LDAP Authentication SuiteCRM

Hello All,
New SuiteCRM user here.

We have sucessfully installed SuiteCRM 8.8.0 on Debian12.
Next step is to configure the LDAP logins. We are using ActiveDirectory on the backend.

I have searched the forums and google and with with help of a few article managed to get this working with little to no trouble.

The problems started when I wanted to add the additional ldap field mappings. Nothing fancy at this point, just first_name and last_name

I am editing the config/services/ldap/ldap.yaml
with the following values

parameters:
ldap.extra_fields: [‘mail’]
ldap.autocreate.extra_fields_map:
givenName: first_name
sn: last_name
mail: email1

This works fine and maps the email address from LDAP to users email address
NOTE: sn: and giveName have no effect at this point as they are not defined in the ldap.extra_fields.

User can now log in and their account is created on login with email field set up properly

However when I change the

ldap.extra_fields: [‘mail’]
to
ldap.extra_fields: [‘mail’, ‘sn’]
or
ldap.extra_fields: [‘mail’, ‘givenName’]
and delete the user from SuiteCRM, the user cannot log in any more and screen is displaying the invalid credentials page.

So for some reason the only extra field I can map is ‘mail’.

Has anyone else had this issue or found a way to resolve it?

Thank you in advance!

Also for reference, here is the .env.local config with some creative values for public post

LDAP_HOST=‘257.123.000.123’
LDAP_PORT=389
LDAP_ENCRYPTION=none
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=my,dc=domain,dc=com’
LDAP_QUERY_STRING=‘mail={username}’
LDAP_SEARCH_DN=‘bind@domain.com’
LDAP_SEARCH_PASSWORD=‘SuperSecret123’

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=my,dc=domain,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘DOMAIN\bind’
#LDAP_PROVIDER_SEARCH_DN=‘bind@domain.com’ ← this also works
LDAP_PROVIDER_SEARCH_PASSWORD=‘SuperSecret123’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
#LDAP_PROVIDER_UID_KEY=‘’
LDAP_PROVIDER_UID_KEY=‘mail’
LDAP_PROVIDER_FILTER=‘’
###< LDAP AUTO CREATE CONFIG ##

Hi Saruman,
I have a similar problem.
As soon as I define extra_fields, my LDAP login fails.
“Login credentials incorrect, please try again.”

Have you solved your problem yet?

Hey, sorry for such a late reply.

No we have not solved this yet.
For now i left it as is without additional fields.
We are still building a roll out plan so it is on the low end of the priorities. Something we need to circle back to .

How about you ? Any progress ?

@Saruman @derForest

Use an ldapsearch to confirm that the bind user can retrieve givenName and sn. (sudo apt install ldap-utils)

ldapsearch \
  -x \
  -H ldap://your-ad-server \
  -D "bind-user@domain" \
  -W \
  -b "dc=your,dc=domain" \
  "(sAMAccountName=testuser)" \
  givenName sn mail

YAML is picky about formatting and quote types.

parameters:
  ldap.extra_fields: ['mail', 'givenName', 'sn']
  ldap.autocreate.extra_fields_map:
    mail: email1
    givenName: first_name
    sn: last_name

Clear Symfony Cache

./bin/console cache:clear

OR

./bin/console cache:clear --env=prod


Install PHP LDAP extension

sudo apt install php8.2-ldap

Restart Web Server

sudo systemctl restart apache2

OR

sudo systemctl restart php8.2-fpm
sudo systemctl restart nginx

Verify LDAP module is enabled

php -m | grep ldap


Hello! Have the same problem. Tried everything above, followed the instructions to the t, but to no avail. In logs there’s a bunch of errors when a user tries to log in for the first time:

request.CRITICAL: Uncaught PHP Exception TypeError: "html_entity_decode(): Argument #1 ($string) must be of type string, array given" at SugarEmailAddress.php line 1082 {"exception":"[object] (TypeError(code: 0): html_entity_decode(): Argument #1 ($string) must be of type string, array given at /var/www/html/public/legacy/include/SugarEmailAddress/SugarEmailAddress.php:1082)"} []
request.CRITICAL: Uncaught PHP Exception TypeError: "trim(): Argument #1 ($string) must be of type string, array given" at SugarBean.php line 2654 {"exception":"[object] (TypeError(code: 0): trim(): Argument #1 ($string) must be of type string, array given at /var/www/html/public/legacy/data/SugarBean.php:2654)"} []

Any suggestions? Feels like a bug.

Checkout these topics: