v2025, I try to configure as in the photo but I can’t log in because it gives me an error on the filter. I tried to configure both LDAP filter and LDAP query string in every way. The only way to make the phpmkr2025 configuration work is to enter LDAP search dn (danilo.macri) and LDAP search password (my domain password). if I enter LDAP search dn and LDAP search password the authentication works only that in my company domain we don’t have a standard username and password for searching but you can also do the anonymous search as you can see in phpmkr2024 the configuration only happens with the 4 parameters. Can you help me? If you can’t change the default ldap authentication is it possible to write a custom one? Thanks.
When LDAP is activated, the hard-coded user cannot log in.
As the error message said, it tried to search with the default (sAMAccountName={user_identifier}) and failed, if your LDAP server does not use sAMAccountName, you need to set LDAP uid key as what it uses.
If the LDAP filter is empty, the default filter ({uid_key}={user_identifier}) is used. If your LDAP server uses other filter, this settings is required.
my LDAP server uses sAMAccountName and the search in my case is fine the default because it must be done on sAMAccountName. As you can see in version 2024 I do not use other filters, only and exclusively the 4 parameters and everything works perfectly.
The only way to make LDAP authentication 2025 work is this. not having a generic search account for me is a problem because if I change the password no one enters. Is there a way to pass username and password that the operator enters in the login? (the only solution that comes to mind)
v2025 uses Symfony LDAP component which is a much more advanced component than that in older versions (including v2024) which only does simple binding. The new componentt does not only binds user during authentication, but also search and load user info and refreshes user during subsequent requests for better security. If your LDAP server does not allow anonymous searching without search dn and password, you need to enter the LDAP search dn and LDAP search password (e.g. the admin dn and password).
I saw that v 2025 uses Symfony LDAP component but my server accepts anonymous searches, in fact if I use other libraries I have no problem. The problem seems to be that Symfony LDAP component only performs searches with authentication. Can you kindly reproduce the problem using the anonymous search mode? (you will probably notice that the search occurs only if authenticated even if the server accepts anonymous searches). Is there a way to pass the values entered in the login form to LDAP search dn and LDAP search password?
In your first post the error was Could not complete search with dn “dc=domail,dc=local”, query “(sAMAccountName=danilo.macri)”. So it did try to search anonymously but failed, you may want to double check if:
Your server does allow anonymous search, Active Directory may not allow by default, you may google for more info,
The base dn "dc=domail,dc=local" is correct,
The filter "(sAMAccountName=danilo.macri)" is correct. Are you sure it is enough? May be you need a filter like "(|(sAMAccountName={user_identifier})(userPrincipalName={user_identifier}))"?
You may write a simple script and test searching your server with PHP’s ldap_search first. Then post the code that works with your server for discussion.
An internal error has occurred while processing your request.
Debugging
#0 C:\xampp\htdocs\Reports2023\vendor\symfony\security-bundle\DependencyInjection\SecurityExtension.php(625): Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\FormLoginLdapFactory->createAuthenticator(Object(Symfony\Component\DependencyInjection\Compiler\MergeExtensionConfigurationContainerBuilder), 'main', Array, 'security.user.p...')
#1 C:\xampp\htdocs\Reports2023\vendor\symfony\security-bundle\DependencyInjection\SecurityExtension.php(498): Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension->createAuthenticationListeners(Object(Symfony\Component\DependencyInjection\Compiler\MergeExtensionConfigurationContainerBuilder), 'main', Array, Array, 'security.user.p...', Array, 'PHPMaker2025\\Ra...')
...
I tried to create the page with ldap search, it allows anonymous binding but blocks the search (I think then that anonymous search is blocked, I am not the domain administrator and I cannot ask for it)
I try to do the anonymous search with powershell and it allows anonymous search
how can I solve the problem that I do not have a generic user for the search?
Can I pass in search dn and search password the data that the user enters in the login form?.
thank you very much, I am stuck with all the projects if I do not solve this thing. thanks
When you use powershell, DirectoryService probably uses the current AD user credentials. When you login with your PHP scripts, the scripts don’t have the current AD user credentials yet. Symfony LDAP component does not use the login user name and password as the search dn and search password (since they are required not only by the authenticator but also by the user provider which will be used later such as refreshing user). You should enter the search dn and search password in advanced settings. You may enter any one who can search, e.g. your own user name and password.
You cannot use “query_string” without search sn and search password, that’s why the error. As dicussed above, you should set the filter to “dn_string”, not “query_string”.
I’ve tried them all… always the same error… I don’t have a service account and I can’t use mine because if the account is blocked and I’m not there everything stops. Is there a method to use the old ldap authentication of version 2024 or a way to write a custom one. I need it to authenticate with adn and the username to be searched for in the user table in the database (I don’t have to take data or filter it from ldap/adn). thanks for the help
It is a little strange that you don’t have a LDAP server user who can search. (Similarly, you need a database user’s user name and password to connect to a database server before you can check if a user exists and is allowed to login.) You may want to explain in more detail how your site’s security works.
Do you have users (with matching user names) stored in the users table?
Do you use User ID and/or User Level Security?
After LDAP authentication, say the user “danilo.macri” is authenticated by LDAP server, do you find the same user “danilo.macri” from the users table and get his/her user ID and/or level?
yes I have a users table with the user field (danilo.macri), password (empty), idlevel (-1)
2 . yes;
yes I have a user field that contains danilo.macri and the associated idlevel field. I think this procedure is the one used by the old ldap authentication, in fact it worked fine.
