LDAP Authentication SuiteCRM

Saruman · 5 March 2025 20:35

Hello All,
New SuiteCRM user here.

We have sucessfully installed SuiteCRM 8.8.0 on Debian12.
Next step is to configure the LDAP logins. We are using ActiveDirectory on the backend.

I have searched the forums and google and with with help of a few article managed to get this working with little to no trouble.

The problems started when I wanted to add the additional ldap field mappings. Nothing fancy at this point, just first_name and last_name

I am editing the config/services/ldap/ldap.yaml
with the following values

parameters:
ldap.extra_fields: [‘mail’]
ldap.autocreate.extra_fields_map:
givenName: first_name
sn: last_name
mail: email1

This works fine and maps the email address from LDAP to users email address
NOTE: sn: and giveName have no effect at this point as they are not defined in the ldap.extra_fields.

User can now log in and their account is created on login with email field set up properly

However when I change the

ldap.extra_fields: [‘mail’]
to
ldap.extra_fields: [‘mail’, ‘sn’]
or
ldap.extra_fields: [‘mail’, ‘givenName’]
and delete the user from SuiteCRM, the user cannot log in any more and screen is displaying the invalid credentials page.

So for some reason the only extra field I can map is ‘mail’.

Has anyone else had this issue or found a way to resolve it?

Thank you in advance!

Also for reference, here is the .env.local config with some creative values for public post

LDAP_HOST=‘257.123.000.123’
LDAP_PORT=389
LDAP_ENCRYPTION=none
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=my,dc=domain,dc=com’
LDAP_QUERY_STRING=‘mail={username}’
LDAP_SEARCH_DN=‘bind@domain.com’
LDAP_SEARCH_PASSWORD=‘SuperSecret123’

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=my,dc=domain,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘DOMAIN\bind’
#LDAP_PROVIDER_SEARCH_DN=‘bind@domain.com’ ← this also works
LDAP_PROVIDER_SEARCH_PASSWORD=‘SuperSecret123’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
#LDAP_PROVIDER_UID_KEY=‘’
LDAP_PROVIDER_UID_KEY=‘mail’
LDAP_PROVIDER_FILTER=‘’
###< LDAP AUTO CREATE CONFIG ##

derForest · 24 March 2025 16:39

Hi Saruman,
I have a similar problem.
As soon as I define extra_fields, my LDAP login fails.
“Login credentials incorrect, please try again.”

Have you solved your problem yet?