LDAP Login does not work

[taeys]

Debug mode

• I have enabled debug mode
• I have read checked the Common Issues page

Describe the bug

We added our LDAP Server successfully to SnipeIT. When I go to people, I can see all our users. In the user profile is the checkmark green to "Login activated" but when the user tries to login it won't work.

Reproduction steps

1. Added LDAP as per documentation

...

Expected behavior

User Login works

Screenshots

Snipe-IT Version

5.4.1

Operating System

Ubuntu 18.04

Web Server

Apache

PHP Version

7.4.3

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

[snipe]

Anything in the logs? This isn't really giving us a lot to work with. When you try to test the LDAP login using the test button, what happens?

[uberbrady]

Also can be helpful to have screenshots (redacted is fine, of course) of your LDAP settings, and to know what your LDAP server is.

[taeys]

No, the logs are empty. When I do the test it shows this:

But when I try to do the LDAP Login test it shows this:

[uberbrady]

If you’re using active directory, maybe you need to check the box for “this is an AD server”? What AD server is it?

[taeys]

We do not use an AD, just plain LDAP.

[uberbrady]

Well, the system uses the LDAP Auth query - which should be of the form something= - and then appends a comma, and then appends the baseDN to it - and tries to bind as that user.

Depending on your LDAP provider, you may need to grant Bind permissions to the users who you want to be able to log in.

You may also be using an unsupported attribute for the LDAP auth query? Share your settings (redact out whatever you need to) and I’ll try to help.

[taeys]

The user has even administrator privileges on the LDAP. Here is our configuriation:
LDAP Bind Username: uid=service,ou=People,dc=thing,dc=something,dc=com
Base Bind DN: ou=people,dc=thing,dc=something,dc=com

[taeys]

The snipeit-error.log under /var/log/apache2 shows the following when I try to login with an LDAP User:

[Wed Mar 23 16:10:08.389746 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of Require all granted: granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.389767 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of : granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.390191 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of Require all granted: granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.390206 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of : granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.583553 2022] [ssl:debug] [pid 114723] ssl_engine_kernel.c(415): [client MYCLIENT:58586] AH02034: Subsequent (No.2) HTTPS request received for child 7 (server snipeit.sim.de.airbusds.corp:443), referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.583905 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of Require all granted: granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.583972 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of : granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.584082 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of Require all granted: granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.584133 2022] [authz_core:debug] [pid 114723] mod_authz_core.c(817): [client MYCLIENT:58586] AH01626: authorization result of : granted, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:08.641406 2022] [deflate:debug] [pid 114723] mod_deflate.c(854): [client MYCLIENT:58586] AH01384: Zlib: Compressed 5072 to 1467 : URL /index.php, referer: https://MYDOMAIN/login
[Wed Mar 23 16:10:13.647302 2022] [ssl:debug] [pid 114723] ssl_engine_io.c(1102): [client MYCLIENT:58586] AH02001: Connection closed to child 7 with standard shutdown (server MYDOMAIN:443)

[uberbrady]

you’ll also want to check out, in your Snipe-IT install, storage/logs/laravel.log - sometimes that will show you something good.

By the looks of it I think you have everything configured correctly. So long as the user you’re logging in as is allowed to bind correctly to the directory with its username and password, it looks to me like it should work.

Hopefully we can find some errors somewhere in your Laravel log - it may also help to turn on debug mode APP_DEBUG=true in your .env somewhere.

[taeys]

The laravel.log sadly shows nothing, the log is empty :( The user does work on all our other instances where we use LDAP login (eg. Jira, Confluence, etc...) so we really don't know why the login itself does not work.

[snipe]

That log probably shouldn’t be empty. Make sure the laravel.log file (and the directories above it) are writable by the user the web server is running as, so storage and all directories and files under it.

[taeys]

All folders belong to www-data but the logs only show two entries from march 11th which are
[2022-03-11 11:19:36] production.ERROR: Symfony\Component\Console\Exception\NamespaceNotFoundException: There are no commands defined in the "clear" namespace. in //snipeit/vendor/symfony/console/Application.php:604
and
[2022-03-11 11:19:36] production.ERROR: There are no commands defined in the "clear" namespace. {"exception":"[object] (Symfony\Component\Console\Exception\NamespaceNotFoundException(code: 0): There are no commands defined in the "clear" namespace. at /snipeit/vendor/symfony/console/Application.php:604)

[taeys]

Isse solved by the hack mentioned here: #9903