LDAP authentication seems to be a regular problem - not least becuase I dont have access to AD logs !!

Anyway - i need some help here.   Setting up LDAP fails and I dont know why.

Put the auth-ldap-phar in plugins dirctory and the LDAP plugin appears.

Put in LDAP server

ldap

search user:  serviceaccount@domain

passwd <asdasdsdadasad>

search base:   id=domain, dc = x, dc= y

LDAP schema - tried auth and windows and posix

Just getting back Bind failed: Invalid credentials: Unable to bind to server hostname

The hostname is what we use in other apps such as jenkins and gerrit so I know user, passwd and ldap work.

So how to debug this ?

have you used burp suite before. If you could capture what your sending and all the responses that could really be a help

This does not appear to be a suggestion of Feedback.  Moving thread to Troubleshooting and Problems.You also haven't told us anything about your environment.  Please help us to help you by reading and following the posting guidelines located in this thread: Please read before requesting assistance.  The more information you give us the better we will be able to assist you. Thank you.Your error is:Bind failed: Invalid credentials: Unable to bind to server hostnameThis likely means one or more of the following:1. your credentials are invalid2. your user account does not have permission to browse AD3. you have a firewall (on the server or on the AD server) blocking the traffic4. hostname is not resolving in DNS or there is another DNS issue.

3 years later

A couple of things that helped me with LDAP, as I just set mine up about an hour ago.

  • Default domain: domain.local (be sure to include the full domain name)
  • LDAP servers: ldap://ip.address:389 or ldaps://ip.address:636
  • TLS: according to your environment
  • Search user: user@domain.local (I use a single user account dedicated only to this particular LDAP query; it only needs to be a domain user, no other special permissions required)
  • Password: [keep password to 30 characters or fewer]
  • Domain: DC=domain,DC=local (your base domain may likely, but not necessarily, be your default domain above with the DC= in front of each section; your mileage may vary)

What bit me the most was the password requirement. Once I had it too long, and then once it had a character (I think the apostrophe) that it didn't like. Once I figured out to shorten the password and remove some of the special characters, it went through just fine.

Oh man, I didn't realize I resurrected a dead thread. The dates next to each username only had the month and date, not a year. Sorry about this!

No worries. 🙂

If you mouse over the date it shows you the actual date time.

Write a Reply...