Please enable DEBUG mode (bottom option on that screen) and try again.
@nickdring what is your PHP configuration setting for default_socket_timeout please?

HI there, activated debut but it didn't make any difference as you can see here: https://www.dropbox.com/s/zth93wohxde9ncc/Screenshot.png?dl=0
default_socket_timeout is set to 60

Here is trace https://www.dropbox.com/s/m71unjq1dnlz3oq/Error_%200.pdf

Thanks - ill see if I can replicate/fix this when I get home.

Please confirm, your get this when you are trying to login right?

Hi Phil, yep front or back, new or existing user.

Please confirm PHP version - best to do the export from Joomla 4 system information page in text format please (there is a button there to allow you to export the full data that's helpful)

I have not been able to replicate your problem exactly but I do note that Joomla doesnt like it at all if your host is prefixed with ldap:// or ldaps:// like yours is.

Try removing the ldaps:// from your hostname in your configured ldap plugin and try that.

The upstream documentation says to use a host with no prefix when using Ldap::create which is what Joomla 4 is using

https://symfony.com/doc/current/components/ldap.html

The prefixes ldaps:// is only used when using a connection_string array key, which Joomla 4 doesnt.

So this for certain needs changing in your config. Remove the ldaps:// prefix.

Also interesting - but unrelated - is that the Ignore Certificate toggle seems to do absolutely nothing as the value of ignore_reqcert_tls is never used by Joomla 4 or Symfony LDAP - its useless - and cannot be used on *nix type computers anyway (according to StackOverflow) - proposed removing it here #35323

Hi there, here you go https://www.dropbox.com/s/zw64id5wsbnj81b/systeminfo.txt

did removing ldaps:// from your host name fix the problem?

HI so I removed the ldaps:// as you suggested and now there is another error: 2021-08-24T09:22:25+00:00 INFO 10.255.7.56 ldapfailure Username and password do not match or you do not have an account yet.
I asked my IT department and there reply was that if we removed LDAPS how does Joomla know that we require an LDAPS connection?

well the fact you get " Username and password do not match or you do not have an account yet" means that its now successfully connected to LDAP and checked the credentials and LDAP told it they were wrong.

If you enable negotiate_tls then this attempts to make a TLS connection

I guess you just need to play with the settings to get them to work in your environment. Removing ldaps:// is the correct thing to do as the code is not expecting the prefix.

We don't use TLS we use ldaps.
From experience I think the Joomla reply 'Username and password do not match or you do not have an account yet' is the standard reply that Joomla sends back when there is an error, whatever the problem is.
Personally I would think it might be an idea to allow people to specify ldap or ldaps.
We've tried a few different options but so far we havent managed to get it to work.

Has this ever worked for you?

Is there a valid root CA issued ssl or a self signed cert on your ldaps service?

Hi we have around 70 sites running J3 which have been using this setup for quite a few years. The certificate is self signed on a local domain.

ok well then the ldap plugin in Joomla 4 has undergone considerable changes since Joomla 3, and now uses the LDAP components from Symfony.

The way this has been integrated doesn't take ldaps:// into account

Therefore the only option is to rewrite the plugin. I dont have time for that this week, but I'll leave it on my todo list.

No worries Phil, we aren’t looking to move quite yet to J4 but I’d be happy to test the plug-in when you’ve added support for LDAPS.
Nick

I updated to 4.0.2 but the issue still remains so I guess its hasn't been looked at yet. Just to say I'm quite happy to test the new plugin when it arrives. I guess this hasn't been noticed as most people who use Joomla don't use LDAP for authentication.