Comments (9)
Hi @adepertat,
which doesn't work because in Active Directory, the objectCategory field contains the dn to a schema (more like CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com).
Are you seeing this DN from the "Active Directory Users and Computers interface"?
from adldap2-laravel.
Yes. Please note the difference between objectCategory and objectClass :
from adldap2-laravel.
Hmmm, this should work then. Active Directory allows you to bypass querying the entire distinguished name of the objectcategory
:
You can use a filter clause similar to the following:
(objectCategory=cn=person,cn=Schema,cn=Configuration,dc=MyDomain,dc=com)
However, Active Directory allows you to instead use the following shortcut:
(objectCategory=person)
Can you try executing a raw query to attempt locating the user you're looking for? Ex:
$user = Adldap::search()->where('cn', '=', 'John Doe')->first();
If no users are being returned, can you verify that the account you're connecting to your Active Directory server with has the appropriate permissions to query inside of the OU's you're looking to query?
from adldap2-laravel.
Indeed. I tested the query with both short and long versions of objectCategory in ADSIEdit and it works.
I am confident this is not a permission problem because the standard authentication (through the login form) works. It stops working when I try to use the SSO through an HTTP header.
Here is a debug log through SSO (does not work) : https://gist.github.com/adepertat/c2d0132eac6cf6f2ca23951616c9ac68
And here it is through the login form (works) : https://gist.github.com/adepertat/4da4127eecd71bd78fc79bc38c29deaa
from adldap2-laravel.
Indeed. I tested the query with both short and long versions of objectCategory in ADSIEdit and it works.
Ok that's great to hear it's working properly. Thanks for also posting the logs @adepertat.
Can you share the code/where the query is taking place inside of the Freescout system for SSO and non-SSO authentication attempts?
from adldap2-laravel.
For the SSO part, the code is failing to retrieve the user because some query returns nothing instead of the user account, specifically in this file https://gist.github.com/adepertat/8504f82140026ae62e7617e2a17cf7fa in the method resolveUserByUsername
. The query is built with an instance of this Builder class : https://gist.github.com/adepertat/c3aabfc65872a3f062b5ba44af52bff8.
This code
Resolver::query()->where([$this->discover() => $username])
yields this object : https://gist.github.com/adepertat/35904b146fde00352dc2c41715a56741 but when the query is run, it returns no result.
I am not sure where to look for the non-SSO part.
from adldap2-laravel.
Ok, were you able to execute the query I mentioned above to see if the user you're attempting to authenticate with is able to be found?
$user = Adldap::search()->where('samaccountname', '=', 'jdoe')->first();
from adldap2-laravel.
OK the problem lies in the base DN sent by Freescout. It uses the path of the account used to read the directory, which is not where my users are. I guess it's a Freescout issue after all. Thanks a lot @stevebauman for taking the time to help me.
from adldap2-laravel.
Ok sounds good, no problem @adepertat! Happy to help. Glad you're getting closer to a resolution.
Closing for now but feel free to comment back if you have any further questions and I'll assist you 👍
from adldap2-laravel.
Related Issues (20)
- can't contact ldap server on production server, works fine on Test server HOT 1
- workaround for: problem with two factor authentication #894
- Error updating to V6 from V5
- Integrate Make OU and Make Group HOT 1
- Syncing and Auto inserts HOT 1
- psr/log dependency error HOT 2
- Unable to locate a user without a objectguid
- Not matching e-mail address even if still exists HOT 1
- Laravel 9 Support HOT 8
- Distribution groups?
- SSO Problem with single route HOT 1
- php 8 support HOT 2
- technical qustion HOT 1
- online ldap test server HOT 3
- Adldap not working after upgrading to Laravel 6
- The 'username' key is missing from the given credentials array
- Can active directory user be logout ?After logout user, application require user login HOT 1
- Method move does not exist. HOT 1
- Config ldap_auth
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adldap2-laravel.