I have to set up authentication against ldap for a school project. When I installed the ldap module and tried to test it using /LDAPDebug endpoint I get the response shown in the screenshot. I should have all prerequisites installed and up to date. If anyone knows how to solve this I would be super thankfull.
This is a bug in silverstripe-ldap. There is a merge request available but it is not merged yet.
I forgot to mention you can leverage cweagans/composer-patches to apply a patch via composer.json.
Thank you for your help !
The changes from the merge request did work. But the debug screen showed connection to LDAP server but no users were found. Other info from the LDAP server was pulled correctly but it couldn’t find users or groups. I tried to mess around with it but no luck. I reinstalled the extension, applied the changes from PR again but now I am stuck at this screen. Any suggestions on what might be wrong? 
Thanks
Okay, ignore this post, I had bad ldap.yml config. Now I am back at the debug screen. However I don’t see any users. Is there still something wrong with my config file.
I have this
---
Name: myldapsettings
---
SilverStripe\LDAP\Model\LDAPGateway:
options:
host: 'ldap://localhost'
port: 389
username: 'cn=admin,dc=vse,dc=cz'
password: 'password'
baseDn: 'dc=vse,dc=cz'
useSsl: false
searchAttributes:
- 'cn'
- 'uid'
- 'mail'
- 'givenName'
- 'sn'
- 'objectClass'
- 'gidNumber'
userSearchBase: 'ou=People,dc=vse,dc=cz'
userSearchFilter: '(|(objectClass=person)(objectClass=inetOrgPerson))'
groupSearchBase: 'ou=group,dc=vse,dc=cz'
groupSearchFilter: '(objectClass=posixGroup)'
mapping:
username: 'uid'
email: 'mail'
firstname: 'givenName'
surname: 'sn'
SilverStripe\LDAP\Services\LDAPService:
users_search_locations:
- 'ou=People,dc=vse,dc=cz'
groups_search_locations:
- 'ou=group,dc=vse,dc=cz'
SilverStripe\Security\Member:
ldap_field_mappings:
uid: Username
mail: Email
givenName: FirstName
sn: Surname
cn: DisplayName
SilverStripe\LDAP\Model\LDAPGroupMapping:
mappings:
'cn=administrators,ou=group,dc=vse,dc=cz': 'Administrators'
Lot of it is probably useless tho.
Here is what my ldap server is returning when using ldapsearch:
dvof01@bis022:/var/www/my-project$ ldapsearch -x -b dc=vse,dc=cz
# extended LDIF
#
# LDAPv3
# base <dc=vse,dc=cz> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# vse.cz
dn: dc=vse,dc=cz
objectClass: top
objectClass: dcObject
objectClass: organization
o: vse.cz
dc: vse
# People, vse.cz
dn: ou=People,dc=vse,dc=cz
objectClass: organizationalUnit
ou: People
# group, vse.cz
dn: ou=group,dc=vse,dc=cz
objectClass: organizationalUnit
ou: group
# administrators, group, vse.cz
dn: cn=administrators,ou=group,dc=vse,dc=cz
objectClass: posixGroup
gidNumber: 10000
cn: administrators
# mala krevetka, People, vse.cz
dn: cn=mala krevetka,ou=People,dc=vse,dc=cz
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
homeDirectory: /home/mkrevetka
gecos: mala krevetka
uid: mkrevetka
cn: mala krevetka
uidNumber: 10000
gidNumber: 10000
mail: nathan@bash.cz
sn: krevetka
givenName: mala
# search result
search: 2
result: 0 Success
# numResponses: 6
# numEntries: 5
I have a user ‘mala krevetka’ and a group called ‘administrators’ created in ldap. But in the admin center under security → groups → ldap → add mapping I don’t see any groups in the dropdown.
Also the /LDAPDebug screen looks like this:
I’m not using LDAP actively now. I think your comments are better suited to be attached to the above pull request. But you should really try to trim down anything unrelated.
If you are in a hurry, you should also consider to solve the issue by yourself and provide feedback on the above PR for the posterity.
So I was able to make it work for me but It required me to basically go in and rewrite the code as it seems to me that a lot of mapping variables are hard coded and do not work with the way my ldap sever is set up. Either that or I don’t understand how the configuration from to config file should be pulled or if the logic that should pull the config from file is also broken.
My current situation is that I have my users from ldap synced in the app but I am unable to make the ldap login form appear ( specifying the ldap login method in config file does not work ) so I am actually unable to log in using those synced ldap users.
So yeah I guess this issue does not have a general solution that could be helpful to someone else, or it could be that I am missing something, which may be the case as this is my first time working with php codebase.