Ldap auth and group search

I’ve configured LDAP auth according to https://docs.kanboard.org/en/1.2.13/admin_guide/ldap_authentication.html and can log in just fine, even as an admin a user that is in an LDAP admin group. I also configured the ldap groups like mentioned in https://docs.kanboard.org/en/1.2.13/admin_guide/ldap_groups.html. However, I can’t seem to be able to get the ldap group search to work, meaning the autocompletion doesn’t give me any LDAP groups. A trace reveals that no connection to ldap is being made. I tried using anonymous and proxy LDAP auth (server is openldap), but to no avail.

This is tthe config I use (anonimized):

define(‘LDAP_AUTH’, true);
define(‘LDAP_SERVER’, ‘ldaps://my.server’);
define(‘LDAP_PORT’, 636);
define(‘LDAP_SSL_VERIFY’, false);
define(‘LDAP_START_TLS’, false);
define(‘LDAP_BIND_TYPE’, ‘proxy’);
define(‘LDAP_USERNAME’, ‘cn=xxx,ou=yyyy,dc=zzz’);
define(‘LDAP_PASSWORD’, ‘xxxxxxxxxx’);
define(‘LDAP_USER_BASE_DN’, ‘ou=yyy,DC=zzz’);
define(‘LDAP_USER_FILTER’, ‘uid=%s’);
define(‘LDAP_USER_ATTRIBUTE_EMAIL’, ‘mail’);
define(‘LDAP_USER_CREATION’, true);
define(‘LDAP_GROUP_ADMIN_DN’, ‘ou=admins,ou=groups,dc=yyy,dc=zzz’);
define(‘LDAP_GROUP_MANAGER_DN’, ‘cn=admin,ou=admins,ou=groups,dc=yyy,dc=zzz’);
define(‘LDAP_GROUP_PROVIDER’, true);
define(‘LDAP_GROUP_BASE_DN’, ‘ou=groups,dc=yyy,dc=zzz’);
define(‘LDAP_GROUP_FILTER’, ‘(&(objectClass=posixGroup)(cn=%s*)’);
define(‘LDAP_GROUP_USER_FILTER’, ‘(&(objectClass=posixGroup)(memberUid=%s))’);

Kanboard version: 1.2.13
Database type and version: sqlite
PHP version: php 7.3.15
OS: Fedora 31
Browser: Firefox/Google chrome

Maybe someone can help me here?

Found the issue, this is wrong:

define(‘LDAP_GROUP_FILTER’, ‘(&(objectClass=posixGroup)(cn=%s*)’);
should be:
define(‘LDAP_GROUP_FILTER’, ‘(&(objectClass=posixGroup)(cn=%s*))’);

Since the call to the ldap_search function in app/Core/Ldap/Query.php starts with “@”, this never got logged. I removed it, saw a “bad filter” line in the apache error logfiles and knew I had to look closer :slight_smile: