Unable to Login with LDAP Account in SuiteCRM 8.8 on Nginx + PHP 8.2.8

SuiteCRM Version: 8.8
PHP Version: 8.2.8
Web Server: Nginx 1.26.*
Environment: Windows/Linux (please specify if applicable)

Issue Summary:
We are attempting to integrate LDAP authentication in our SuiteCRM 8.8 installation. Despite configuring the .env.local file according to the documentation and clearing the cache, we are unable to log in using LDAP credentials.

LDAP Configuration in .env.local:

AUTH_TYPE=ldap

###> LDAP CONFIG ###
LDAP_HOST='ldap://10.10.xxx.xx'
LDAP_PORT=389
LDAP_ENCRYPTION=tls
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING='dc=xxxxxxxxxxxxxx,dc=com'
LDAP_QUERY_STRING='sAMAccountName'
LDAP_SEARCH_DN='CN=ldap-reader,CN=Users,DC=xxxxxxxxxxxxxx,DC=com'
LDAP_SEARCH_PASSWORD='********'
###< LDAP CONFIG ###

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN='dc=xxxxxxxxxxxxx,dc=com'
LDAP_PROVIDER_SEARCH_DN='CN=ldap-reader,CN=Users,DC=xxxxxxxxxxxxxx,DC=com'
LDAP_PROVIDER_SEARCH_PASSWORD='********'
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY='sAMAccountName'
LDAP_PROVIDER_FILTER='(&(sAMAccountName={username})(objectClass=person))'
###< LDAP AUTO CREATE CONFIG ###

Steps Taken:

  • Verified LDAP server credentials and connectivity.
  • Confirmed the user exists in the specified LDAP structure.
  • Cleared Symfony and frontend cache.
  • Restarted Nginx and PHP services.

Problem:

  • Login with a valid LDAP account fails silently or shows invalid credentials.
  • No clear errors in SuiteCRM logs (suitecrm.log, install.log) or PHP-FPM logs.
  • Standard SuiteCRM admin login works correctly.

Request:
Please advise on the following:

  1. Are any additional configuration files or Symfony services required to enable LDAP login?
  2. Is there a way to increase logging verbosity for LDAP authentication errors?
  3. Are there known compatibility issues with Nginx or PHP 8.2.8 for LDAP authentication in SuiteCRM 8.8?

Resolved the LDAP login issue by updating the .env.local configuration file with the correct parameters. Below are the working settings that enabled successful LDAP authentication:

AUTH_TYPE=ldap

###> LDAP CONFIG ###
LDAP_HOST="10.10.xxx.xx"
LDAP_PORT=389
LDAP_ENCRYPTION=none
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING="dc=xxxxxxxxxxxxxx,dc=com"
LDAP_QUERY_STRING="sAMAccountName={username}"
LDAP_SEARCH_DN="CN=ldap-reader,CN=Users,DC=xxxxxxxxxxxxxx,DC=com"
LDAP_SEARCH_PASSWORD="********"
###< LDAP CONFIG ###

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN="dc=xxxxxxxxxxxxxx,dc=com"
LDAP_PROVIDER_SEARCH_DN="CN=ldap-reader,CN=Users,DC=xxxxxxxxxxxxxx,DC=com"
LDAP_PROVIDER_SEARCH_PASSWORD="********"
LDAP_PROVIDER_DEFAULT_ROLES="ROLE_USER"
LDAP_PROVIDER_UID_KEY="sAMAccountName"
LDAP_PROVIDER_FILTER="(&(sAMAccountName={username})(objectClass=person))"
###< LDAP AUTO CREATE CONFIG ###
1 Like