I am describing here a problem that occurs in the kimai application that uses the laminas\ldap:
After a long search, I discovered that users who had registered an ActiveSync device (mobile) to their MS Exchange mailbox were unable to log in to Kimai. I was then able to verify that users received the message "Incorrect access data" after they had registered their mobile to the Exchange server.
The ActiveSync device appears in LDAP below the corresponding user object as a sub-object (leaf), which is filled with attributes of the device.
The Authenticated Users - and so also the Bind User has read rights to the object.
Adding explicit read rights to the user and his child objects for the Bind user did not help.
The security log on the domain controller shows ever: "Account has been successfully logged on".
Message in the kimai dev.log:
security.INFO: Authenticator failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Fetching user data/roles failed, probably DN is expired. at /var/www/html/kimai/src/Ldap/LdapCredentialsSubscriber.php:76)", "authenticator": "App\Ldap\LdapAuthenticator"}
As I said, users without child object work!
Please, can anyone help. Does anyone have a tip?
in kimai - issues: tobybatch/kimai2#558
I am describing here a problem that occurs in the kimai application that uses the laminas\ldap:
After a long search, I discovered that users who had registered an ActiveSync device (mobile) to their MS Exchange mailbox were unable to log in to Kimai. I was then able to verify that users received the message "Incorrect access data" after they had registered their mobile to the Exchange server.
The ActiveSync device appears in LDAP below the corresponding user object as a sub-object (leaf), which is filled with attributes of the device.
The Authenticated Users - and so also the Bind User has read rights to the object.
Adding explicit read rights to the user and his child objects for the Bind user did not help.
The security log on the domain controller shows ever: "Account has been successfully logged on".
Message in the kimai dev.log:
security.INFO: Authenticator failed. {"exception":"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): Fetching user data/roles failed, probably DN is expired. at /var/www/html/kimai/src/Ldap/LdapCredentialsSubscriber.php:76)", "authenticator": "App\Ldap\LdapAuthenticator"}
As I said, users without child object work!
Please, can anyone help. Does anyone have a tip?
in kimai - issues: tobybatch/kimai2#558