SuiteCRM with LDAP not working

karada · 24 September 2019 16:13

Hi,
I try to connect SuiteCRM with an active directory via LDAP. I have an Apache AD running that I setup for testing purposes. My connection in SuiteCRM is under Admin->Password Management (after checking LDAP)


Server: 127.0.0.1
User DN: ou=Users,dc=example,dc=com
Port: 10389
Bind attribute: dn
Login attribute: uid
auto create users: (checked)

My AD has this configuration (no worries its a not real personal data)


dn: dc=example,dc=com
objectClass: domain
objectClass: top
dc: example

dn: ou=Users,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Users

dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups

dn: cn=Adan Abrams,ou=Users,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Adan Abrams
sn: Abrams
description: 19741108000000Z
employeeNumber: 7
givenName: Adan
telephoneNumber: 254-323-1920
telephoneNumber: 902-451-7619
uid: aabrams
userPassword:: e1NTSEF9RnhUSDdUOFNMWURzdDFEcDdWS2lMYXVrU3pmVTM2NTkrR3orN0E9P

The password is encrypted as it is in the AD after setting the password.

When I try to login with ‘aabrams’ - the uid - I get ‘[color=#ff0000]invalid credentials[/color]’.
In the log file, I can see that SuiteCRM talks with my AD but I don’t get the actual problem why the communication fails:


Tue Sep 24 18:11:01 2019 [12560][-none-][DEBUG] Starting user load for aabrams
Tue Sep 24 18:11:01 2019 [12560][-none-][DEBUG] ldapauth: Connecting to LDAP server: 127.0.0.1
Tue Sep 24 18:11:01 2019 [12560][-none-][INFO] ldapauth.ldap_rdn_lookup: Bind succeeded, searching for uid=aabrams
Tue Sep 24 18:11:01 2019 [12560][-none-][DEBUG] ldapauth.ldap_rdn_lookup: base_dn:ou=Users,dc=example,dc=com , search_filter:(uid=aabrams)
Tue Sep 24 18:11:01 2019 [12560][-none-][INFO] ldapauth.ldap_rdn_lookup: Search result:
ldapauth.ldap_rdn_lookup: 2
Tue Sep 24 18:11:01 2019 [12560][-none-][INFO] ldapauth.ldap_rdn_lookup: found_bind_user=cn=Adan Abrams,ou=Users,dc=example,dc=com
Tue Sep 24 18:11:01 2019 [12560][-none-][DEBUG] ldapauth.ldap_authenticate_user: ldap_rdn_lookup returned bind_user=cn=Adan Abrams,ou=Users,dc=example,dc=com
Tue Sep 24 18:11:01 2019 [12560][-none-][INFO] ldapauth: Binding user cn=Adan Abrams,ou=Users,dc=example,dc=com
Tue Sep 24 18:11:01 2019 [12560][-none-][FATAL] [LDAP ERROR][49]Invalid credentials
Tue Sep 24 18:11:01 2019 [12560][-none-][INFO] ldapauth: Binding user dn=cn=Adan Abrams,ou=Users,dc=example,dc=com,ou=Users,dc=example,dc=com
Tue Sep 24 18:11:01 2019 [12560][-none-][FATAL] [LDAP ERROR][49]Invalid credentials
Tue Sep 24 18:11:01 2019 [12560][-none-][FATAL] SECURITY: User authentication for aabrams failed

Note that normally you get ‘invalid user login/password’ as error if something is wrong. SuiteCRM understands that the username seems to be ok (which exists only in the AD) just the password exchange seems to be a problem. Does anyone has an idea why/what is causing this problem?

techuadmin · 23 March 2020 00:49

Not sure if this has been mentioned but my resolution was making sure that the host IP address was not changed. In my case, DHCP pulled a different IP address for my VM and after making a reservation I wasn’t aware that I needed to make the static address change within the management under LDAP directory for the server under General Settings. I noticed in there it still referenced the wrong IP address for my host. Once changing this back and restarting the VM I was able to log in as user and access system resources.

waraikobuot · 14 April 2023 05:37

Hello, can you help me with the configuration of LDAP for SuiteCRM 7.13.1, because Ive been searching on the community and on the internet I couldnt find any.

Regards

asma.munir · 4 August 2023 08:52

Please verify a few points,

Ensure that you have the user with the same name on both SuiteCRM and LDAP Server, and enable LDAP Authentication under the “Advanced” tab.
Protocol Version should be the same on both SuiteCRM and LDAP.
In SuiteCRM, on line #80 protocol version is set to 3.
On LDAP, update your conf file with the protocol version, if different. (in case of openLDAP, add the line in your sldap.conf or ldap.conf file, protocol-version 3)
Verify that admin has enough rights in LDAP Account Manager → General Settings → Lamdaemon settings.
Once verified, add the following under Password Manager settings on SuiteCRM,

Server: ldap://local.domain.com
Port: 389
User DN: dc=local,dc=domain,dc=com
Bind Attribute: dn
Login Attribute: uid
Authentication: Checked
User Name: cn=admin,dc=local,dc=domain,dc=com
Password: *****

Versions:

SuiteCRM 7.13.4
OpenLDAP