v3-dev4 - LDAP/AD testers needed (again)!

[snipe]

I’ve just made a big tweak to LDAP authentication. If you’re using LDAP auth (and are already on v3) and have a test database, please kick the tires on v3. Check that:

• you can login as a non-LDAP local database user
• you can login as an LDAP user that exists in the database
• you can login as an LDAP user that does not exist in the database, and that new LDAP user is created on the fly
• If you enter a username OR password that is incorrect for a local user OR LDAP user, it does not log you in
• you get a UI-friendly error if the username is incorrect
• you get a UI-friendly error if the password is incorrect
• if you disable LDAP support in the settings, it does not try to authenticate against LDAP
• you can use the "Test LDAP Connection" button in Admin > Settings and it returns a correct answer
• LDAP Sync should sync propely, and update if the user already exists.
• If your LDAP settings are WRONG, it should redirect you with a helpful error message.

This should eliminate those pesky "MAC is invalid" errors when you've gone and donked up your app key, and overall should provide a lot more information about what's wrong, AND should fail more gracefully when it is wrong.

If you can tail your app logs while reporting your findings, that will help a lot, as I've got lots of debugging messages in the logs to help us work through this.

[veen1981]

I have a VM setup with the same database and configurations as my production server.
Running CentOS 7
PHP 7.0.8
v3.0.0-dev-3 last updated about 10 days ago

LDAP sync is working, local users and LDAP users are able to login without issue.

I disabled LDAP before pulling down from V3
Pulled down from the V3 branch (not V3-master)
Ran the following:
php composer.phar update
php composer.phar install --no-dev --prefer-source
php composer.phar dump-autoload
php artisan migrate
systemctl restart httpd.service

Logged in with local user and went to settings to enable LDAP and re-enter bind password.
Checked the AD checkbox and entered bind password. Settings screen displays green bar displaying "Success: Settings updated successfully"

When I go to the People tab and click on the LDAP tab in the top right, I am getting this:

I am using the same LDAP settings, same bind password etc. Attempting to log in with an LDAP user will produce an Invalid username or password message. The log isn't really telling me too much, but I've provided it below for you. User veen1981 is my local user created from setup. User jefferyvanderveen is an imported LDAP user.\

[2016-07-14 07:38:51] production.DEBUG: Authenticating user against database.
[2016-07-14 07:44:31] production.DEBUG: LDAP is enabled.
[2016-07-14 07:44:31] production.DEBUG: Local auth lookup complete
[2016-07-14 07:44:31] production.DEBUG: Binding user to LDAP.
[2016-07-14 07:44:31] production.DEBUG: Local user veen1981 exists in database. Authenticating existing user against LDAP.
[2016-07-14 07:44:31] production.DEBUG: User veen1981 did not authenticate correctly against LDAP. Local user was not updated.
[2016-07-14 07:44:31] production.DEBUG: Authenticating user against database.
[2016-07-14 07:47:57] production.DEBUG: LDAP is enabled.
[2016-07-14 07:47:57] production.DEBUG: Local auth lookup complete
[2016-07-14 07:47:57] production.DEBUG: Binding user to LDAP.
[2016-07-14 07:47:57] production.DEBUG: Local user jefferyvanderveen exists in database. Authenticating existing user against LDAP.
[2016-07-14 07:47:57] production.DEBUG: User jefferyvanderveen did not authenticate correctly against LDAP. Local user was not updated.
[2016-07-14 07:47:57] production.DEBUG: Authenticating user against database.
[2016-07-14 07:47:57] production.DEBUG: Local authentication failed.

[veen1981]

Ok, so I applied the last update from the V3 branch to my test VM. I see the new field for entering the Active Directory domain and tried both grcc.edu and ad.grcc.edu. I will private message you my LDAP settings in gitter in case you see anything that looks off, but these are the exact same settings I am using on the V3-dev-3 install we are using in production which is still working.

[veen1981]

Tested with VM successfully and in production. I'm not 100% on how our Active Directory was setup, but for me, I am binding to LDAP without having the AD checkbox marked. Either way things appear to be working again!

[snipe]

Sounds like you didn't run migrations on the original one - there was a new field added.

[veen1981]

Yeah, I realized that after looking through the logs, but wasn't getting much in the logs on the first try. Whatever you committed 3 days ago seems to have fixed that! We're running V3 in production now. I'm presenting to our managers Thursday for department wide implementation! Thanks for all your hard work on this!