Login fails after Authentication password expires

[felixkwasisarpong]

I always get a login failure if the password of the credentials used for authentication expires and its changed in the .env file

Environment

ldaprecord-laravel: 2.2
PHP Version: 8.0

.env file

LDAP_LOGGING=true
LDAP_CONNECTION=default
LDAP_HOST=ip
LDAP_USERNAME=null
LDAP_PASSWORD=null
LDAP_PORT=389i
LDAP_BASE_DN="dc=*,dc=com"
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false

The Application fails to log any user in when the authenticated users password expires. I tried to leave the LDAP_PASSWORD null to avoid encountering such issues in the future but it didn't work. So does it mean the password will always be updated in the application when it expires for that particular credential? Because per my AD group policy, passwords needs to be changed every month.

[stevebauman]

Hi @felixkwasisarpong,

The Application fails to log any user in when the authenticated users password expires.

This is expected behaviour. LdapRecord requires a valid username and password to search your directory for the users whom are authenticating into your application.

Because per my AD group policy, passwords needs to be changed every month.

You must create an AD service account that does not abide by this policy, or one that you have control over. Then, you can update the .env file immediately after updating the AD service accounts password during your application's maintenance period window.

The only way around this is to use anonymous authentication and then setting LDAP_USERNAME and LDAP_PASSWORD to null. However, this is not recommended, due to the security issues with anonymous authentication.

Hope this helps!

[felixkwasisarpong]

Yes, Thanks