Hello;

I have some LDAP authentication issues under my new drupal 8 site.

Type of LDAP : OpenLdap

I want to do the following thing:
All persons appearing in the LDAP are allowed to connect with the Standard LECTEUR profile. Simple, in theory, then.

Here is what I did:

- I installed the LDAP version dev module
- I configured my LDAP server, and tested it is good.
- I made the test of connection of drupal with LDAP, the Bind is well functional, I recovered all the infos of the directory.

Now, I go to the authentication tab. I check only mode and I put the name of the server config "status: Enabled". In whitelist I put "ou = personnes".

After I go to the Portal login test stage with my Drupa site, I entered the login and password of the LDAP user, and I validate I have error 403,

Please, an idea

CommentFileSizeAuthor
#3 Debug ldap synchronization events_LI.jpg1.32 MBJaber ME
#3 Ldap servers to ldap provisionning entries.jpg1.02 MBJaber ME
#3 Provisionning from ldap to drupal.jpg103.29 KBJaber ME
#3 Inkedtest server bind_LI.jpg751.16 KBJaber ME
#3 authorization.authorization_profile.ldap_roles.yml1002 bytesJaber ME
#3 ldap_authentication.settings.yml827 bytesJaber ME
#3 ldap_user.settings.yml4.02 KBJaber ME
#3 ldap_servers.server.bacorh_ldap_server.yml1.1 KBJaber ME

Comments

Jaber ME created an issue. See original summary.

grahl’s picture

grahl
he/him
Location Zürich
commented
Category: Bug report » Support request
Priority: Major » Normal
Status: Active » Postponed (maintainer needs more info)

Please stop ignoring the support request guidelines, they are on ever issue creation screen: https://www.drupal.org/docs/8/modules/lightweight-directory-access-proto...

Jaber ME’s picture

Jaber ME commented
StatusFileSize
new ldap_servers.server.bacorh_ldap_server.yml1.1 KB
new ldap_user.settings.yml4.02 KB
new ldap_authentication.settings.yml827 bytes
new authorization.authorization_profile.ldap_roles.yml1002 bytes
new Inkedtest server bind_LI.jpg751.16 KB
new Provisionning from ldap to drupal.jpg103.29 KB
new Ldap servers to ldap provisionning entries.jpg1.02 MB
new Debug ldap synchronization events_LI.jpg1.32 MB

hello grahl,

I attached the all config of Server and User mapping, Authorization and ldap bind test.

Can you help me please.

Jaber ME’s picture

Jaber ME commented
grahl’s picture

grahl
he/him
Location Zürich
commented

Thank you for that detailed feedback.

The configuration looks solid but the one thing you did not include is input from the detailed watchdog logging. Have you not enabled that on the "Debugging" tab? It is crucial in tracking down which steps are able to complete and where it fails.

Also, you have quite a complex configuration here with sync from and to LDAP, authorizations, etc. Granted, it's a common scenario but in my experience it's much easier to add these criteria one by one to isolate login issues. I'd recommend you to turn off provision-to-ldap, whitelisting (which shouldn't actually do anything in that configuration if your base DN are set to that, too), the authorization group and enable mixed mode. That should provide you with a simple login case which is much easier to track down with detailed logging.

I hope that helps and feel free to request feedback if you have the specific debug event where your users are not being authenticated and it's not clear.

P.S.: You left something in bindpw, that isn't your password, right?

grahl’s picture

grahl
he/him
Location Zürich
commented
Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)

No feedback, closing.