How do I know if an user has successfully authenticated against LDAP (I did a stupid thing of using the same LDAP password on SuiteCRM).
But now when I’m looking for an option to change the user password, I don’t see it anywhere.
However looking at suitecrm logs there’s no error nor confirmation of auth.
my .env.local
AUTH_TYPE=ldap
###> LDAP CONFIG ###
LDAP_HOST='idm.domain.tld'
LDAP_PORT=636
LDAP_ENCRYPTION=tls
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING='dc=domain,dc=tld'
LDAP_QUERY_STRING='memberOf=cn=sales,cn=groups,cn=accounts,dc=domain,dc=tld'
LDAP_SEARCH_DN='uid=bind-user,cn=sysaccounts,cn=etc,dc=domain,dc=tld'
LDAP_SEARCH_PASSWORD='bind-password'
###< LDAP CONFIG ###
###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN='cn=accounts,dc=domain,dc=tld'
LDAP_PROVIDER_SEARCH_DN='uid=bind-user,cn=sysaccounts,cn=etc,dc=domain,dc=tld'
LDAP_PROVIDER_SEARCH_PASSWORD='bind-password'
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY='(uid={username})'
LDAP_PROVIDER_FILTER=''
###< LDAP AUTO CREATE CONFIG ###
So from what I understand the LDAP user auto-creation requires both sections, as the auto create config lacks server host, port, encryption, etc. But then some settings overlap, like
LDAP_SEARCH_DN == LDAP_PROVIDER_SEARCH_DN
LDAP_SEARCH_PASSWORD == LDAP_PROVIDER_SEARCH_PASSWORD
Does it make sense to fill both, or remove them from the LDAP CONFIG section?
Also, where LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
comes from?
Now a question about “LDAP extra fields”
Docs say:
To override the configurations you need to copy the file over to the
extensions
folder on a path likeextensions/<your-package>/config/services/ldap/ldap.yaml
What exactly is “your-package”? just a folder I create? Or are other implications behind the “package” reference?
Thank you