AD Auth: LDAPS connection fails

Hey there.
Currently I’m setting up a Dolibarr server with LDAP Auth against AD (more precise UCS server):

  • Dolibarr 12.0.2
  • Ubuntu 18.04
  • PHP 7.2.24, Apache 2.4.29, MariaDB 10.1.44
  • self-made installation, Linux level: elaborated

I entered the same credentials as used in other applications and double-checked them, but the DEBUG log says:

2020-08-31 18:31:42 WARNING    Ldap::connect_bind failed to start tls
2020-08-31 18:31:42 DEBUG    Ldap::connect_bind try bindauth for activedirectory on ldaps://ucs01.domain.lan/ user=cn=ldap-read,ou=Users,ou=domain,dc=domain,dc=lan password=******
2020-08-31 18:31:42 WARNING    Ldap::connect_bind return=-1 - Failed to connect to LDAP:

I added the server’s certificate to /etc/ssl/certs/ca-certificates.crt as mentioned in /etc/ldap/ldap.conf . More over, I also added TLS_REQCERT never to this file.

Via the command line I tried the general connectivity:

ldapsearch -H ldaps://ucs01.domain.lan -b "ou=domain,dc=domain,dc=lan" -D "cn=ldap-read,ou=Users,ou=domain,dc=domain,dc=lan" "uid=dennis" -x -w "*******"

Works well. Thought, I could be a PHP issue and placed that file into the web root:

ini_set('display_errors', '1');

$AD_search_bind_DN = 'cn=ldap-read,ou=Users,ou=domain,dc=domain,dc=lan';
$AD_search_bind_PW = '************';
$AD_server         = 'ldaps://ucs01.domain.lan/';

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

$conn = ldap_connect($AD_server) or die("Failed to connect to ldap server.");
ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($conn, $AD_search_bind_DN, $AD_search_bind_PW) or die("Failed to bind to ldap server: " + ldap_error($conn));
print("Successful LDAP bind.");

Result: “Successful LDAP bind.” What else can be the problem?

I found my “mistake”. In the GUI I chose the URL as ldaps://servername and TLS=yes, which seems to be LDAP with START TLS and not LDAPS. After changing to TLS=no, it worked at the point.

One additional questions regarding the LDAP integration:

In the wiki, I find mentioned scripts like ldap2dolibarr.php, but cannot find them in Dolibarr 12. Even more, I cannot login with my AD password. I just can create a local user and get the LDAP information once during the creation - is this the LDAP integration of Dolibarr?

1 Like