Can't authenticate using LDAP/AD

[bstonehill]

I'm not terribly familiar with LDAP but using several guides and other forum posts I've tried every possible combination I can come up with to get LDAP authentication working but I am still stuck. I'm running the 5.5 Stack Installer on an XP Pro host. The server is Windows SBS 2008. I've worked through several different error messages and now I am stuck on "You must specify a valid username and password" when attempting to login.

Here is the information I'm entering:
Server: SENTRYSERVER.sentry.local
Port Number: 389
User DN: dc=sentry,dc=local (I've also tried ou=sbsusers,ou=users,ou=mybusiness, but I'm not sure if ou is needed here)
Bind Attribute: userPrincipleName
Login Attribute: sAMAccountName
Authentication User Name: user@sentry.local
Password: password
Auto Create Users: Yes

Do I need to configure anything on the SBS Server?

[kuske]

Your settings:

Server: SENTRYSERVER.sentry.local => ok
Port Number: 389 =>ok
User DN: dc=sentry,dc=local => ok
Bind Attribute: userPrincipleName => ok
Login Attribute: sAMAccountName => ok
Authentication User Name: user@sentry.local => not ok !!!
If Login Attribute = sAMAccountName then the User Name should look like
CN=ADReq,OU=Service Accounts,dc=sentry,dc=local
Password: password => ok, if password is not 'password'
Auto Create Users: Yes => ok,if you really want that

[bstonehill]

Thanks for the reply, still having some trouble though. Whenever I try to use CN=whatever in the authenticated user box I get [LDAP ERROR][49] Invalid Credentials whether I'm using userPrincipleName or sAMAccountName as the Login Attribute. I'm not real clear on the differences between them, I'm just going off what others have posted. Of course I have no idea what my CN= should be. I tried CN=ADReq, CN=Service Accounts as you suggested and I tried using the username CN=scrm, but I don't know if this is supposed to be some predefined service account or one I'm supposed to setup, doesn't seem to work either way. I understand what DC and OU are, don't understand CN at all.

As of right now it seems to me to be contacting the LDAP server okay since I am no longer getting an LDAP ERROR, just not authenticating the user. But then again this is all new to me so I can't be sure. Here are my new settings and the log file, any other suggestions?

I'm also not sure if I should be entering username or username@sentry.local in the sugarcrm login prompt.

Server: SENTRYSERVER.sentry.local
Port Number: 389
User DN: DC=sentry,DC=local
User Filter:
Bind Attribute: userPrincipleName
Login Attribute: userPrincipleName
Authentication User Name: scrm@sentry.local
Authentication Password: ******
Auto Create Users: Yes

01/07/10 10:31:02 [2040][-none-][FATAL] SECURITY: ldapauth: failed LDAP bind (login) by scrm, could not construct bind_user
01/07/10 10:31:02 [2040][-none-][FATAL] SECURITY: User authentication for scrm failed
01/07/10 10:31:02 [2040][-none-][FATAL] SECURITY: User authentication for scrm failed
01/07/10 10:31:02 [2040][-none-][FATAL] FAILED LOGIN:attempts[1] - scrm

I'm also locked out of the local accounts because when I imported my users it stripped out the passwords and I can no longer edit them manually through user management and the forgot/reset password feature sends me $contact_user_user_hash as the password rather than the actual password.

[PaulAndersonNRC]

Managed to get LDAPS group authentication working I've posted my solution here: http://www.sugarcrm.com/forums/f22/d...00/#post270620