Make a quick vote 🗳 ️How do you refer to SuiteCRM extensions: add-ons or plug-ins? Click here to have your say 👈

Suite 8 using LDAP

Hello all. Are there issues with SuiteCRM8 and LDAP? I performed a fresh install and I am not able to authenticate with any account in the LDAP backend, regardless of the state of “Auto Create Users”.

Absolutely not traffic is observed with tcpdump on the host’s interface to/fro the LDAP server when one attempts to login.

php ldap module is installed and the suitecrm host can reach the ldap server at the appropriate ports (eg. telnet $host 389).

The login attempt ends with this in the log:
Fri Dec 10 11:07:11 2021 [139100][-none-][INFO] Query Execution Time:0.00037908554077148
Fri Dec 10 11:07:11 2021 [139100][-none-][DEBUG] Hook called: Users::login_failed
Fri Dec 10 11:07:11 2021 [139100][-none-][FATAL] FAILED LOGIN:attempts[7], ip[172.x.y.z], username[bob]
Fri Dec 10 11:07:11 2021 [139100][-none-][DEBUG] Hook called: ::server_round_trip
Fri Dec 10 11:07:11 2021 [139100][-none-][DEBUG] Calling MySQLi::disconnect()

I setup a security group, role and place the user in the security group.

When LDAP auth is disabled on the user the user is able to login with the creds set in SuiteCRM.

Anything missing in my setup?

Thanks.

Good morning,

I am at installing suite 8 now. I also want to connect it to a Windows ldaps Server. Configuration is mostly done (unless encryption key - where can i set this?). Nur doesnt Work. What is to Check, what du i need? Thanks in advance

Hi @crmbob, @chriswithadot

@crmbob welcome to the community :wave:

Thank you for trying out SuiteCRM 8. And thank you for The feedback.

There is a known issue with LDAP on SuiteCRM 8, it has already been prioritized and we will try to fix it in one of the upcoming releases, hopefully the next one.

Allright… Thanks, will we get Updates when changes happen? :slight_smile:

Hi @chriswithadot,

Sorry for the delay in replying.

The best way to get notified is to subscribe to changes in the corresponding github issue:

Hi @clemente.raposo
is that LDAP issue Resolved or not.
we are waiting for the response.
Please let us know if it’s going to be fixed soon or we have to move with some other solution.
Thanks.

From the other discussion @github it looks as this will enabled with suite 8.2 which is actually something i am wondering why these changes are not in place with general auth procedures?

is there a workaround e.g by a session provider (also on premise?) maybe also moving away from suite? which alternative could be possible?

or is it possible to “migrate” a “standard” user later on (without hazzle) to a ldap account?

just my thoughts :frowning:

thanks in advance.