I am trying to configure simplesamlphp with LDAP Auth. I get this error:
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
2 public/_include.php:28 (SimpleSAML_exception_handler)
1 vendor/symfony/error-handler/ErrorHandler.php:541 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
0 [builtin] (N/A)
Caused by: SimpleSAML\Assert\AssertionFailedException: The value "192.168.1.2" does not match the expected pattern.
Backtrace:
13 vendor/simplesamlphp/assert/src/Assert.php:364 (SimpleSAML\Assert\Assert::__callStatic)
12 modules/ldap/src/Connector/Ldap.php:58 (SimpleSAML\Module\ldap\Connector\Ldap::__construct)
11 modules/ldap/src/ConnectorFactory.php:49 (SimpleSAML\Module\ldap\ConnectorFactory::fromAuthSource)
10 modules/ldap/src/Auth/Source/Ldap.php:66 (SimpleSAML\Module\ldap\Auth\Source\Ldap::__construct)
9 src/SimpleSAML/Auth/Source.php:326 (SimpleSAML\Auth\Source::parseAuthSource)
8 src/SimpleSAML/Auth/Source.php:368 (SimpleSAML\Auth\Source::getById)
7 src/SimpleSAML/Auth/Simple.php:72 (SimpleSAML\Auth\Simple::getAuthSource)
6 src/SimpleSAML/Auth/Simple.php:159 (SimpleSAML\Auth\Simple::login)
5 modules/admin/src/Controller/Test.php:142 (SimpleSAML\Module\admin\Controller\Test::main)
4 vendor/symfony/http-kernel/HttpKernel.php:163 (Symfony\Component\HttpKernel\HttpKernel::handleRaw)
3 vendor/symfony/http-kernel/HttpKernel.php:75 (Symfony\Component\HttpKernel\HttpKernel::handle)
2 vendor/symfony/http-kernel/Kernel.php:202 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:228 (SimpleSAML\Module::process)
0 public/module.php:14 (N/A)
Install on: Debian 12 , nginx/1.22.1 and PHP 8.2 with LDAP extension, SimpleSAMLphp 2.0.4 and i also tried it on Debian 11, nginx/1.18.0 and PHP 7.4 with LDAP extension, SimpleSAMLphp 2.0.4 Same Error
I installed the LDAP Module with: "php composer.phar require simplesamlphp/simplesamlphp-module-ldap"
The module is enabled in config.php:
'module.enable' => [
'exampleauth' => false,
'core' => true,
'admin' => true,
'ldap' => true,
'saml' => true
],
config/authsources.php
// Example of a LDAP authentication source.
'Test' => [
'ldap:Ldap',
// The connection string for the LDAP-server.
// You can add multiple by separating them with a space.
'connection_string' => '192.168.1.2',
// Whether SSL/TLS should be used when contacting the LDAP server.
// Possible values are 'ssl', 'tls' or 'none'
'encryption' => 'ssl',
// The LDAP version to use when interfacing the LDAP-server.
// Defaults to 3
'version' => 3,
// Set to TRUE to enable LDAP debug level. Passed to the LDAP connector class.
//
// Default: FALSE
// Required: No
'ldap.debug' => true,
'ldap.port' => 389,
// The LDAP-options to pass when setting up a connection
// See [Symfony documentation][1]
'options' => [
// Set whether to follow referrals.
// AD Controllers may require 0x00 to function.
// Possible values are 0x00 (NEVER), 0x01 (SEARCHING),
// 0x02 (FINDING) or 0x03 (ALWAYS).
'referrals' => 0x00,
'network_timeout' => 3,
],
// The connector to use.
// Defaults to '\SimpleSAML\Module\ldap\Connector\Ldap', but can be set
// to '\SimpleSAML\Module\ldap\Connector\ActiveDirectory' when
// authenticating against Microsoft Active Directory. This will
// provide you with more specific error messages.
'connector' => '\SimpleSAML\Module\ldap\Connector\Ldap',
// Which attributes should be retrieved from the LDAP server.
// This can be an array of attribute names, or NULL, in which case
// all attributes are fetched.
'attributes' => null,
// Which attributes should be base64 encoded after retrieval from
// the LDAP server.
'attributes.binary' => [
'jpegPhoto',
'objectGUID',
'objectSid',
'mS-DS-ConsistencyGuid'
],
// The pattern which should be used to create the user's DN given
// the username. %username% in this pattern will be replaced with
// the user's username.
//
// This option is not used if the search.enable option is set to TRUE.
'dnpattern' => 'cn=%username%,ou=Klxx,ou=xxxx,ou=Benutzer,ou=xxx,ou=Sxx,o=mxx',
// As an alternative to specifying a pattern for the users DN, it is
// possible to search for the username in a set of attributes. This is
// enabled by this option.
'search.enable' => true,
// An array on DNs which will be used as a base for the search. In
// case of multiple strings, they will be searched in the order given.
'search.base' => [
'ou=xxx,ou=xxxx,ou=Bxxxxx,ou=xxxxxx,ou=xxxxxx,o=xxxxxxx',
],
// The scope of the search. Valid values are 'sub' and 'one' and
// 'base', first one being the default if no value is set.
'search.scope' => 'sub',
// The attribute(s) the username should match against.
//
// This is an array with one or more attribute names. Any of the
// attributes in the array may match the value the username.
'search.attributes' => ['uid', 'mail','cn','sn'],
// Additional filters that must match for the entire LDAP search to
// be true.
//
// This should be a single string conforming to [RFC 1960][2]
// and [RFC 2544][3]. The string is appended to the search attributes
//'search.filter' => '(&(objectClass=Person)(|(sn=Doe)(cn=John *)))',
'search.filter' => '(objectclass=*)',
// The username & password where SimpleSAMLphp should bind to before
// searching. If this is left NULL, no bind will be performed before
// searching.
'search.username' => 'cn=xxxxxxxx,ou=sxxxxxx,ou=xxxxxxxx,o=mxxxxxx',
'search.password' => 'xxxxxxxxxxxxxxxxxxxx',
],
The code (Assert::regex($connection_string, '#^ldap[s]?:\/\/#');
) looks like it wants a leading ldap://
or ldaps://
. If that fixes it for you, would you please make a PR to fix the documentation or file a github issue and ask whether the pattern check should be removed or if the documentation should be updated.