']['authldap']['userscope'] = 'sub';
$conf['plugin']['authldap']['groupscope'] = 'sub';
$conf['plugin']['authldap']['modPass'] = 0;
changing usertree to include
conf['plugin']['authldap']['usertree'] = 'uid=%{user},ou=People,dc=example,dc=com'
local.config:
$conf['plugin']['authldap']['server'] = 'ldap.example.com';
$conf['plugin']['authldap']['usertree'] = 'ou=People,dc=example,dc=com';
$conf['plugin']['authldap']['grouptree'] = 'ou=Group,dc=example,dc=com';
$conf['plugin']['authldap']['userfilter'] = ' (&(uid=%{user})(objectClass=posixAccount))';
$conf['plugin']['authldap']['groupfilter'] = '(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
$conf['plugin']['authldap']['starttls'] = 1;
$conf['plugin']['authldap']['debug'] = 1;
$conf['plugin']['authldap']['version'] = 3;
$conf['plugin']['authldap']['binddn'] = 'uid=binddummy,ou=People,dc=example,dc=com';
$conf['plugin']['authldap']['bindpw'] = '<b>snipped=';
$conf['plugin']['authldap']['attributes'] = array();
Debug error: (it's not actually doing the search)
LDAP user to find: betsys [auth.php:190]
LDAP Server: ldap.example.com [auth.php:193]
LDAP Filter: (&(uid=betsys)(objectClass=posixAccount)) [auth.php:203]
LDAP user search: Success [auth.php:205]
LDAP search at: ou=People,dc=example,dc=com (&(uid=betsys)(objectClass=posixAccount)) [auth.php:206]
User ldap_search failed. Check configuration. [auth.php:209]
Sorry, username or password was wrong.
slapd log on ldap server: notice no SRCH line!
[15-04-2024 04:40:11] slapd debug conn=1087 fd=22 ACCEPT from IP=<snip>:60438 (IP=0.0.0.0:389)
[15-04-2024 04:40:11] slapd debug conn=1087 op=0 EXT oid=1.3.6.1.4.1.1466.20037
[15-04-2024 04:40:11] slapd debug conn=1087 op=0 STARTTLS
[15-04-2024 04:40:11] slapd debug conn=1087 op=0 RESULT oid= err=0 qtime=0.000008 etime=0.000055 text=
[15-04-2024 04:40:11] slapd debug conn=1087 fd=22 TLS established tls_ssf=256 ssf=256 tls_proto=TLS1.3 tls_cipher=AES-256-GCM
[15-04-2024 04:40:11] slapd debug conn=1087 op=1 BIND dn="uid=binddummy,ou=People,dc=example,dc=com" method=128
[15-04-2024 04:40:11] slapd debug conn=1087 op=1 BIND dn="uid=binddummy,ou=People,dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=256
[15-04-2024 04:40:11] slapd debug conn=1087 op=1 RESULT tag=97 err=0 qtime=0.000010 etime=0.000542 text=
[15-04-2024 04:40:11] slapd debug conn=1087 op=2 BIND anonymous mech=implicit bind_ssf=0 ssf=256
[15-04-2024 04:40:11] slapd debug conn=1087 op=2 BIND dn="uid=binddummy,ou=People,dc=example,dc=com" method=128
[15-04-2024 04:40:11] slapd debug conn=1087 op=2 BIND dn="uid=binddummy,ou=People,dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=256
[15-04-2024 04:40:11] slapd debug conn=1087 op=2 RESULT tag=97 err=0 qtime=0.000016 etime=0.000540 text=
[15-04-2024 04:40:11] slapd debug conn=1087 op=3 UNBIND
[15-04-2024 04:40:11] slapd debug conn=1087 fd=22 closed
running query at the command line from the dokuwiki host with the same bind user:
ldapsearch -h ldap.example.com -x -W -D "uid=binddummy,ou=People,dc=example,dc=com" -b "ou=People,dc=example,dc=com" "(&(uid=betsys)(objectClass=posixAccount))"
Enter LDAP Password:
#extended LDIF
# LDAPv3
# base <ou=People,dc=example,dc=com> with scope subtree
# filter: (&(uid=betsys)(objectClass=posixAccount))
# requesting: ALL
#
# betsys, People, example.com
dn: uid=betsys,ou=People,dc=example,dc=com
uid: betsys
<snip>"
slapd log from above query: note SRCH line
[15-04-2024 05:09:06] slapd debug conn=1099 fd=22 ACCEPT from IP=<snip>:34812 (IP=0.0.0.0:389)
[15-04-2024 05:09:06] slapd debug conn=1099 op=0 BIND dn="uid=binddummy,ou=People,dc=example,dc=com" method=128
[15-04-2024 05:09:06] slapd debug conn=1099 op=0 BIND dn="uid=binddummy,ou=People,dc=example,dc=com" mech=SIMPLE bind_ssf=0 ssf=0
[15-04-2024 05:09:06] slapd debug conn=1099 op=0 RESULT tag=97 err=0 qtime=0.000008 etime=0.000604 text=
[15-04-2024 05:09:06] slapd debug conn=1099 op=1 SRCH base="ou=People,dc=example,dc=com" scope=2 deref=0 filter="(&(uid=betsys)(objectClass=posixAccount))"
[15-04-2024 05:09:06] slapd debug conn=1099 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000016 etime=0.000136 nentries=1 text=
[15-04-2024 05:09:06] slapd debug conn=1099 op=2 UNBIND
[15-04-2024 05:09:06] slapd debug conn=1099 fd=22 closed