LDAP problem:failed LDAP bind (login) by xxx, could not construct bind_user

[mccon1]

Hi,

I have a problem with getting LDAP authentification to work. I use the 5.2.0i Community Edition on SuSe Linux with Apache2 and PHP 5.1. In the phpinfo() I see "ldap support: enabled" (OpenLDAP). On "the other side" I use a MS Active Directory server. For another project on the same webserver I use the adLDAP PHP class which works great with this configuration:

$_account_suffix = "@hh.companyname.com";
$_base_dn = "DC=hh,DC=companyname,DC=com";
$_domain_controllers = array ("servername");
$_ad_username="Administrator";
$_ad_password="dummy\$dummy"; //backslash because of special char in password

So I just entered the same information in Sugar:

Enable LDAP: Yes
Server: servername
Port Number: 389
Base DN: DC=hh,DC=companyname,DC=com
Bind Attribute: sAMAccountName
Login Attribute: sAMAccountName
Authenticated User: Administrator
Authenticated Password: dummy\$dummy (I also tested without the backslash)
Auto Create Users: Yes
Encryption Key: [empty]

But I only get "Invalid credentials" on the Login page and this in the sugarcrm.log:

Wed Aug 26 15:52:42 2009 [6064][-none-][FATAL] [LDAP ERROR][49]Invalid credentials
Wed Aug 26 15:52:42 2009 [6064][-none-][FATAL] SECURITY: ldapauth: failed LDAP bind (login) by asdf1234, could not construct bind_user
Wed Aug 26 15:52:42 2009 [6064][-none-][FATAL] SECURITY: User authentication for asdf1234 failed
Wed Aug 26 15:52:42 2009 [6064][-none-][FATAL] SECURITY: User authentication for asdf1234 failed
Wed Aug 26 15:52:42 2009 [6064][-none-][FATAL] FAILED LOGIN:attempts[1] - asdf1234

Whats wrong? When I export a LDF file from the Active Directory, I can see that the name the people should use to authenticate is the "sAMAccountName", so I think thats the "Login Attribute". But whats the "Bind Attribute"? I tried uid, sAMAccountName and userPrincipalName. All with the same result.
Why do I have to enter that information anyway when it works great in adLDAP without it? Is the dollar sign in the password a problem? Where does SugarCRM safe the LDAP config so that I can check it?

thank you very much in advance,
mccon1

[mccon1]

Hi,

just a few minutes later and it works!

I used this data:

Enable LDAP: Yes
Server: servername
Port Number: 389
Base DN: DC=hh,DC=companyname,DC=com
Bind Attribute: userPrincipalName
Login Attribute: sAMAccountName
Authenticated User: Administrator@hh.companyname.com
Authenticated Password: dummy$dummy
Auto Create Users: Yes
Encryption Key: [empty]

Thanks for listening anyway