SugarCRM and openldap authentification

[shagarth]

Hi

After two days trying to get sugarcrm (CE v5.5.2) authentification working against
openldap, I guess I need some help.
Be sure that I had a look on almost all passed threads concerning the authentification
with LDAP, but i did not find a way to solve my problem.

Here is my server configuration
serveur : ldap.server.com
port : 389
DN user : ou=people,dc=COMPANY
user filter: blank
Filtre user: none
Bind attribute : dn
Login attribute : cn
group member: blank
Authentification users: cn=admin,dc=COMPANY
Authentification passwd : ************
Auto Create user: ckeck

I tried almost every possibilities for bind and login attributes, those seem to be good according to the log:

[DEBUG] Starting user load for bobby.sixkilla
[DEBUG] ldapauth: Connecting to LDAP server: ldap.server.com
[INFO] ldapauth.ldap_rdn_lookup: Bind succeeded, searching for cn=bobby.sixkilla
[DEBUG] ldapauth.ldap_rdn_lookup: base_dnu=people,dc=COMPANY , search_filtercn=bobby.sixkilla)
[INFO] ldapauth.ldap_rdn_lookup: Search result: ldapauth.ldap_rdn_lookup: 2
[INFO] ldapauth.ldap_rdn_lookup: found_bind_user=cn=bobby.sixkilla,ou=people,dc=COM PANY
[DEBUG] ldapauth.ldap_authenticate_user: ldap_rdn_lookup returned bind_user=cn=bobby.sixkilla,ou=people,dc=COMPANY
[INFO] ldapauth: Binding user cn=bobby.sixkilla,ou=people,dc=COMPANY
[INFO] ldapauth: Bind attempt complete.
[DEBUG] ldapauth: Fetching user info from Directory.
[FATAL] [LDAP ERROR][32]No such object
[FATAL] SECURITY: User authentication for bobby.sixkilla failed

For info, here is the OpenLDAP treeview i have to use
dc=COMPANY
|-ou=groups
|-ou=people
|-cn=florian.cresdo
|-cn=andrew.peaudebot
|-cn=bobby.sixkilla
|-cn=admin

and the attributes of a user
cn: bobby.sixkilla
displayName: Bobby Sixkilla
givenName: Bobby
mail: bobby.sixkilla@mail.com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: Person
objectClass: top
sn: SIXKILLA
userPassword: **********

Is my configuration correct? Or is there a way that few attributes are missing when sugar tries to create the user?

Thanks in advance

CL

[ittomsk]

I found the solution

Here is my config

Server: testing.ittomsk.ru
Port Number: 389
User DN: ou=Users,dc=TESTING,dc=lan
User Filter:
Bind Attribute: dn
Login Attribute: uid
Authentication: User Name: cn=Manager,dc=TESTING,dc=lan Password: ???
Auto Create Users: checked (must be checked - it will create user's data in mysql db)

To overcome the "result: 32 No such object" in ldap you need to allow bound user to search the directory, like setting

access to *
by self write
by users read
by anonymous auth

in slapd.conf . You can check if it works like that
ldapsearch -x -D "cn=?????,ou=Users,dc=TESTING,dc=lan" -b "dc=TESTING,dc=lan" -w "?????" -h localhost

by default it only let me search in bound user's subscope like here
ldapsearch -x -D "cn=?????,ou=Users,dc=TESTING,dc=lan" -b "cn=?????,ou=Users,dc=TESTING,dc=lan" -w "?????" -h localhost and didn't let search the hole tree.

[shagarth]

Thanks for the tip, it solved the problem

The params for sugarcrm i mentionned earlier were good, i just had to change the openldap access in slapd.conf

access to *
by dn="cn=admin,dc=COMPANY" write
by users read

and everything works fine, the users being created with their attributes!
Thx again

CL