Suite 8 using LDAP

crmbob · 10 December 2021 19:12

Hello all. Are there issues with SuiteCRM8 and LDAP? I performed a fresh install and I am not able to authenticate with any account in the LDAP backend, regardless of the state of “Auto Create Users”.

Absolutely not traffic is observed with tcpdump on the host’s interface to/fro the LDAP server when one attempts to login.

php ldap module is installed and the suitecrm host can reach the ldap server at the appropriate ports (eg. telnet $host 389).

The login attempt ends with this in the log:
Fri Dec 10 11:07:11 2021 [139100][-none-][INFO] Query Execution Time:0.00037908554077148
Fri Dec 10 11:07:11 2021 [139100][-none-][DEBUG] Hook called: Users::login_failed
Fri Dec 10 11:07:11 2021 [139100][-none-][FATAL] FAILED LOGIN:attempts[7], ip[172.x.y.z], username[bob]
Fri Dec 10 11:07:11 2021 [139100][-none-][DEBUG] Hook called: ::server_round_trip
Fri Dec 10 11:07:11 2021 [139100][-none-][DEBUG] Calling MySQLi::disconnect()

I setup a security group, role and place the user in the security group.

When LDAP auth is disabled on the user the user is able to login with the creds set in SuiteCRM.

Anything missing in my setup?

Thanks.

chriswithadot · 10 December 2021 23:46

Good morning,

I am at installing suite 8 now. I also want to connect it to a Windows ldaps Server. Configuration is mostly done (unless encryption key - where can i set this?). Nur doesnt Work. What is to Check, what du i need? Thanks in advance

clemente.raposo · 23 December 2021 18:31

Hi @crmbob, @chriswithadot

@crmbob welcome to the community

Thank you for trying out SuiteCRM 8. And thank you for The feedback.

There is a known issue with LDAP on SuiteCRM 8, it has already been prioritized and we will try to fix it in one of the upcoming releases, hopefully the next one.

github.com/salesagility/SuiteCRM-Core

LDAP Auth does not appear to be working with 8.0

opened 03:24PM - 26 Nov 21 UTC

evilham

#### Issue Hello, I have been checking SuiteCRM with the newest version to see …if it can fit our needs, and when trying to debug LDAP authentication (set via the web interface as admin in Password administration) I notice that the code never hits this class: https://github.com/salesagility/SuiteCRM-Core/blob/master/public/legacy/modules/Users/authentication/LDAPAuthenticate/LDAPAuthenticateUser.php I tested this by enabling debug logging and adding various logging calls in different places. It looks to me like the login logic goes through the code in core/backend, which has no single mention of LDAP. Since it is not mentioned in the release notes, it would be expected that 8.0 is able to perform LDAP authentication. #### Expected Behavior LDAP authentication works, or at least is tried, when it is set up. #### Actual Behavior LDAP authentication doesn't work.

chriswithadot · 23 December 2021 19:18

Allright… Thanks, will we get Updates when changes happen?

clemente.raposo · 29 December 2021 18:49

Hi @chriswithadot,

Sorry for the delay in replying.

The best way to get notified is to subscribe to changes in the corresponding github issue:

github.com/salesagility/SuiteCRM-Core

LDAP Auth does not appear to be working with 8.0

opened 03:24PM - 26 Nov 21 UTC

evilham

#### Issue Hello, I have been checking SuiteCRM with the newest version to see …if it can fit our needs, and when trying to debug LDAP authentication (set via the web interface as admin in Password administration) I notice that the code never hits this class: https://github.com/salesagility/SuiteCRM-Core/blob/master/public/legacy/modules/Users/authentication/LDAPAuthenticate/LDAPAuthenticateUser.php I tested this by enabling debug logging and adding various logging calls in different places. It looks to me like the login logic goes through the code in core/backend, which has no single mention of LDAP. Since it is not mentioned in the release notes, it would be expected that 8.0 is able to perform LDAP authentication. #### Expected Behavior LDAP authentication works, or at least is tried, when it is set up. #### Actual Behavior LDAP authentication doesn't work.

Hamza · 11 February 2022 11:03

Hi @clemente.raposo
is that LDAP issue Resolved or not.
we are waiting for the response.
Please let us know if it’s going to be fixed soon or we have to move with some other solution.
Thanks.

chriswithadot · 16 March 2022 21:34

From the other discussion @github it looks as this will enabled with suite 8.2 which is actually something i am wondering why these changes are not in place with general auth procedures?

is there a workaround e.g by a session provider (also on premise?) maybe also moving away from suite? which alternative could be possible?

or is it possible to “migrate” a “standard” user later on (without hazzle) to a ldap account?

just my thoughts

thanks in advance.