Unable to use ldap authentication in suiteCRM 8.5

I need little assistance on integrating LDAP-Authentication to SuiteCRM 8.5

I’m unable to login using the lDAP account.

Below are my LDAP Configuration in .env.local file:

AUTH_TYPE=ldap
###> LDAP CONFIG ###
LDAP_HOST=‘ldap://10.10.xxx.xx’
LDAP_PORT=389
LDAP_ENCRYPTION=tls
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=xxxxxxxxxxxxxx,dc=com’
LDAP_QUERY_STRING=‘sAMAccountName’
LDAP_SEARCH_DN=‘xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
###< LDAP CONFIG ###

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=xxxxxxxxxxxxx,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘CN=xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_PROVIDER_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY=‘sAMAccountName’
LDAP_PROVIDER_FILTER=‘(&(sAMAccountName={username})(objectClass=person))’
###< LDAP AUTO CREATE CONFIG ##

Can someone help me to overcome this issue?

Do you receive an error message?
Have you restarted apache and cleared the cache?
Is there a long (~20 second) delay between login and error? If so it is likely network related.
Can you ping the LDAP server from the SuiteCRM host?
When SuiteCRM is running, check the actual env variables on the server and see if AUTH_TYPE is actually ldap

Hello,

  1. I don’t have any error or log related to it except there is warning under PasswordManager menu

LDAP SUPPORT
LDAP Warning
This LDAP configuration will only be used for v4 API authentication. To configure SuiteCRM login to use LDAP, add the needed configurations to the .env.local file. See LDAP configuration docs for more information.

  1. Instead of Apache, i have used IIS server and iis is restarted and cache is cleared after setting up the LDAP credentials.

  2. It is taking 2-3 seconds to between login an error.

  3. ldap ping is working from host server

C:\Users\user>ping 10.10.xxx.xx

Pinging 10.10.xxx.xx with 32 bytes of data:
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128
Reply from 10.10.xxx.xx: bytes=32 time<1ms TTL=128

Ping statistics for 10.10.xxx.xx:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

  1. Below settings are added in .env.local file and AUTH_TYPE is ldap

AUTH_TYPE=ldap
###> LDAP CONFIG ###
LDAP_HOST=‘ldap://10.10.xxx.xx’
LDAP_PORT=389
LDAP_ENCRYPTION=tls
LDAP_PROTOCOL_VERSION=3
LDAP_REFERRALS=false
LDAP_DN_STRING=‘dc=xxxxxxxxxxxxxx,dc=com’
LDAP_QUERY_STRING=‘sAMAccountName’
LDAP_SEARCH_DN=‘xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
###< LDAP CONFIG ###

###> LDAP AUTO CREATE CONFIG ###
LDAP_AUTO_CREATE=enabled
LDAP_PROVIDER_BASE_DN=‘dc=xxxxxxxxxxxxx,dc=com’
LDAP_PROVIDER_SEARCH_DN=‘CN=xxxxxxxxxxxxxx,CN=Users,DC=xxxxxxxxxxxxxx,DC=com’
LDAP_PROVIDER_SEARCH_PASSWORD=‘xxxxxxxxxxxxxx’
LDAP_PROVIDER_DEFAULT_ROLES=ROLE_USER
LDAP_PROVIDER_UID_KEY=‘sAMAccountName’
LDAP_PROVIDER_FILTER=‘(&(sAMAccountName={username})(objectClass=person))’
###< LDAP AUTO CREATE CONFIG ##

Check the logs in /suitecrm/logs/prod/prod.log and or wherever your log is and see if there is an error message there.

If you create a phpinfo page within SuiteCRM and navigate to it you can see what SuiteCRM thinks the environment variables are.

Don’t leave that page there, it is a security hole, delete it when done.

<?php
phpinfo();
?>

You will need to set the environment variables on the windows host that is running IIS.

Below are the Environment Variable set in the server

Can you please check and let me know if anything is missing.