LDAP: User does not exist. in /var/www/ssh-key-authority/model/user.php

Question

LDAP: User does not exist. in /var/www/ssh-key-authority/model/user.php

Closed this issue 2 years ago · 1 comments

myscript-developer commented 2 years ago

Hi,

i freshly installed ska solution.
Connection to url is ok but i got

Oops! Something went wrong! Sorry, but it looks like something needs fixing on the system. The problem has been automatically reported to the administrators, but if you wish, you can also [provide additional information](mailto:it-systems@myscript.com?subject=SSH%20Key%20Authority%20error%20number%201656666630) about what you were doing that may have triggered the error.

the log indicates
[Fri Jul 01 11:10:30.096739 2022] [php7:notice] [pid 1259] [client 10.101.1.142:56121] 1656666630: UserNotFoundException: User does not exist. in /var/www/ssh-key-authority/model/user.php:379\n1656666630: Stack trace:\n1656666630: #0 /var/www/ssh-key-authority/model/userdirectory.php(100): User->get_details_from_ldap(true)\n1656666630: #1 /var/www/ssh-key-authority/requesthandler.php(24): UserDirectory->get_user_by_uid('superaccount-admin', true)\n1656666630: #2 /var/www/ssh-key-authority/public_html/init.php(18): require('/var/www/ssh-ke...')\n1656666630: #3 {main}, referer: https://ssh-mgmt.corp.domain.com/

here's my ldap configuration
`[ldap]
; Address to connect to LDAP server
host = ldap://dc.domain.com
; Use StartTLS for connection security (recommended if using ldap:// instead
; of ldaps:// above)
starttls = 0
; LDAP subtree containing USER entries
dn_user = "ou=services account,dc=domain,dc=com"
;LDAP subtree containing GROUP entries
dn_group = "ou=groups,dc=domain,dc=com"
; (Optional) filter for matching user objects
user_filter = "(objectClass=inetOrgPerson)"
;user_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

; (Optional) filter for matching group objects

; Set to 1 if the LDAP library should process referrals. In most cases this
; is not needed, and for AD servers it can cause errors when querying the
; whole tree.
follow_referrals = 0

; Leave bind_dn empty if binding is not required
bind_dn = ad_viewer@domain.com
bind_password = "!?superpassword?!"

; User attributes
user_id = sAMAccountName
user_name = cn
user_email = mail
;user_superior = superioremployee`

i certify the user exist because if i change the
bind_password = "!?superpasswordblabla?!"
the error is
ErrorException: ldap_bind(): Unable to bind to server: Invalid credentials in /var/www/ssh-key-authority/ldap.php

so what's wrong in the configuration ?
i really don't know :/

can someone help pls?

Answer 1 · 2022-07-05T07:36:41.000Z

solved issue, jsut have to add my mail in the mail field of my ad account properties.
solved.