Okay, it’s just odd, I’ve never seen one in that format before. Did you change the schema and retest?
Cheers.
LDAP plugin not autenticate user, but only AGENT
KevinTheJedi
Modified schema does not affect the result if it is automatic or posix, if i set AD i was unable to list remote users
Then I would recommend updating your Search Base to the format ou=Palermo,dc=cnr,dc=it, Search User to cn=LoginAccess,ou=Palermo,dc=cnr,dc=it, and retest.
Cheers.
the format is o=cnr,c=it the problem is not the LDAP config if it was a problem related to LDAP, please tell me why if i can login as AGENT
I am unable to replicate this issue so I am not sure. Based on your earlier logs you provided you receive error 32. Upon researching that error typically the cause is incorrect or incorrectly formatted DN. This is why I’m suggesting you use the typical format to see if that fixes the issue.
Cheers.
I provide you the log for a login as AGENT and also as CLIENT, if you look at they you can see that there are some differences. it seems that the authentication code for the AGENT is different from the code for the CLIENT
I can't reconfigure my LDAP server only for this problem, all other services works without problems
You are not reconfiguring your AD server simply the DN you use in the plugin instance config.
Cheers.
Ok but the correct BaseDN is o=cnr,c=it if i confirue dc=cnr,dc=it i was unable to save the changes to the LDAP plugin i get a connection error to localhost
- Edited
Can you change your LDAP Servers setting from ldap://localhost to the actual domain? Can you also try without putting ldap://?
Cheers.
Also, when you changed the DN in the Search Base did you also change the DN in the Search User? They potentially both need to be the same.
Cheers.
the only configuration that works (with all other problems) is with o=cnr,c=it
Did you see this comment?
Cheers.
KevinTheJedi
Yes, but the right config is with o=cnr,c=it and all other as configured 
So you’re not going to change the LDAP Servers setting from local host to your actual domain?
Cheers.
localhost is the ldap server, what should I change?
- Edited
Change localhost to the actual domain. We use that in part of the lookup/search so it might be failing as it’s expecting the domain but getting localhost.
Cheers.
changing it with the fqdn server name does not make changes if i write dc=cnr,dc=it.
it save infos only with the correct basedn that is o=cnr,c=it
My apologies, after re-reviewing the code this seems to be used only if you don't provide a Search Base. At this point I'm not sure what's going on in your case. I tried again but still unable to replicate your issue. I'm hoping someone more verse with LDAP and O-style trees can pop in and provide more input because at this point I'm unsure what your issue is. Error 32 indicates issues with DN, Search User, access/permission issues, etc. so that's about all the suggestions I have based on guides/posts online.
Maybe one of these will help?
- https://support.microfocus.com/kb/doc.php?id=7020594
- https://serverfault.com/questions/883452/using-meta-database-backend-to-combine-active-directory-db-and-openldap-local-db
I am using OpenLDAP (and MSAD) with DC-style trees so this could be the disconnect where yours isn't working as you are using O-style trees. I've never seen this style before here so that's the only thing I can think of at this time. I know you are going to say "but it's working for agents" but Agents use a different auth method than Users. With Users it goes through an additional lookup and sync process:
If you want you can either unpack the plugin or download the raw plugin files and add debug statements and mess with the code yourself to see where it's failing and why. All I can go on is the logs you've provided which simply states Error 32 which isn't that helpful.
Cheers.