ActiveCollab Modules/Customization
View Cart
Close slide

LDAP Module FAQ 3 - Error message explained

If you have trouble setting up this module, or do not know what to put into the field mapping, follow the troubleshooting section in the included document to modify AuthController.class.php, in order to turn on detailed error messages.

Here are the explanations of all possible error messages:

Can not connect to LDAP server
Background: This happens when you specified a wrong LDAP server address or port.
What to do: Check your LDAP server address and port. If you are connecting to a secured LDAP server, make sure you use ldaps:// as prefix. Also make sure your PHP has OpenSSL extension enabled (most do).

Can not bind with superuser/anonymously
Background: This happens when the module cannot bind to the LDAP server with provided admin username/password, or anonymously if you leave those two settings blank. This module needs to bind to LDAP server first in order to do a search for the user who is logging in.
What to do: Check the admin username/password entered in the module admin page to solve this error. The username is usually in DN format.

Admin username and password seems valid. However the following search failed: ...
Background: After the module successfully bind with the admin account, it will perform a search of which the search string is constructed from the username you entered on the login screen, login field mapping and additional search filter.
What to do: You will notice inside of "..." there is a part looks like xxx=yyy. xxx is the login field mapping and yyy is the username you entered on the login screen. Check if you entered the wrong login name on the login screen. For example if you put samaccountname in the login field and you used your full email address in the activeCollab login screen, the search obviously will fail. Or the other way around if you put mail in the login field and you used your windows login name, that will also cause this.

Can not retrieve value from bind field
Background:The previous search returned an entity, but cannot get the attribute value for next bind step. The module will bind to LDAP for a second time to validate your password. Different LDAP server requires different LDAP attribute to bind to. That is why this module provided the option to specify a bind field mapping.
What to do:Check the bind field mapping.

Invalid username or password. Please try again. xxx:yyy
Background:The module cannot bind to LDAP using the bind attribute and the password you entered on the login screen.
What to do:Assuming you entered the correct password, then the problem is really down to your LDAP server does not accept your bind attribute value. You will see the "xxx" being your bind field mapping and "yyy" being the value associated with the bind field. If you put in "mail" as the bind field mapping and you get this message "mail:abc@domain.com", that means your LDAP server cannot be bind with email.
"dn" is usually the safest choice here because most LDAP server will accept DN when binding.

UUID retrieved from LDAP is empty. Please check UUID field mapping!
Background:This module requires a unique ID value for each user in order to identify users in activeCollab. You can use whatever attribute here as long as the value of it does not change ever.
What to do:Check the UUID field mapping in the admin page, it should be a valid LDAP attribute containing a unique ID.

Email retrieved from LDAP is empty. Please check email field mapping!
Background:This module requires an unique, non-empty email for every user (mainly because activeCollab requires so). If a user in your LDAP has a blank email attribute, this user cannot login to activeCollab via LDAP.
What to do:Check the email field mapping and the user's email LDAP attribute.

Cannot find DN for user
Background:This happens during group mapping process. It uses DN to do matching for RN style group mapping.
What to do:Your LDAP is very unusual that it does not have the DN attribute. Contact me for a possible workaround.

No defined group mapping for user
Background:This happens during group mapping process. If you are sure your set up is correct and you are using a memberof style group mapping, it may be due to your LDAP did not return a "memberof" array attribute.
What to do:Your LDAP is very unusual that it does not have the memberof attribute. Contact me for a possible workaround.