LdapRecord-Laravel: LdapRecord\Query\Model\Builder::find(): Argument #1 ($dn) must be of type array|string, null given

Environment:

LDAP Server Type: ActiveDirectory
LdapRecord-Laravel Major Version: V3
PHP Version: 8.1.2
Laravel

composer.json

    "require": {
        "php": "^8.1",
        "appstract/laravel-opcache": "^4.0",
        "directorytree/ldaprecord-laravel": "^3.0",
        "guzzlehttp/guzzle": "^7.2",
        "laravel/framework": "^10.10",
        "laravel/sanctum": "^3.2",
        "laravel/tinker": "^2.8",
        "motomedialab/laravel-vite-helper": "^1.4",
        "spatie/laravel-permission": "^5.10"
    },
    "require-dev": {
        "barryvdh/laravel-debugbar": "^3.8",
        "barryvdh/laravel-ide-helper": "^2.13",
        "fakerphp/faker": "^1.9.1",
        "laravel/breeze": "^1.21",
        "laravel/pint": "^1.0",
        "laravel/sail": "^1.18",
        "mockery/mockery": "^1.4.4",
        "nunomaduro/collision": "^7.0",
        "phpunit/phpunit": "^10.1",
        "spatie/laravel-ignition": "^2.0"
    },

I get the error above when I try php artisan ldap:browse and then choose inspect. The php artisan ldap:test command returns OK results.

This works:

use LdapRecord\Container;

$connection = Container::getConnection('default');
$connection->auth()->attempt('username@company.com', 'password');

but this doesn’t:


use Illuminate\Support\Facades\Auth;

$credentials = [
    'userprincipalname' => 'username@company.com',
    'password' => 'password',
];

Auth::attempt($credentials)

I have a feeling that I might not have the package installed properly but not sure how to test it. I tried it on a fresh Laravel installation but still the same. I am going to try it on a different laptop next, maybe on a Linux machine.

Do you have any suggestion on what I can try?

About this issue

Original URL
State: closed
Created 9 months ago
Comments: 25 (11 by maintainers)

Commits related to this issue

Properly retrieve base DN from query #578 — committed to DirectoryTree/LdapRecord-Laravel by stevebauman 9 months ago

Most upvoted comments

Ahh okay, no worries @anchan42! I’m really glad you were able to get to the bottom of it.

Thanks for hanging in there with me while we debugged this 🙏

stevebauman on Oct 9, 2023

@anchan42 Apologies for the delayed reply!

So I tried putting my username and password in the .env file and the Auth::attempt worked !! I tested that with my co-worker’s credential and it worked too.

This is suspiciously sounding like there may be a permission issue reading some attributes (specifically objectclass) on your ActiveDirectory server when you’re bound to the server with an anonymous bind (null username and password)…

The objectclass attribute is explicitly requested on all LdapRecord searches performed on models, as it is necessary to determine what the object type is.

Can you try with your raw LDAP snippet you’ve posted above and include the objectclass attribute with your selected attributes? I.e.:

$ldapconfig['host'] = 'xx.x.xx.xx';
$ldapconfig['port'] = '389';
$ldapconfig['basedn'] = 'dc=theCompany,dc=com';
$ldapconfig['usersdn'] = 'ou=Users,ou=Wakanda,ou=Company';
$ds = ldap_connect($ldapconfig['host'], $ldapconfig['port']);

ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 10);

    $filter = "(cn=First Last)";
    $justthese = array("ou", "sn", "givenname", "mail", "objectclass"); // <-- objectclass added here
    $dn = $ldapconfig['basedn'];
    $sr = ldap_search($ds, $dn, $filter, $justthese);
    $info = ldap_get_entries($ds, $sr);

    echo $info["count"] . " entries returned\n";
    debug_zval_dump($info);

Typically with LDAP integrations, administrators create specific service accounts with explicit permissions for binding to the LDAP server, though I totally understand not all environments are the same and administrators like to do things in alternate ways sometimes (whatever the case may be).

EDIT: Also, can you try performing a raw query on the LdapRecord connection with an anonymous bind? Ex:

$results = Container::getConnection()->query()->where('cn', '=', 'John Doe')->get();

dd($results);

stevebauman on Oct 6, 2023