KevinTheJedi

if I run this command

ldapsearch -H ldap://localhost -x -b "ou=Palermo,o=cnr,c=it" -LLL -D "cn=LoginAccess,ou=Palermo,o=cnr,c=it" -w MyPass uid=alessandro.pensato

it will return the result

dn: cn=PENSATO ALESSANDRO,ou=dipendenti,ou=IRIB,ou=Palermo,o=cnr,c=it
uid: alessandro.pensato
mail: alessandro.pensato@cnr.it
MATRICOLA: 11924
EMAILPERPUK: alessandro.pensato@ibim.cnr.it
ACCOUNTSTATUS: Active
homePhone: 0916407111
CNRCOGNOME: PENSATO
CNRNOME: ALESSANDRO
objectClass: top
objectClass: person
objectClass: inetOrgPerson
objectClass: QMAILUSER
objectClass: RADIUSPROFILE
objectClass: CNRPERSON
objectClass: eduPerson
objectClass: VACATION
EMAILESTERNO: alessandro.pensato@ibim.cnr.it
CNRAPP8: si
CNREXTRA4: Collaboratore Tecnico E.R. VI livello
EMAILCERTIFICATOPERPUK: alessandro.pensato@irib.cnr.it
departmentNumber: 234300
cn: PENSATO ALESSANDRO
PUKHASH: {MD5}d724c626cad72e83b5f3d720bc78d85b
CNREXTRA5: inservizio
MAILFORWARDINGADDRESS: alessandro.pensato@cnrsc.onmicrosoft.com
CNRGRUPPO3: IRIB

      alepensato

      Okay, it’s just odd, I’ve never seen one in that format before. Did you change the schema and retest?

      Cheers.

          alepensato

          Then I would recommend updating your Search Base to the format ou=Palermo,dc=cnr,dc=it, Search User to cn=LoginAccess,ou=Palermo,dc=cnr,dc=it, and retest.

          Cheers.

              KevinTheJedi

              the format is o=cnr,c=it the problem is not the LDAP config if it was a problem related to LDAP, please tell me why if i can login as AGENT

                  alepensato

                  I am unable to replicate this issue so I am not sure. Based on your earlier logs you provided you receive error 32. Upon researching that error typically the cause is incorrect or incorrectly formatted DN. This is why I’m suggesting you use the typical format to see if that fixes the issue.

                  Cheers.

                    I provide you the log for a login as AGENT and also as CLIENT, if you look at they you can see that there are some differences. it seems that the authentication code for the AGENT is different from the code for the CLIENT

                      I can't reconfigure my LDAP server only for this problem, all other services works without problems

                        KevinTheJedi

                        Ok but the correct BaseDN is o=cnr,c=it if i confirue dc=cnr,dc=it i was unable to save the changes to the LDAP plugin i get a connection error to localhost

                            alepensato

                            Can you change your LDAP Servers setting from ldap://localhost to the actual domain? Can you also try without putting ldap://?

                            Cheers.

                              alepensato

                              Also, when you changed the DN in the Search Base did you also change the DN in the Search User? They potentially both need to be the same.

                              Cheers.

                                the only configuration that works (with all other problems) is with o=cnr,c=it

                                  alepensato

                                  So you’re not going to change the LDAP Servers setting from local host to your actual domain?

                                  Cheers.

                                    alepensato

                                    Change localhost to the actual domain. We use that in part of the lookup/search so it might be failing as it’s expecting the domain but getting localhost.

                                    Cheers.

                                      changing it with the fqdn server name does not make changes if i write dc=cnr,dc=it.
                                      it save infos only with the correct basedn that is o=cnr,c=it