Page MenuHomePhabricator
Create Task
Maniphest T5208

Error with LDAP integration
Closed, ResolvedPublic
Actions

Description

I'm trying to setup LDAP integration on a new Phabricator installation. I get the following error when I run the CLI test.

bin/auth ldap

Enter LDAP Credentials

LDAP Username:  egauthier


LDAP Password:

Connecting to LDAP...
[2014-05-28 00:41:07] EXCEPTION: (PhutilAuthCredentialException) at [/usr/local/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php:232]

#0 PhutilAuthAdapterLDAP::loadLDAPUserData() called at [/usr/local/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php:161]
#1 PhutilAuthAdapterLDAP::getLDAPUserData() called at [/usr/local/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php:114]
#2 PhutilAuthAdapterLDAP::getAccountID() called at [/usr/local/phabricator/phabricator/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:57]
#3 PhabricatorAuthManagementLDAPWorkflow::execute(Object PhutilArgumentParser) called at [/usr/local/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php:396]
#4 PhutilArgumentParser::parseWorkflowsFull(Array of size 6 starting with: { PhabricatorAuthManagementLDAPWorkflow => Object PhabricatorAuthManagementLDAPWorkflow }) called at [/usr/local/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php:292]
#5 PhutilArgumentParser::parseWorkflows(Array of size 6 starting with: { PhabricatorAuthManagementLDAPWorkflow => Object PhabricatorAuthManagementLDAPWorkflow }) called at [/usr/local/phabricator/phabricator/scripts/setup/manage_auth.php:21]

Event Timeline

eric.gauthier created this task.May 28 2014, 4:47 AM
eric.gauthier raised the priority of this task from to Needs Triage.
eric.gauthier updated the task description. (Show Details)
eric.gauthier added a subscriber: eric.gauthier.
epriestley added a subscriber: epriestley.May 28 2014, 1:25 PM

Can you show me the output of bin/auth ldap --trace?

eric.gauthier added a comment.May 28 2014, 2:17 PM

bin/auth ldap --trace

[2] <connect> phabricator_auth

<<< [2] <connect> 1,065 us

[3] <query> SELECT * FROM auth_providerconfig ORDER BY id DESC

<<< [3] <query> 355 us
Enter LDAP Credentials

LDAP Username:  egauthier

[4] <exec> $ stty -echo

<<< [4] <exec> 11,325 us

LDAP Password:  >>> [5] <exec> $ stty echo

<<< [5] <exec> 17,945 us

Connecting to LDAP...

[6] <ldap> connect (101arch-dc01.shoebuy.com:389)

<<< [6] <ldap> 3,190 us

[7] <ldap> bind (SHOEBUY\egauthier)

<<< [7] <ldap> 98,233 us

[8] <ldap> search (ou=Shoebuy,dc=shoebuy, dc=com, uid=egauthier)

<<< [8] <ldap> 172,554 us
[2014-05-28 10:16:01] EXCEPTION: (PhutilAuthCredentialException) at [/usr/local/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php:232]

#0 PhutilAuthAdapterLDAP::loadLDAPUserData() called at [/usr/local/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php:161]
#1 PhutilAuthAdapterLDAP::getLDAPUserData() called at [/usr/local/phabricator/libphutil/src/auth/PhutilAuthAdapterLDAP.php:114]
#2 PhutilAuthAdapterLDAP::getAccountID() called at [/usr/local/phabricator/phabricator/src/applications/auth/management/PhabricatorAuthManagementLDAPWorkflow.php:57]
#3 PhabricatorAuthManagementLDAPWorkflow::execute(Object PhutilArgumentParser) called at [/usr/local/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php:396]
#4 PhutilArgumentParser::parseWorkflowsFull(Array of size 6 starting with: { PhabricatorAuthManagementLDAPWorkflow => Object PhabricatorAuthManagementLDAPWorkflow }) called at [/usr/local/phabricator/libphutil/src/parser/argument/PhutilArgumentParser.php:292]
#5 PhutilArgumentParser::parseWorkflows(Array of size 6 starting with: { PhabricatorAuthManagementLDAPWorkflow => Object PhabricatorAuthManagementLDAPWorkflow }) called at [/usr/local/phabricator/phabricator/scripts/setup/manage_auth.php:21]
nikivinvinod added a subscriber: nikivinvinod.May 29 2014, 10:47 AM
epriestley added a comment.May 29 2014, 6:52 PM

search (ou=Shoebuy,dc=shoebuy, dc=com, uid=egauthier)

This search is failing to find your user account. LDAP is really hard to diagnose because every install is configured differently and there's very little consistency between installs, but my guesses are:

  • the DN is wrong; or
  • the search attribute is wrong; or
  • you're using anonymous credentials, but shouldn't be; or
  • the anonymous user doesn't have permission to see your account.
eric.gauthier added a comment.May 30 2014, 3:17 AM

I found an error in the search, so you were definitely right (the username wasn't listed under uid). I was thrown off as the CLI tool ldapsearch found my user use the base DN but bin/auth gave a PHP error so I thought this was a code problem not just a failed login and the

Thanks for looking into this so quickly!

eric.gauthier closed this task as Resolved.May 30 2014, 3:17 AM
eric.gauthier claimed this task.
Phabricator · Built by Phacility