InstallationReleasesUser's ManualAPI Reference
Guides
⭐️ Hosted🛟 Pro Support
Start typing to search…

LDAP Troubleshooter

Snipe-IT ships with a command-line LDAP troubleshooter that can help you get to the bottom of the most common LDAP configuration issues.


# Run the LDAP Troubleshooter
php artisan ldap:troubleshoot

Example output of this tool might look something like this:


# Run the LDAP Troubleshooter
php artisan ldap:troubleshoot
# WARNING: This command will make several attempts to connect to your LDAP server. Are you sure this is ok? (yes/no) [no]:
> yes
# STAGE 1: Checking settings
# Determined LDAP hostname to be: xxx.xx.xx.xx
# xxx.xx.xx.xx already looks like an address; skipping DNS lookup
# STAGE 2: Checking basic network connectivity
# Attempting to connect to port: 636 - may take up to 30 seconds
# Success!
# Attempting to connect to port: 389 - may take up to 30 seconds
# Success!
# STAGE 3: Determine encryption algorithm, if any
# Trying TLS first for port 636
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we *ARE* checking certs
# gonna try to bind now, this can take a while if we mess it up
# WARNING: Exception caught during bind - ldap_bind(): Unable to bind to server: Can't contact LDAP server
# WARNING: Failed to bind to ldaps://xxx.xx.xx.xx:636 - trying without certificate checks.
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we are IGNORING certs
# gonna try to bind now, this can take a while if we mess it up
# Bind results are: 1 which translate into boolean: 1
# Anonymous bind successful to ldaps://xxx.xx.xx.xx:636 with certificate-checks disabled
# Trying TLS first for port 389
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we *ARE* checking certs
# gonna try to bind now, this can take a while if we mess it up
# WARNING: Exception caught during bind - ldap_bind(): Unable to bind to server: Can't contact LDAP server
# WARNING: Failed to bind to ldaps://xxx.xx.xx.xx:389 - trying without certificate checks.
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we are IGNORING certs
# gonna try to bind now, this can take a while if we mess it up
# WARNING: Exception caught during bind - ldap_bind(): Unable to bind to server: Can't contact LDAP server
# WARNING: Failed to bind to ldaps://xxx.xx.xx.xx:389 with certificate checks disabled. Trying unencrypted with STARTTLS
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we *ARE* checking certs
# WARNING: Exception caught during bind - ldap_start_tls(): Unable to start TLS: Connect error
# WARNING: Failed to bind to ldap://xxx.xx.xx.xx:389 with STARTTLS enabled. Trying without certificate checks.
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we are IGNORING certs
# gonna try to bind now, this can take a while if we mess it up
# Bind results are: 1 which translate into boolean: 1
# Plain connection to ldap://xxx.xx.xx.xx:389 with STARTTLS and cert checks *disabled* successful!
# +--------------------------+--------------+------------------+
# | URL | Cert Checks? | STARTTLS? |
# +--------------------------+--------------+------------------+
# | ldaps://xxx.xx.xx.xx:636 | DISABLED | n/a (no) |
# | ldap://xxx.xx.xx.xx:389 | DISABLED | STARTTLS ENABLED |
# +--------------------------+--------------+------------------+
# STAGE 4: Test Administrative Bind for LDAP Sync
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we are IGNORING certs
# SUCCESS - Able to bind to ldaps://xxx.xx.xx.xx:636 as [email protected]
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we are IGNORING certs
# SUCCESS - Able to bind to ldap://xxx.xx.xx.xx:389 as [email protected]
# STAGE 5: Test BaseDN
# WARNING: Unable to execute POSIX fork() commands, timeout may not be respected
# we are IGNORING certs
# SUCCESS - Able to bind to ldaps://xxx.xx.xx.xx:636 as [email protected]
# Default Naming Contexts:
# DC=ad,DC=example, CN=Configuration,DC=ad,DC=example, CN=Schema,CN=Configuration,DC=ad,DC=example, DC=DomainDnsZones,DC=ad,DC=example, DC=ForestDnsZones,DC=ad,DC=example
# Printing first 10 results:

Additionally, you can run this command with the --ldap-search flag that will give you an LDAP search command line that you can paste in to check connectivity, experiment with baseDNs, and so on:

# Run the LDAP Troubleshooter with LDAP search
php artisan ldap:troubleshoot --ldap-search
# WARNING: This command will display your LDAP password on your terminal. Are you sure this is ok? (yes/no) [no]:
> yes
# Ignoring server certificate validity
# LDAPTLS_REQCERT=never # ldapsearch # -H ldaps://xxx.xx.xx.xx # -x # -b 'cn=Users,dc=ad,dc=example' # -D '[email protected]' # -w 'MYPASSWORD' # '(&(sAMAccountName=*)(givenName=*))' # -v

Updated about 5 hours ago