Single user unable to authenticate with LDAP

I don't think your problem is LDAP, I think it's that user's teams.

The second to last line in your log has a query that ends in:

LEFT JOIN teams teams_tn ON (users.default_team = teams_tn.id) AND (teams_tn.deleted = ?) WHERE users.id = ? 

the parameters show  {"1":0,"2":""}

which means it is querying with 

LEFT JOIN teams teams_tn ON (users.default_team = teams_tn.id) AND (teams_tn.deleted = 0) WHERE users.id = "" 

So it cannot find a user with a blank id, which is understandable, but it is not clear to me why is it passing a blank user id.

I would do the following: check that user's record, make sure he has at least one Team, then try repairing the teams: Admin->Repair->Repair Teams

See if that helps.

FrancescaS

Hi! Thanks for the headsup

Apparently the users team was deleted so he was not tied to any teams! So i restored the team in the mysqldb and ran a team repair.

Now the query uses a working id and i've manually verified that the query returns a match. But it seems like login still fails

Been seeing the following error on all users so i'm assuming its not relevant:

[ERROR] Warning: Multiple links found for relationship users_team within module Users
[ERROR] Unable to determine best appropriate link for relationship users_team

Next step would be to delete the user properly after migrating its link to accounts.

New dump:

[DEBUG] LDAP: binding with DN=SVC_crm_read@ad3.company.no
[DEBUG] LDAP: bound successfully
[DEBUG] LDAP: querying with DN=dc=ad3,dc=company,dc=no and query=(sAMAccountName=username)
[DEBUG] LDAP: binding with DN=username@ad3.company.no
[DEBUG] LDAP: bound successfully
[DEBUG] LDAP: querying with DN=CN=CRM-Tilgang,OU=Spesielle rettigheter,OU=Groups,OU=company,DC=ad3,DC=company,DC=no and query=(memberUid=username)
[INFO] Query: SELECT users.id FROM users WHERE (users.user_name = ?) AND (users.deleted = ?) LIMIT 1 OFFSET 0\nParams: {"1":"username","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Users::before_retrieve
[DEBUG] SugarBean[User].load_relationships, Loading link (team_link).
[DEBUG] VardefManager::loadVardef called for module: Teams
[ERROR] Warning: Multiple links found for relationship users_team within module Users
[ERROR] Unable to determine best appropriate link for relationship users_team
[DEBUG] VardefManager::loadVardef called for module: Teams
[DEBUG] Retrieve User
[INFO] Query: SELECT users.id, users.user_name, users.user_hash, users.system_generated_password, users.pwd_last_changed, users.authenticate_id, users.sugar_login, users.picture, users.first_name, users.last_name, users.is_admin, users.external_auth_only, users.receive_notifications, users.description, users.date_entered, users.date_modified, users.last_login, users.modified_user_id, users.created_by, users.title, users.department, users.phone_home, users.phone_mobile, users.phone_work, users.phone_other, users.phone_fax, users.status, users.address_street, users.address_city, users.address_state, users.address_country, users.address_postalcode, users.default_team, users.team_set_id, users.acl_team_set_id, users.deleted, users.portal_only, users.show_on_employees, users.employee_status, users.messenger_id, users.messenger_type, users.reports_to_id, users.is_group, users.preferred_language, users.acl_role_set_id, teams_tn.name tn_name, teams_tn.name_2 tn_name_2 FROM users LEFT JOIN teams teams_tn ON (users.default_team = teams_tn.id) AND (teams_tn.deleted = ?) WHERE users.id = ? LIMIT 1\nParams: {"1":0,"2":"2fa4c2b8-5791-11e9-9db4-005056be5ece"}\nTypes: {"1":5,"2":2}
[INFO] Query: SELECT ea.email_address, ea.email_address_caps, ea.invalid_email, ea.opt_out, ea.date_created, ea.date_modified,\n                ear.id, ear.email_address_id, ear.bean_id, ear.bean_module, ear.primary_address, ear.reply_to_address, ear.deleted\n                FROM email_addresses ea LEFT JOIN email_addr_bean_rel ear ON ea.id = ear.email_address_id\n                WHERE ear.bean_module = ?\n                AND ear.bean_id = ?\n                AND ear.deleted = 0\n                ORDER BY ear.reply_to_address, ear.primary_address DESC\nParams: ["Users","2fa4c2b8-5791-11e9-9db4-005056be5ece"]
[DEBUG] Hook called: Users::before_fetch_query
[INFO] Query: SELECT users.first_name, users.last_name, users.created_by, users.id FROM users WHERE (users.id = ?) AND (users.deleted = ?)\nParams: {"1":"617550ce-3427-11e9-8bb0-00237dd1fde0","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Users::process_record
[DEBUG] Hook called: Users::after_fetch_query
[DEBUG] Hook called: Teams::before_fetch_query
[DEBUG] Including hook file: custom/modules/Teams/Ext/LogicHooks/logichooks.ext.php
[INFO] Query: SELECT teams.created_by, teams.id FROM teams WHERE (teams.id = ?) AND (teams.deleted = ?)\nParams: {"1":"1","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Teams::process_record
[DEBUG] Hook called: Teams::after_fetch_query
[DEBUG] Hook called: Teams::before_fetch_query
[INFO] Query: SELECT teams.name, teams.created_by, teams.id FROM teams WHERE (teams.id = ?) AND (teams.deleted = ?)\nParams: {"1":"1","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Teams::process_record
[DEBUG] Hook called: Teams::after_fetch_query
[INFO] Query: SELECT ea.email_address, ea.email_address_caps, ea.invalid_email, ea.opt_out, ea.date_created, ea.date_modified,\n                ear.id, ear.email_address_id, ear.bean_id, ear.bean_module, ear.primary_address, ear.reply_to_address, ear.deleted\n                FROM email_addresses ea LEFT JOIN email_addr_bean_rel ear ON ea.id = ear.email_address_id\n                WHERE ear.bean_module = ?\n                AND ear.bean_id = ?\n                AND ear.deleted = 0\n                ORDER BY ear.reply_to_address, ear.primary_address DESC\nParams: ["Users","2fa4c2b8-5791-11e9-9db4-005056be5ece"]
[DEBUG] Hook called: Users::after_retrieve
[INFO] Query: SELECT ea.email_address, ea.email_address_caps, ea.invalid_email, ea.opt_out, ea.date_created, ea.date_modified,\n                ear.id, ear.email_address_id, ear.bean_id, ear.bean_module, ear.primary_address, ear.reply_to_address, ear.deleted\n                FROM email_addresses ea LEFT JOIN email_addr_bean_rel ear ON ea.id = ear.email_address_id\n                WHERE ear.bean_module = ?\n                AND ear.bean_id = ?\n                AND ear.deleted = 0\n                ORDER BY ear.reply_to_address, ear.primary_address DESC\nParams: ["Users","2fa4c2b8-5791-11e9-9db4-005056be5ece"]
[INFO] Query: SELECT users.id FROM users WHERE (users.user_name = ?) AND (users.deleted = ?) LIMIT 1 OFFSET 0\nParams: {"1":"username","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Users::before_retrieve
[DEBUG] SugarBean[User].load_relationships, Loading link (team_link).
[ERROR] Warning: Multiple links found for relationship users_team within module Users
[ERROR] Unable to determine best appropriate link for relationship users_team
[DEBUG] Retrieve User
[INFO] Query: SELECT users.id, users.user_name, users.user_hash, users.system_generated_password, users.pwd_last_changed, users.authenticate_id, users.sugar_login, users.picture, users.first_name, users.last_name, users.is_admin, users.external_auth_only, users.receive_notifications, users.description, users.date_entered, users.date_modified, users.last_login, users.modified_user_id, users.created_by, users.title, users.department, users.phone_home, users.phone_mobile, users.phone_work, users.phone_other, users.phone_fax, users.status, users.address_street, users.address_city, users.address_state, users.address_country, users.address_postalcode, users.default_team, users.team_set_id, users.acl_team_set_id, users.deleted, users.portal_only, users.show_on_employees, users.employee_status, users.messenger_id, users.messenger_type, users.reports_to_id, users.is_group, users.preferred_language, users.acl_role_set_id, teams_tn.name tn_name, teams_tn.name_2 tn_name_2 FROM users LEFT JOIN teams teams_tn ON (users.default_team = teams_tn.id) AND (teams_tn.deleted = ?) WHERE users.id = ? LIMIT 1\nParams: {"1":0,"2":"2fa4c2b8-5791-11e9-9db4-005056be5ece"}\nTypes: {"1":5,"2":2}
[INFO] Query: SELECT ea.email_address, ea.email_address_caps, ea.invalid_email, ea.opt_out, ea.date_created, ea.date_modified,\n                ear.id, ear.email_address_id, ear.bean_id, ear.bean_module, ear.primary_address, ear.reply_to_address, ear.deleted\n                FROM email_addresses ea LEFT JOIN email_addr_bean_rel ear ON ea.id = ear.email_address_id\n                WHERE ear.bean_module = ?\n                AND ear.bean_id = ?\n                AND ear.deleted = 0\n                ORDER BY ear.reply_to_address, ear.primary_address DESC\nParams: ["Users","2fa4c2b8-5791-11e9-9db4-005056be5ece"]
[DEBUG] Hook called: Users::before_fetch_query
[INFO] Query: SELECT users.first_name, users.last_name, users.created_by, users.id FROM users WHERE (users.id = ?) AND (users.deleted = ?)\nParams: {"1":"617550ce-3427-11e9-8bb0-00237dd1fde0","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Users::process_record
[DEBUG] Hook called: Users::after_fetch_query
[DEBUG] Hook called: Teams::before_fetch_query
[INFO] Query: SELECT teams.created_by, teams.id FROM teams WHERE (teams.id = ?) AND (teams.deleted = ?)\nParams: {"1":"1","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Teams::process_record
[DEBUG] Hook called: Teams::after_fetch_query
[DEBUG] Hook called: Teams::before_fetch_query
[INFO] Query: SELECT teams.name, teams.created_by, teams.id FROM teams WHERE (teams.id = ?) AND (teams.deleted = ?)\nParams: {"1":"1","2":0}\nTypes: {"1":2,"2":5}
[DEBUG] Hook called: Teams::process_record
[DEBUG] Hook called: Teams::after_fetch_query
[INFO] Query: SELECT ea.email_address, ea.email_address_caps, ea.invalid_email, ea.opt_out, ea.date_created, ea.date_modified,\n                ear.id, ear.email_address_id, ear.bean_id, ear.bean_module, ear.primary_address, ear.reply_to_address, ear.deleted\n                FROM email_addresses ea LEFT JOIN email_addr_bean_rel ear ON ea.id = ear.email_address_id\n                WHERE ear.bean_module = ?\n                AND ear.bean_id = ?\n                AND ear.deleted = 0\n                ORDER BY ear.reply_to_address, ear.primary_address DESC\nParams: ["Users","2fa4c2b8-5791-11e9-9db4-005056be5ece"]
[DEBUG] Hook called: Users::after_retrieve

 

If you updated the user's team from the back end you may not have updated the team_sets or missed something else, teams are not that simple on the back end.

I suggest you go to the user's record in Admin->User Management->Access

In the "MyTeams" panel you can add/remove teams. Working from there will ensure that all the back-end additions/edits are working correctly.

FrancescaS