need help to retrieve groups from ldap

[matbr]

Hi Andreas,

highly appreciate your work on this plugin.

I'm not sure if this is my fault or if still something is wrong with groups.

version Version 2.5.8
PHP 8.2
WP 6.3.1

I'm not able to retrieve groups from ldap (never tried before):

[04-Sep-2023 11:01:03 UTC] [AuthLDAP] User 'test.xxx' logging in
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] about to do LDAP authentication
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] connect to LDAP server
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] LDAP authentication successful
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] Existing user, uid = 5
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] Array
(
    [administrator] => XXXX
    [editor] => YYYY
    [author] => ZZZZ
    [contributor] =>
)
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] Array
(
    [administrator] => XXXX
    [editor] => YYYY
    [author] => ZZZZ
    [contributor] =>
)
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] Group Filter: "(uniqueMember=CN=test.xxx,CN=xxx,CN=users,OU=zzzz,DC=xxx,DC=de)"
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] Group Base: dc=xxx,dc=de
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] LDAP groups: []
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] Roles from LDAP group: []
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] no role yet, set default role
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] The LDAP user has an entry in the WP-Database
[04-Sep-2023 11:01:03 UTC] [AuthLDAP] user id = 5
[04-Sep-2023 11:04:38 UTC] [AuthLDAP] User '' logging in
[04-Sep-2023 11:04:38 UTC] [AuthLDAP] Username not supplied: return false
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] User 'test.xxx' logging in
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] about to do LDAP authentication
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] connect to LDAP server
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] LDAP authentication successful
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] Existing user, uid = 5
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] Existing user's role: subscriber
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] The LDAP user has an entry in the WP-Database
[04-Sep-2023 11:04:45 UTC] [AuthLDAP] user id = 5

As I'm not an LDAP expert I also tried different other filter:

[04-Sep-2023 10:29:56 UTC] [AuthLDAP] Group Filter: " (&(objectClass=posixGroup)(memberUid=%s))"
[04-Sep-2023 10:32:24 UTC] [AuthLDAP] Group Filter: "(&(objectClass=posixGroup)(memberUid=%s))"
[04-Sep-2023 10:38:38 UTC] [AuthLDAP] Group Filter: "memberUid=%s"
[04-Sep-2023 10:45:29 UTC] [AuthLDAP] Group Filter: "(&(|(objectclass=univentionGroup))(|(memberUid=%s)))"
[04-Sep-2023 10:49:07 UTC] [AuthLDAP] Group Filter: "(&(objectclass=univentionGroup)(memberUid=%s))"

This is one of the groups, the plugin should find...

[heiglandreas]

Would you be able to provide some more info regarding the plugin configuration?

Sanitized screenshots should be enough. And also a screenshot of the LDAP entry firnthe user.

I suspect that the issue is somewhere in the config and we are passing the wrong data to the wrong place 😁

[matbr]

surr - hope that helps...

regarding the user as far as I can see no group information is stored at the user

[heiglandreas]

I might have found the issue.

The group has a memberUid Attribute that stores the uid of the different group members.

That makes me think that the user has an attribute uid that holds the respective value that identifies the user.

So when the group contains a memberUid of "test-xxx", then the user has a uid of "test-xxx".

But in the config you have set the User-ID attribute to cn...

That should probably be uid.

As the value of that field will be used in the group query.

Though on the other hand, the group query already seems to have contained the right values....

Hm...

I need to give that a more detailed check tomorrow afternoon...

[heiglandreas]

One other thing: What is the dn of the user and the group and what does the base-path (the path-component) of the LDAP URI look like?

If the groups dn is not a subpath of the base-path of the LDAP-URI then the search can't find the group as it is starti g in the wrong "folder". That is where the base path for the group needs to be set.