today I’ve added and configured the neos/ldap module because our marketing would like to have a member area for our employees. I’ve configured everything like in the documentation but after submitting the login form the page isn’t working. It literally says «This page isn’t working. […] didn’t send any data.». There no clear error message (even in the log). The standard Neos frontend login was working. Is here anybody who successfully integrated the ldap module into his website and can help me with this problem?
I use the LDAP package since several years in a project.
As the configuration is quite a struggle sometimes it’s best to start debugging with the included command controller.
So trying to bind, authenticate and query via the cli is the best start.
When that works you can continue from there.
at first: thanks for your answer!
I’ve successfully executed an «ldapsearch» on the command line. The next thing I did was some debugging and I figured out that at some point the execution stops and exits.
LdapProvider -> authenticate()
DirectoryService -> authenticate()
DirectoryService -> bind()
LdapBind -> bind()
AbstractBindProvider -> bindWithDn()
In the last method «bindWithDn» the command “ldap_bind” will be executed and this is the command that fails without an exception. There’s a try catch around it but the error / exception won’t be caught. The next thing is that the code runs two times. It fails on «ldap_bind», executes «Ldap-Provider->authenticate()» and fails on «ldap_bind» again.
What I can see is that the password (for «ldap_bind») is the one that I’ve entered in the login mask. Shouldn’t it be the password for the bind user? Because the other parameter «userDn» is the string of the bind dn (configuration) and looks like “cn=bind user,cn=Users,dc=company,dc=com.”
I don’t know, maybe you or someone else can help me?
FYI: I’m using PHP 7.2.22 and Apache 2.4.37 on a local machine (Mac).
I got the problem: I used “ldaps://” because our support said so. When I use “ldap://” it works. But nevertheless the credentials are wrong and now I’ll get an exception. And I think that’s because the passwords are wrong. Like I said: when the method «ldap_bind» is executed the «$password» is the same that I’ve entered in the login mask and not the LDAP user password of my configuration (Settings.yaml).
Here’s the LDAP configuration.
Neos:
Flow:
security:
authentication:
providers:
LdapProvider:
provider: Neos\Ldap\Security\Authentication\Provider\LdapProvider
providerOptions:
host: 'ldap://ldap.domain.com'
port: 389
baseDn: 'DC=company,DC=com'
# How to authenticate towards the server. Normally this is a given
# service account and password. Other options are also available,
# consult the bind provider class LdapBind for more examples.
bind:
dn: 'CN=user,CN=Users,DC=company,DC=com'
password: 'asdf'
anonymous: FALSE
# All PHP Ldap options can be set here. Make the constant lowercase
# and remove the ldap_opt_ prefix.
# Example: LDAP_OPT_PROTOCOL_VERSION becomes protocol_version
ldapOptions:
protocol_version: 3
network_timeout: 10
filter:
# %s will be replaced with the username / dn provided
account: '(sAMAccountName=%s)'
memberOf: '(&(objectClass=posixGroup)(memberUid=%s))'
# this will use the filter with domain, set it to yes to remove it for search
ignoreDomain: TRUE
# will be prefixed to a given username if no other domain was specified
domain: 'MY-DOMAIN'
Oh sorry I forgot to add the exception message. But it is not really useful.
Error during Ldap user search: 1
The connection and the binding works now, but it is the search that fails. I don’t know why. I wrote a simple ldap script from scratch (vanilla php) and there is everything fine. Also the settings of the neos/ldap module seem to be correct.
It’s really hard to help, when the exact problem is only a guess.