Unable to use ldap authentication in suiteCRM 8.5

amore · 10 June 2024 10:22

I need little assistance on integrating LDAP-Authentication to SuiteCRM 8.5

I’m unable to login using the lDAP account.

Below are my LDAP Configuration in .env.local file:

AUTH_TYPE=ldap
###> LDAP CONFIG ###
LDAP_HOST=‘ldap://10.10.xxx.xx’
LDAP_PORT=389
LDAP_ENCRYPTION=tls
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=xxxxxxxxxxxxxx,dc=com’
LDAP_QUERY_STRING=‘sAMAccountName’
LDAP_SEARCH_DN=‘xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
###< LDAP CONFIG ###

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=xxxxxxxxxxxxx,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘CN=xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_PROVIDER_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY=‘sAMAccountName’
LDAP_PROVIDER_FILTER=‘(&(sAMAccountName={username})(objectClass=person))’
###< LDAP AUTO CREATE CONFIG ##

Can someone help me to overcome this issue?

AgonistesGBH · 18 June 2024 18:09

Do you receive an error message?
Have you restarted apache and cleared the cache?
Is there a long (~20 second) delay between login and error? If so it is likely network related.
Can you ping the LDAP server from the SuiteCRM host?
When SuiteCRM is running, check the actual env variables on the server and see if AUTH_TYPE is actually ldap

amore · 19 June 2024 06:03

Hello,

I don’t have any error or log related to it except there is warning under PasswordManager menu

LDAP SUPPORT
LDAP Warning
This LDAP configuration will only be used for v4 API authentication. To configure SuiteCRM login to use LDAP, add the needed configurations to the .env.local file. See LDAP configuration docs for more information.

Instead of Apache, i have used IIS server and iis is restarted and cache is cleared after setting up the LDAP credentials.
It is taking 2-3 seconds to between login an error.
ldap ping is working from host server

C:\Users\user>ping 10.10.xxx.xx

Pinging 10.10.xxx.xx with 32 bytes of data:
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128

Ping statistics for 10.10.xxx.xx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Below settings are added in .env.local file and AUTH_TYPE is ldap

AUTH_TYPE=ldap
###> LDAP CONFIG ###
LDAP_HOST=‘ldap://10.10.xxx.xx’
LDAP_PORT=389
LDAP_ENCRYPTION=tls
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=xxxxxxxxxxxxxx,dc=com’
LDAP_QUERY_STRING=‘sAMAccountName’
LDAP_SEARCH_DN=‘xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
###< LDAP CONFIG ###

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=xxxxxxxxxxxxx,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘CN=xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_PROVIDER_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY=‘sAMAccountName’
LDAP_PROVIDER_FILTER=‘(&(sAMAccountName={username})(objectClass=person))’
###< LDAP AUTO CREATE CONFIG ##

AgonistesGBH · 20 June 2024 06:48

Check the logs in /suitecrm/logs/prod/prod.log and or wherever your log is and see if there is an error message there.

If you create a phpinfo page within SuiteCRM and navigate to it you can see what SuiteCRM thinks the environment variables are.

Don’t leave that page there, it is a security hole, delete it when done.

<?php
phpinfo();
?>

AgonistesGBH · 20 June 2024 17:34

You will need to set the environment variables on the windows host that is running IIS.

amore · 21 June 2024 06:16

Below are the Environment Variable set in the server

Can you please check and let me know if anything is missing.

AgonistesGBH · 29 June 2024 05:29

Meant to get back to you earlier. Yes you are missing the LDAP env variables, You cannot set them in the .env file in Windows, you will need to set them as Windows environment variables and then they will need to show up in that list.

amore · 11 July 2024 04:06

Hi,

Thanks for the update.

I have removed the comment in front of extension lDAP. I don’t know what to update in windows environment variables. Can you please guide how to add the LDAP env variables.

rsp · 11 July 2024 13:10

See if you can find anything here:

amore · 25 July 2024 07:46

Hi,

I made the changes in the windows environment variables still not able to use LDAP.

rsp · 25 July 2024 13:20

If you’re using XAMPP.

Find your php.ini file (typically found in C:\xampp\php\php.ini)

remove the semicolon ; if present

extension=ldap

Save the php.ini file and restart your web server

Check if you have any errors in the log:

amore · 26 July 2024 06:26

HELLO,

I’m using IIS SERVER.

LDAP extension is enabled in php.ini file. After that restarted the IIS server.

Even added the LDAP configuration in .env file as suggested in documentation, still not working. and theere are no errors related to LDAP in error log files.