Active Directory Bind User Not Working

I have a librenms instance that is tied to AD. My problem is that the bind user doesn’t appear to be working. We are able to authenticate just fine using AD but when I create an API key after a day it loses the user information that is tied to it. When I run auth_test i get “Could not bind to AD, you will not be able to use the API or alert AD users”. The warning in the validate output can be ignored as those devices are slow to poll.

Config:

$config[‘auth_ad_check_certificates’] = 0;
$config[‘auth_ad_url’] = “ldap://dc01.ad.example.net ldap://dc02.ad.example.net”;
$config[‘auth_ad_domain’] = “ad.example.net”;
$config[‘auth_ad_base_dn’] = “dc=ad,dc=example,dc=net”;
$config[‘auth_ad_binduser’] = ;
$config[‘auth_ad_bindpassword’] = ;
$config[‘auth_ad_check_certificates’] = false; // require a valid ssl certificate
$config[‘auth_ad_debug’] = true; // enable for verbose debug messages
$config[‘auth_ad_timeout’] = 5; // time to wait before giving up (or trying the next server)
$config[‘active_directory’][‘users_purge’] = 1; // purge users who haven’t logged in for 1 days.
$config[‘auth_ad_require_groupmembership’] = true; // require users to be members of a group listed below
$config[‘auth_ad_groups’][‘LibreNMS Admins’][‘level’] = 10;
$config[‘auth_ad_groups’][‘ExampleCompany-Users’][‘level’] = 7;
$config[‘auth_api_local’] = true;

Validate.php:

====================================

Component Version
LibreNMS 1.51-84-gaff2ac49e
DB Schema 2019_02_10_220000_add_dates_to_fdb (132)
PHP 7.2.17-0ubuntu0.18.04.1
MySQL 10.1.38-MariaDB-0ubuntu0.18.04.1
RRDTool 1.7.0
SNMP NET-SNMP 5.7.3
====================================

[OK] Composer Version: 1.8.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[WARN] Some devices have not been polled in the last 5 minutes. You may have performance issues.

What have you tried? Bind user is working for me with AD.

I’ve done the basics. I’ve verified that the username/password is correct, created a new bind account with different permissions, I also did a packet capture but I’m not super familiar with ad/ldap packets. I do see a bind request and success message in the packet capture. I guess if you could confirm that the config looks correct that would be helpful. I do have a username and password defined but I left it out.

What are you setting your binduser to? It should be just the plain username, no domain.

According to the code, it appends auth_ad_domain to auth_ad_binduser

The user is “svc.librenms” but when I created a new user to test with I made it “svc-librenms”. I had the same results with both users.

Is the user inside your base_dn?