Since you mentioned that the AD server syncs users, can you please adjust the LogSettings.FileLevel to DEBUG so we can capture the log entries when you reproduce the issue?
Also, can you verify that when you sync users, the sync table shows success status?
How do you configure the user filter on your LDAP configuration? When you run an ldapsearch of this user according to the filter, were you able to return the user’s information?
I have set LogSettings.FileLevel to DEBUG
Still getting invalid username or password.
There is no log entries when trying to log in.
AD server shows successful login.
Yes, when I sync AD/LDAP I get a success status with users and groups scanned.
The user filter for LDAP is set to objectClass=Person
When running ldapsearch for the user, returns all attributes for that user.
Got it. Would you mind sending a sanitized copy of your config.json (removing any sensitive information such as password) to my DM so I can check on it as well as the snippet of the mattermost.log when you attempted the log in?
Strange that nothing gets logged into the mattermost.log as it should be something that looks like this even when they username / password is invalid for AD/LDAP user.
{"level":"debug","ts":1626844348.0812848,"caller":"mlog/log.go:230","msg":"Enter a valid email or username and/or password.","path":"/api/v4/users/login","request_id":"XXXXXXXXXX","ip_addr":"XXXXXXXXXX","user_id":"","method":"POST","err_where":"login","http_code":401,"err_details":""}
{"level":"debug","ts":1626844348.0825486,"caller":"web/handlers.go:107","msg":"Received HTTP request","method":"POST","url":"/api/v4/users/login","request_id":"XXXXXXXXXX","host":"XXXXXXXXXX","scheme":"","status_code":"401"}
I jumped the gun a bit. It didn’t show anything in the logs at first, but eventually came up with an invalid email error.
Our AD is used for accounts only and dosen’t have the email attribute populated. I put the email address in the AD and it seems to work now.
I also tried using the principle user name which user@ad.company,com in it. I’m assuming its trying to validate the email address is “something”@“something”.“something”.