LDAP Authentication SuiteCRM

📦 Install & Upgrade Help
1

Hello All,
New SuiteCRM user here.

We have sucessfully installed SuiteCRM 8.8.0 on Debian12.
Next step is to configure the LDAP logins. We are using ActiveDirectory on the backend.

I have searched the forums and google and with with help of a few article managed to get this working with little to no trouble.

The problems started when I wanted to add the additional ldap field mappings. Nothing fancy at this point, just first_name and last_name

I am editing the config/services/ldap/ldap.yaml
with the following values

parameters:
ldap.extra_fields: [‘mail’]
ldap.autocreate.extra_fields_map:
givenName: first_name
sn: last_name
mail: email1

This works fine and maps the email address from LDAP to users email address
NOTE: sn: and giveName have no effect at this point as they are not defined in the ldap.extra_fields.

User can now log in and their account is created on login with email field set up properly

However when I change the

ldap.extra_fields: [‘mail’]
to
ldap.extra_fields: [‘mail’, ‘sn’]
or
ldap.extra_fields: [‘mail’, ‘givenName’]
and delete the user from SuiteCRM, the user cannot log in any more and screen is displaying the invalid credentials page.

So for some reason the only extra field I can map is ‘mail’.

Has anyone else had this issue or found a way to resolve it?

Thank you in advance!

Also for reference, here is the .env.local config with some creative values for public post

LDAP_HOST=‘257.123.000.123’
LDAP_PORT=389
LDAP_ENCRYPTION=none
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=my,dc=domain,dc=com’
LDAP_QUERY_STRING=‘mail={username}’
LDAP_SEARCH_DN=‘bind@domain.com’
LDAP_SEARCH_PASSWORD=‘SuperSecret123’

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=my,dc=domain,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘DOMAIN\bind’
#LDAP_PROVIDER_SEARCH_DN=‘bind@domain.com’ ← this also works
LDAP_PROVIDER_SEARCH_PASSWORD=‘SuperSecret123’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
#LDAP_PROVIDER_UID_KEY=‘’
LDAP_PROVIDER_UID_KEY=‘mail’
LDAP_PROVIDER_FILTER=‘’
###< LDAP AUTO CREATE CONFIG ##

2

Hi Saruman,
I have a similar problem.
As soon as I define extra_fields, my LDAP login fails.
“Login credentials incorrect, please try again.”

Have you solved your problem yet?

3

Hey, sorry for such a late reply.

No we have not solved this yet.
For now i left it as is without additional fields.
We are still building a roll out plan so it is on the low end of the priorities. Something we need to circle back to .

How about you ? Any progress ?

4

@Saruman @derForest

Use an ldapsearch to confirm that the bind user can retrieve givenName and sn. (sudo apt install ldap-utils)

ldapsearch \
  -x \
  -H ldap://your-ad-server \
  -D "bind-user@domain" \
  -W \
  -b "dc=your,dc=domain" \
  "(sAMAccountName=testuser)" \
  givenName sn mail

YAML is picky about formatting and quote types.

parameters:
  ldap.extra_fields: ['mail', 'givenName', 'sn']
  ldap.autocreate.extra_fields_map:
    mail: email1
    givenName: first_name
    sn: last_name

Clear Symfony Cache

./bin/console cache:clear

OR

./bin/console cache:clear --env=prod

Install PHP LDAP extension

sudo apt install php8.2-ldap

Restart Web Server

sudo systemctl restart apache2

OR

sudo systemctl restart php8.2-fpm
sudo systemctl restart nginx

Verify LDAP module is enabled

php -m | grep ldap

5

Hello! Have the same problem. Tried everything above, followed the instructions to the t, but to no avail. In logs there’s a bunch of errors when a user tries to log in for the first time:

request.CRITICAL: Uncaught PHP Exception TypeError: "html_entity_decode(): Argument #1 ($string) must be of type string, array given" at SugarEmailAddress.php line 1082 {"exception":"[object] (TypeError(code: 0): html_entity_decode(): Argument #1 ($string) must be of type string, array given at /var/www/html/public/legacy/include/SugarEmailAddress/SugarEmailAddress.php:1082)"} []
request.CRITICAL: Uncaught PHP Exception TypeError: "trim(): Argument #1 ($string) must be of type string, array given" at SugarBean.php line 2654 {"exception":"[object] (TypeError(code: 0): trim(): Argument #1 ($string) must be of type string, array given at /var/www/html/public/legacy/data/SugarBean.php:2654)"} []

Any suggestions? Feels like a bug.

6

Checkout these topics: