Unable to connect, LDAP connection is *not* encrypted

  • We are unable to wire up Next ADI, and are receiving the following in our logs:

    [INFO ] *** Establishing Active Directory connection ***
    [INFO ] A user tries to log in.
    [DEBUG] Local WordPress user ‘cwolff’ could not be found
    [DEBUG] Credentials={login=’cwolff’,sAMAccountName=’cwolff’,userPrincipalName=’cwolff’,netbios=”}’ with authenticatable suffixes: ‘@JISORG’.
    [INFO ] Checking domain controller ports:
    [INFO ] Checking address ‘10.107.12.20’ and port 636 – OK
    [INFO ] LDAP connection is encrypted with “starttls”

    It says we are connected above, but then the connection fails below?:

    [WARN ] Username for the sync user does not contain a correct suffix. If the connection to the ad fails, this could be the cause. Please make sure you have added all UPN suffixes to the configuration tab User -> Account suffix.
    [WARN ] Do not send a notification email and/or do not block the user because the user login is only simulated.
    [DEBUG] Trying to authenticate user with username ‘cwolff’ and account suffix ‘@JISORG’
    [ERROR] Authentication for user ‘cwolff’ failed because: Can’t contact LDAP server
    [WARN ] Can not block or unblock the user because the user login is only simulated.
    [WARN ] Do not send a notification email and/or do not block the user because the user login is only simulated.
    [ERROR] User ‘cwolff’ can not be authenticated.
    [WARN ] Login for Credentials={login=’cwolff’,sAMAccountName=’cwolff’,userPrincipalName=’cwolff’,netbios=”} failed: none of the suffixes succeeded

    • This topic was modified 7 years, 11 months ago by cwolff.
Viewing 5 replies - 1 through 5 (of 5 total)

  • We are in the process of switching from ADI to NextADI and are having the same type of problem. I noticed that you are trying to use STARTTLS on Port 636. In the configuration area for this, it states that you need to use Port 389 for STARTTLS.

    Not sure, but I think the focus should be on the cause of the error, “[ERROR] Authentication for user ‘cwolff’ failed because: Can’t contact LDAP server” I’m going to read more on STARTTLS and how that affects communication with the LDAP server (if it does).

    Thread Starter cwolff

    (@cwolff)

    bgibson135, thank you…

    Still troubleshooting, but it appears that this issue is related to the LDAP server configuration rather than NextADI, Php, or WordPress…

    Chris

    Plugin Author schakko

    (@schakko)

    Hey there. NADI uses the same underlying library as ADI. It could be that your LDAP module does not support SSL/TLS, the CA certificate is not valid etc.

    Please take a look into your Apache’s error.log and the Windows authentication log to identify any other issues.

    I have got the same issue, did you succeed in login with Next ADI?

    It works with the old plugin not the new one.

    Many thanks for your answer.

    I finally found out.

    Previously, my Base DN was DC=foo.bar,DC=fr , I changed it into DC=foo,DC=bar,DC=fr and then It works !

    Hope it helps.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Unable to connect, LDAP connection is *not* encrypted’ is closed to new replies.