FR3DLdapBundle - Authentication request failed

Question

I'm using FR3DLdapBundle with FOSUserBundle.

Symfony Version 3.2.6 FR3DLdapBundle Version 3

config.yml

fos_user:
    db_driver: orm # other valid values are 'mongodb' and 'couchdb'
    firewall_name: main
    user_class: AppBundle\Entity\User
    from_email:
        address: "%mailer_user%"
        sender_name: "%mailer_user%"

fr3d_ldap:
    driver:
        host: ldap.forumsys.com
        port: 389
        username: cn=read-only-admin,dc=example,dc=com
        password: password
        bindRequiresDn: true
    user:
        baseDn: dc=example,dc=com
        filter: (&(objectClass=person))
        attributes:
            - { ldap_attr: uid,  user_method: setUsername }

security.yml

encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt
    AppBundle\Entity\User: plaintext

erase_credentials: false

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN]

providers:
    chain_provider:
        chain:
            providers: [fr3d_ldapbundle,fos_userbundle]

    fr3d_ldapbundle:
        id: fr3d_ldap.security.user.provider

    fos_userbundle:
        id: fos_user.user_provider.username

firewalls:
    dev:
        pattern: ^/(_(profiler|wdt)|css|images|js)/
        security: false
    main:
        pattern:    ^/
        fr3d_ldap:  ~
        form_login:
            provider: chain_provider
            always_use_default_target_path: true
            default_target_path: /
        logout:     true
        anonymous:  true

encoders:
    AcmeBundle\Acme\User\LdapUser: plaintext

access_control:
    - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/, role: ROLE_USER }

I test the service with the Online LDAP Test Server. I have managed to make an successful login with the following config:

fr3d_ldap:
driver:
    host: ldap.forumsys.com
    port: 389
    #version: 3
    username: cn=read-only-admin,dc=example,dc=com
    password: password
    bindRequiresDn: true

user:
    baseDn: uid=euclid,dc=example,dc=com
    filter: (&(objectClass=person))
    attributes:
        - { ldap_attr: uid,  user_method: setUsername }

But the Problem with this config i can only login as the user euclid. But i want to login as every available user.

But with the other config i get the message in the log, that the user was found but an expetion has occurred.

2017-04-20 09:36:16] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []

[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []

[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_bind(einstein, ****) {"action":"ldap_bind","bind_rdn":"einstein"} []

[2017-04-20 09:36:17] ldap_driver.DEBUG: exception 'Zend\Ldap\Exception\LdapException' with message '0x1: Failed to retrieve DN for account: einstein [0x1: Unexpected result count (16) for: (&(objectClass=person))]' in /vendor/zendframework/zend-ldap/src/Ldap.php:805 Stack trace: #0 /vendor/fr3d/ldap-bundle/Driver/ZendLdapDriver.php(82): Zend\Ldap\Ldap->bind('einstein', 'password') #1 /vendor/fr3d/ldap-bundle/Ldap/LdapManager.php(78): FR3D\LdapBundle\Driver\ZendLdapDriver->bind(Object(AppBundle\Entity\User), 'password') #2 /vendor/fr3d/ldap-bundle/Security/Authentication/LdapAuthenticationProvider.php(90): FR3D\LdapBundle\Ldap\LdapManager->bind(Object(AppBundle\Entity\User), 'password') #3 ...

[2017-04-20 09:36:17] ldap_driver.DEBUG: ldap_search(dc=example,dc=com, (&(&(objectClass=person))(uid=einstein)), [array]) {"action":"ldap_search","base_dn":"dc=example,dc=com","filter":"(&(&(objectClass=person))(uid=einstein))","attributes":[]} []

[2017-04-20 09:36:17] security.INFO: User einstein found on LDAP {"action":"loadUserByUsername","username":"einstein","result":"found"} []

[2017-04-20 09:36:17] security.INFO: Authentication request failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Bad credentials. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php:90, Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): The presented password is invalid. at /vendor/symfony/symfony/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php:67)"} []

I dont know what i do wrong and i am at my beginnings with LDAP.

EDIT I have changed my code like the example Alvin has posted. But i get the following error: Symfony Dev Log. The system founds the user but then i get the errors in the log file.

Answer 1

you just need to change your baseDn like so:

user:
    baseDn: dc=example,dc=com

I think that should do it.

---

EDIT # 2 - based on feedback

This was the solution to add this to the FOSUser.php Entity as per my tutorial:

/**
  * {@inheritDoc}
  */
public function setDn($dn){
    $this->dn = $dn;
}

/**
  * {@inheritDoc}
  */
public function getDn(){
    return $this->dn;
}

Reference to my tutorial here: https://alvinbunk.wordpress.com/2016/03/25/symfony-ad-integration/

Answer 2

So i finaly found the problem in my code.

I forgot to set the set and get function for the DN field in the User Entity correctly. That was my code:

/**
 * Set Ldap Distinguished Name.
 *
 * @param string $dn Distinguished Name
 */
public function setDn($dn)
{
    // TODO: Implement setDn() method.
}

/**
 * Get Ldap Distinguished Name.
 *
 * @return null|string Distinguished Name
 */
public function getDn()
{
    // TODO: Implement getDn() method.
}

But that is the correct one from Alvins tutorial :

 /**
 * {@inheritDoc}
 */
public function setDn($dn)
{ $this->dn = $dn; }

/**
 * {@inheritDoc}
 */
public function getDn()
{ return $this->dn; }

Thank you Alvin for your help and the awesome tutorial.