LDAP authentication success with wrong password

587 views
Skip to first unread message

Arnaud Marquis

unread,
Sep 3, 2021, 4:12:49 AM9/3/21
to jorani
I just realized I can login to Jorani with an existing LDAP username and a wrong password.

  • Wrong username / password : login fails
  • Valid username / password : login success
  • Valid username / no password : login fails
  • Valid username / invalid password : login success
Here is my LDAP config :

jorani.png
Any idea what could be wrong? I am happy to share any other part of the config if needed. Thanks!

MrUpsidown

unread,
Sep 6, 2021, 8:09:08 AM9/6/21
to jorani
Is there anyone around for support? Or should I open this issue on Github?

Benjamin BALET

unread,
Sep 6, 2021, 8:26:36 AM9/6/21
to jorani
Hi,

This has nothing to do with Jorani. Maybe that your LDAP server is configured for allowing anonymous lookup/read of these attributes, maybe that you made a mistake in your LDAP filter, and so on. Who knows ?

--
You received this message because you are subscribed to the Google Groups "jorani" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jorani+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jorani/dbc8efc1-5c1d-400a-886a-15a5eaaa7040n%40googlegroups.com.

MrUpsidown

unread,
Sep 6, 2021, 10:27:29 AM9/6/21
to jorani
Thanks for the reply. Who knows? Not me. But that will help me look in the right direction...

MrUpsidown

unread,
Sep 6, 2021, 10:50:09 AM9/6/21
to jorani
That said, trying to authenticate to the LDAP server with other tools such as NetTools (https://nettools.net/basics/) then the authentication works as expected (no possible login with a wrong password).

MrUpsidown

unread,
Sep 8, 2021, 9:19:59 AM9/8/21
to jorani
And no issue either with another PHP script running on the same server, pointing to the same LDAP server, using the same user and the same base DN.

y.ler...@direct-it.fr

unread,
Sep 8, 2021, 9:25:01 AM9/8/21
to jorani
Hello

I've got the same issue and i opened a discussion many times ago. The probleme occurs only wiith Active Directory. Today, I don't have the solution. We just deactivate LDAP and use the builtin authentification.

Best regards.

MrUpsidown

unread,
Sep 8, 2021, 10:56:40 AM9/8/21
to jorani
Thanks for letting me know. We are also using Active Directory / Windows server.

MrUpsidown

unread,
Sep 8, 2021, 11:08:12 AM9/8/21
to jorani
Yes, I found your thread here: https://groups.google.com/g/jorani/c/vy68VVNBMgU/m/MGiyAzH-AgAJ

Luc Lalonde

unread,
Oct 20, 2021, 5:41:38 PM10/20/21
to jorani
From what I've read, and from personnal experience, the only way to get an Active Directory LDAP server working with Jorani is with this directive:

$config['ldap_basedn_db'] = TRUE;
$config['ldap_search_enabled'] = FALSE;

I'm wondering if anyone has it working correctly with search enabled.    I've got a working search with another type of LDAP (389-Dirsrv).
Reply all
Reply to author
Forward
0 new messages