Ldap auth failure

I am unable login with ldap users, I have tried with ‘proxy’ and also ‘user’ mode. I always get the same error. Any hints would be great.

Error when correct credentials are used

[2019-07-03 19:42:56] [debug] Kanboard\Core\Controller\Runner::executeMiddleware
[2019-07-03 19:42:56] [debug] Subscriber executed: Kanboard\Subscriber\BootstrapSubscriber::execute
[2019-07-03 19:42:56] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\AuthenticationMiddleware
[2019-07-03 19:42:56] [debug] Kanboard\Core\Controller\Runner::executeController => \Kanboard\Controller\AuthController::check
[2019-07-03 19:42:56] [debug] BaseDN=DC=comp,DC=com
[2019-07-03 19:42:56] [debug] Filter=(&(objectClass=user)(sAMAccountName=username))
[2019-07-03 19:42:56] [debug] Attributes=samaccountname, displayname, mail, memberof
[2019-07-03 19:42:56] [debug] NbEntries=1
[2019-07-03 19:42:56] [info] Authenticate this user: CN=username,OU=Management,DC=comp,DC=com
[2019-07-03 19:42:56] [debug] Subscriber executed: Kanboard\Subscriber\AuthSubscriber::onLoginFailure

Expected error when I enter wrong password
[2019-07-03 19:34:12] [debug] Kanboard\Core\Controller\Runner::executeMiddleware
[2019-07-03 19:34:12] [debug] Subscriber executed: Kanboard\Subscriber\BootstrapSubscriber::execute
[2019-07-03 19:34:12] [debug] Kanboard\Core\Controller\BaseMiddleware::next => Kanboard\Middleware\AuthenticationMiddleware
[2019-07-03 19:34:12] [debug] Kanboard\Core\Controller\Runner::executeController => \Kanboard\Controller\AuthController::check
[2019-07-03 19:34:12] [debug] BaseDN=DC=comp,DC=com
[2019-07-03 19:34:12] [debug] Filter=(&(objectClass=user)(sAMAccountName=username))
[2019-07-03 19:34:12] [debug] Attributes=samaccountname, displayname, mail, memberof
[2019-07-03 19:34:12] [debug] NbEntries=1
[2019-07-03 19:34:12] [info] Authenticate this user: CN=username,OU=Management,DC=comp,DC=com
[2019-07-03 19:34:12] [error] LDAP authentication failure for “CN=username,OU=Management,DC=comp,DC=com” => Code=“49”; Error=“Invalid credentials”; ExtendedError=“80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580”
[2019-07-03 19:34:12] [debug] Subscriber executed: Kanboard\Subscriber\AuthSubscriber::onLoginFailure

// Enable LDAP authentication (false by default)
define(‘LDAP_AUTH’, true);

// LDAP server hostname
define(‘LDAP_SERVER’, ‘comp.com’);

// LDAP server port (389 by default)
define(‘LDAP_PORT’, 389);

// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define(‘LDAP_SSL_VERIFY’, false);

define(‘LDAP_START_TLS’, false);

// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case

// LDAP bind type: “anonymous”, “user” or “proxy”
define(‘LDAP_BIND_TYPE’, ‘proxy’);

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define(‘LDAP_USERNAME’, ‘CN=LdapUser,CN=Users,DC=eavms,DC=com’);

// LDAP password to use for proxy mode
define(‘LDAP_PASSWORD’, ‘ActualPassword’);

// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define(‘LDAP_USER_BASE_DN’, ‘DC=comp,DC=com’);

// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: ‘(&(objectClass=user)(sAMAccountName=%s))’
// Example for OpenLDAP: ‘uid=%s’
define(‘LDAP_USER_FILTER’, ‘(&(objectClass=user)(sAMAccountName=%s))’);

// LDAP attribute for username
// Example for ActiveDirectory: ‘samaccountname’
// Example for OpenLDAP: ‘uid’
define(‘LDAP_USER_ATTRIBUTE_USERNAME’, ‘samaccountname’);

// LDAP attribute for user full name
// Example for ActiveDirectory: ‘displayname’
// Example for OpenLDAP: ‘cn’
define(‘LDAP_USER_ATTRIBUTE_FULLNAME’, ‘displayname’);

// LDAP attribute for user email
define(‘LDAP_USER_ATTRIBUTE_EMAIL’, ‘mail’);

Kindly advise on how to solve this.
Thanks in advance.

1 Like

same issue :frowning:

Is there any option to increse loglevel ?

i use the docker version (Version: v1.2.11)