Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP over SSO - ldap_bind(): Unable to bind to server: Can't contact LDAP server #4240

Closed
2 tasks done
TomBachelot opened this issue May 12, 2023 · 6 comments
Closed
2 tasks done

LDAP over SSO - ldap_bind(): Unable to bind to server: Can't contact LDAP server #4240

TomBachelot opened this issue May 12, 2023 · 6 comments
Labels
🐕 Support

Comments

@TomBachelot
Copy link

TomBachelot commented May 12, 2023
edited by ssddanbrown
Loading

Attempted Debugging

  • I have read the debugging page

Searched GitHub Issues

  • I have searched GitHub for the issue.

Describe the Scenario

Hi Dan,
I am currently trying to connect my Bookstack server (on Xampp) to my active directory but it is not working and I can't figure out why. I work in a large company, so I need to set up LDAP based authentication. I want an authenticated user to have direct access to boockstack without needing to authenticate through the sso link.

I followed your video on ldpa but when I use it, it doesn't work, the problem would come from the Active Directory consultation. Here is the error I get:
image

Here is the AD part of my configuration file:
image

Exact BookStack Version

v23.05.1

Log Content

Details 

#0 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Bootstrap\HandleExceptions.php(270): Illuminate\Foundation\Bootstrap\HandleExceptions->handleError(2, 'ldap_bind(): Un...', 'C:\\xampp\\htdocs...', 107)
#1 [internal function]: Illuminate\Foundation\Bootstrap\HandleExceptions->Illuminate\Foundation\Bootstrap\{closure}(2, 'ldap_bind(): Un...', 'C:\\xampp\\htdocs...', 107)
#2 C:\xampp\htdocs\bookstack\app\Auth\Access\Ldap.php(107): ldap_bind(Object(LDAP\Connection), 'cn=ldap,ou=Admi...', Object(SensitiveParameterValue))
#3 C:\xampp\htdocs\bookstack\app\Auth\Access\LdapService.php(186): BookStack\Auth\Access\Ldap->bind(Object(LDAP\Connection), 'cn=ldap,ou=Admi...', '123SOS')
#4 C:\xampp\htdocs\bookstack\app\Auth\Access\LdapService.php(58): BookStack\Auth\Access\LdapService->bindSystemUser(Object(LDAP\Connection))
#5 C:\xampp\htdocs\bookstack\app\Auth\Access\LdapService.php(94): BookStack\Auth\Access\LdapService->getUserWithAttributes('tbachelot', Array)
#6 C:\xampp\htdocs\bookstack\app\Auth\Access\Guards\LdapSessionGuard.php(72): BookStack\Auth\Access\LdapService->getUserDetails('tbachelot')
#7 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Auth\AuthManager.php(340): BookStack\Auth\Access\Guards\LdapSessionGuard->attempt(Array, false)
#8 C:\xampp\htdocs\bookstack\app\Auth\Access\LoginService.php(157): Illuminate\Auth\AuthManager->__call('attempt', Array)
#9 C:\xampp\htdocs\bookstack\app\Http\Controllers\Auth\LoginController.php(148): BookStack\Auth\Access\LoginService->attempt(Array, 'ldap', false)
#10 C:\xampp\htdocs\bookstack\app\Http\Controllers\Auth\LoginController.php(82): BookStack\Http\Controllers\Auth\LoginController->attemptLogin(Object(BookStack\Http\Request))
#11 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Controller.php(54): BookStack\Http\Controllers\Auth\LoginController->login(Object(BookStack\Http\Request))
#12 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\ControllerDispatcher.php(43): Illuminate\Routing\Controller->callAction('login', Array)
#13 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Route.php(259): Illuminate\Routing\ControllerDispatcher->dispatch(Object(Illuminate\Routing\Route), Object(BookStack\Http\Controllers\Auth\LoginController), 'login')
#14 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Route.php(205): Illuminate\Routing\Route->runController()
#15 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Router.php(798): Illuminate\Routing\Route->run()
#16 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(141): Illuminate\Routing\Router->Illuminate\Routing\{closure}(Object(BookStack\Http\Request))
#17 C:\xampp\htdocs\bookstack\app\Http\Middleware\CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#18 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\CheckGuard->handle(Object(BookStack\Http\Request), Object(Closure), 'standard', 'ldap')
#19 C:\xampp\htdocs\bookstack\app\Http\Middleware\RedirectIfAuthenticated.php(31): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#20 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\RedirectIfAuthenticated->handle(Object(BookStack\Http\Request), Object(Closure))
#21 C:\xampp\htdocs\bookstack\app\Http\Middleware\Localization.php(45): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#22 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\Localization->handle(Object(BookStack\Http\Request), Object(Closure))
#23 C:\xampp\htdocs\bookstack\app\Http\Middleware\RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#24 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\RunThemeActions->handle(Object(BookStack\Http\Request), Object(Closure))
#25 C:\xampp\htdocs\bookstack\app\Http\Middleware\CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#26 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\CheckEmailConfirmed->handle(Object(BookStack\Http\Request), Object(Closure))
#27 C:\xampp\htdocs\bookstack\app\Http\Middleware\PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#28 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle(Object(BookStack\Http\Request), Object(Closure))
#29 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#30 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(BookStack\Http\Request), Object(Closure))
#31 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\View\Middleware\ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#32 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(BookStack\Http\Request), Object(Closure))
#33 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Session\Middleware\StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#34 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Session\Middleware\StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest(Object(BookStack\Http\Request), Object(Illuminate\Session\Store), Object(Closure))
#35 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Session\Middleware\StartSession->handle(Object(BookStack\Http\Request), Object(Closure))
#36 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#37 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(BookStack\Http\Request), Object(Closure))
#38 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Cookie\Middleware\EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#39 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(BookStack\Http\Request), Object(Closure))
#40 C:\xampp\htdocs\bookstack\app\Http\Middleware\ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#41 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\ApplyCspRules->handle(Object(BookStack\Http\Request), Object(Closure))
#42 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(116): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#43 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Router.php(797): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#44 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Router.php(776): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(BookStack\Http\Request))
#45 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Router.php(740): Illuminate\Routing\Router->runRoute(Object(BookStack\Http\Request), Object(Illuminate\Routing\Route))
#46 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Routing\Router.php(729): Illuminate\Routing\Router->dispatchToRoute(Object(BookStack\Http\Request))
#47 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(190): Illuminate\Routing\Router->dispatch(Object(BookStack\Http\Request))
#48 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(141): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(BookStack\Http\Request))
#49 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Http\Middleware\TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#50 C:\xampp\htdocs\bookstack\app\Http\Middleware\TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle(Object(BookStack\Http\Request), Object(Closure))
#51 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): BookStack\Http\Middleware\TrustProxies->handle(Object(BookStack\Http\Request), Object(Closure))
#52 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#53 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle(Object(BookStack\Http\Request), Object(Closure))
#54 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Foundation\Http\Middleware\TrimStrings->handle(Object(BookStack\Http\Request), Object(Closure))
#55 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#56 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle(Object(BookStack\Http\Request), Object(Closure))
#57 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#58 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(180): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle(Object(BookStack\Http\Request), Object(Closure))
#59 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Pipeline\Pipeline.php(116): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(BookStack\Http\Request))
#60 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(165): Illuminate\Pipeline\Pipeline->then(Object(Closure))
#61 C:\xampp\htdocs\bookstack\vendor\laravel\framework\src\Illuminate\Foundation\Http\Kernel.php(134): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(BookStack\Http\Request))
#62 C:\xampp\htdocs\bookstack\public\index.php(52): Illuminate\Foundation\Http\Kernel->handle(Object(BookStack\Http\Request))
#63 {main}

PHP Version

8.2.4

Hosting Environment

Windows 10 , xampp server, Theme Configured: custom
@ssddanbrown
Copy link
Member

Hi @TomBachelot, typically either BookStack is failing to reach the LDAP system, or the TLS is failing when attempted to be upgraded by the host system.

Does the result change when you change LDAP_START_TLS to true?
Otherwise, are you confident the LDAP system in contactable on the configured address?

@TomBachelot
Copy link
Author

@ssddanbrown, Yes the result does change when I change LDAP_START_TLS to true but I still get an error unfortunately:
image

Otherwise, yes I'm sure that the LDAP system can be reached on the configured address.

I can provide you the Stack Trace if you want ?

@ssddanbrown
Copy link
Member

I don't think the BookStack stack trace will provide any extra context in this case.

Have you done anything to check the connection from this specific host system?
Since you're on a Windows server, you may be able to do something like this via PowerShell:

Test-NetConnection -ComputerName srv-dc01-2019.gesconseils.local -Port 389

@TomBachelot
Copy link
Author

TomBachelot commented May 16, 2023
edited
Loading

@ssddanbrown, thanks for helping me because im very in need !

I tried the PowerShell command you gave me and it seems to be ok :
image

but I made a typing error in the server address. Now it's working a bit more, here is what I got:
image

I tried the ldap auth method without using the LDPA_START_TLS and i've got no errors but without knowing why it says "this informations does not match any account"
image

And when I try with the LDAP_START_TLS=true , i have an issue :
image

@ssddanbrown
Copy link
Member

Okay, leave LDAP_START_TLS as false unless you specifically need tls since it looks like your server does not actively support it using the current connection details.

I tried the ldap auth method without using the LDPA_START_TLS and i've got no errors but without knowing why it says "this informations does not match any account"

This usually indicates that the password is incorrect or, more likely, no matching user is coming back in the LDAP search BookStack is performing.

Are you sure your LDAP_USER_FILTER value is correct? For AD systems I usually expect to see something along the lines of LDAP_USER_FILTER=(&(sAMAccountName=${user})) instead.

The only other immediately suspicious element of your config is the LDAP_BASE_DN, it looks quite specific. Remember that all searches will be performed with this DN as a base. Your LDAP_DN is also outside of this base which could maybe cause issues (but I'm not so sure about this, might depend on the LDAP system). Start with the LDAP_USER_FILTER before attempting to alter anything here.

@ssddanbrown
Copy link
Member

Since there's been no further follow up I'll close this off.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐕 Support
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ssddanbrown @TomBachelot