LDAP authentication

[Moore]

I have been trying to get LDAP authentication to work for my installation of sugarcrm with the following specs:

Sugar Version: 4.1.5e
Category: Install
Operating System: Vista
PHP Version: 5.1.4
Database: MSSQL
Web Server: Windows Server 2003

I have gone enabled LDAP in my php.ini file and patched LDAPAuthenticateUser.php as outlined in
http://www.sugarcrm.com/forums/showt...id+credentials
I've looked through the forums for several hours and just cannot seem to find a solution. Here is my error log when I attempt to login.

Code:

DEBUG SugarCRM - ldapauth: Connecting to LDAP server: 84dc01
INFO SugarCRM - ldapauth.ldap_rdn_lookup: Bind succeeded, searching for userPrincipalName=crm@myurl.com
DEBUG SugarCRM - ldapauth.ldap_rdn_lookup: base_dn:DC=myurl,DC=com , search_filter:(userPrincipalName=crm@myurl.com)
INFO SugarCRM - ldapauth.ldap_rdn_lookup: Search result:
ldapauth.ldap_rdn_lookup: 2
INFO SugarCRM - ldapauth.ldap_rdn_lookup: found_bind_user=CRM@myurl.com
DEBUG SugarCRM - ldapauth.ldap_authenticate_user: ldap_rdn_lookup returned bind_user=CRM@myurl.com
INFO SugarCRM - ldapauth: Binding user userPrincipalName=CRM@myurl.com, DC=myurl,DC=com
FATAL SugarCRM - [LDAP ERROR][49]Invalid credentials
FATAL SugarCRM - SECURITY: User authentication for crm@myurl.com failed

I am aware that an LDAP error 49 usually means that either the password is wrong or the DN is wrong, but I am 99% sure that neither is the case. I used softerra's LDAP browser to double check my DN and everything looks like it should. Here are my settings for the LDAP configuration within sugar.

Enable LDAP - check
Server: 84dc01
Port Number: 389
Base DN: DC=myurl,DC=com (myurl is a replacement for my actual name)
Bind Attribute: userPrincipalName
Login Attribute: userPrincipalName
Authenticated User: crm@myurl.com
Authenticated Password: ****
Auto Create Users: Un-checked
Encryption Key: Blank


I am really banging my head on my desk with this one. If anyone could tell me what's going on or point me in the right direction i would appreciate it very much.

Cheers
~Dave

[Moore]

any thoughts?

[russhensley]

I am having a similar issue.

I have the mcrypt extensions "uncommented" in the PHP.ini file and I can not get the field to turn from read only to an input box in the admin - LDAP - key ....

[Kalendrinn]

I just got this working on my test instance. You have to have the Auto-create Users box checked, otherwise the user does not exist in Sugar and it fails authentication. Stupid I know, but at the same time, there is no data in sugar for a person authenticated against LDAP...so it partially makes sense. They have to get into Sugar somehow. :/ Unfortunately, it only pulls the first and last name into Sugar when it auto-creates. Not sure if this is a limitation of Sugar or the LDAP server I am using mine with...if the data isn't in LDAP then it obviously wouldn't get populated in Sugar.

[russhensley]

I have the autocreate users checked. I have a trouble ticket open with Sugar and they are troubleshooting it. They can log into LDAP with the web browser. I can't get outlook to work using LDAP.

The users are being "created" in Sugar. THey can create tasks, be assigned tasks, etc.

Russ