Hi,
I am using self hosted installations. I have Version 2.62.0+170124 which was then upgraded via comfort update to Version 3.28.77+231213 which was then subsequently upgraded to Version 6.10.0+250106I have then installed a clean 6.10.0+250106 as well in order to avoid any bugs or database schema miscarried from version upgrades (if any) and also a 6.13.0 all of them running on Rocky Linux 9.I have tried using AuthLDAP with all these version with settings known to work with other platforms like moodle and even a custom PHP LDAP script I wrote running on the same server as limesurvey just to confirm that the settings actually work properly with AD through ldap.
I failed miserably in ALL my tries no matter what combinations I tried and going through all info I could find online. The custom test script worked fine by the way as ldapsearch on Linux.I am not really getting a proper error except from a wrong username and/or password when ever trying to login via LDAP (even when the user with the exact same username from AD it was locally created in Limesurvey).
The settings I have used are:
Code:
LDAP server: ldap://IP_of_AD_server (I have tried ldaps:// as well)
Port number: 389 (tried 636 with ldaps://)
LDAP version LDAPv3Select true if referrals must be followed (use false for ActiveDirectory): Off
Enable Start-TLS: Off
Select how to perform authentication: Search and bind
Attribute to compare to the given login cab uid, cn, mail, … : sAMAccountNameBase
DN for the user search operation. Multiple bases may be separated by a semicolon (: ou=name of,dc=domain,dc=ac,dc=cy (of course using correct OU name and Domain)
Optional extra LDAP filter to be ANDed to the basic (searchuserattribute=username) filter: (&objectClass=user)(sAMAccountName={username}))
Optional DN of the LDAP account used to search for the end-user's DN. An anonymous bind is performed if empty: CN=properuseraccount,OU=User Account,DC=domain,DC=ac,DC=cy (using a proper account and domain)
LDAP attribute of email address: mail
LDAP attribute of full name: displayName (I have used cn as well)
Check to make default authentication method: unticked (I have tried both tick and unticked)
Automatically create user if it exists in LDAP server: unticked (I have tried both tick and unticked)
Grant survey creation permission to automatically created users: unticked
Optional base DN for group restriction: empty
Optional filter for group restriction: empty
Allow initial user to login via LDAP: unticked (I have tried both tick and unticked)
Regarding logs, I have tried to enable full debug mode but I do not see anything related to LDAP in it.
It’s like the call is not even made on the login screen.I have no idea though which other log would have to be enabled to log any more information on why it fails to authenticate.
I appreciate any information anyone has on the matter. At this point I am wondering if AuthLDAP does indeed work at all.
Thanks,
Topic Author
