I am not too sure about the filename of the database changes, please review and comment.

I can do that tomorrow or on weekend. The file names look ok at a first quick look, and SQL syntax and style looks ok, too, but I have to check the replace for the parameter value because it needs to be very careful with that. We have to make sure to really match the complete parameter. Am too tired today to do that now.

@richard67 Can you please review? Is there anything else I can / have to do to make this PR and #37959 to be included in the first possible coming release?

Each PR needs 2 successful human tests. It could be hard to find testers for LDAP authentication since it's rarely used. So this alone might take some time.

For the other PR people can maybe use https://www.forumsys.com/2022/05/10/online-ldap-test-server/ , but I'm not sure if it is also suitable for this one for LDAPS.

Thanks for the review and suggestions, I applied them. Now let's hope someone wants to test this...

This pull requests has automatically rebased to 4.2-dev.

This pull requests has been automatically converted to the PSR-12 coding standard.

@tatankat 2 things

first can you change the sql files to 4.2.0 with date.
2nd do you have experience with ldap server and docker and tests^^ We would really need automated tests for ldap, so having a ldap server automatically provisioned with a users so joomla can login would be great but I don't know if something like this could be made easily.

@tatankat 2 things

first can you change the sql files to 4.2.0 with date.

@tatankat I suggest you rename both update SQL scripts to "4.2.0-2022-06-28.sql".

@HLeithner

2nd do you have experience with ldap server and docker and tests^^ We would really need automated tests for ldap, so having a ldap server automatically provisioned with a users so joomla can login would be great but I don't know if something like this could be made easily.

I don't have any real-life experience with any possible combination of docker, php, unittests, ldap and joomla. But I do have at least some basic experience with any of them separately.

I researched a bit and to run a docker with openldap and non-encrypted, with ssl/tls or starttls communication (on the standard ports, but possible to change) and an account with a password to test, you can use (see also https://github.com/bitnami/bitnami-docker-openldap):

docker run --rm --name openldap --env LDAP_ADMIN_USERNAME=admin --env LDAP_ADMIN_PASSWORD=adminpassword --env LDAP_USERS=customuser --env LDAP_PASSWORDS=custompassword --publish 389:1389 --publish 636:1636 --env LDAP_ENABLE_TLS=yes --env LDAP_TLS_CERT_FILE=/opt/bitnami/certs/ldapcert.crt --env LDAP_TLS_KEY_FILE=/opt/bitnami/certs/ldapcert.key --env LDAP_TLS_CA_FILE=/opt/bitnami/certs/CA.crt -v <path_where_the_certs_and_key_are>:/opt/bitnami/certs --env BITNAMI_DEBUG=true -u $(id -u) bitnami/openldap:latest

If you can give me a basic structure in the Joomla testing structure to put the ldap tests, I am willing to give it a try (in a few weeks). I didn't test Joomla yet with this docker openldap.

We currently use J3 with LDAP (Apache DS) and are starting to do some testing with J4. We are willing to do some testing.

Thanks for willing to test @nsheehan
You're kindly invited to run some tests. Depending on what you're requirements are, you need this PR and #37959. To do ldap client side debugging, you need #38388 . All of them are merged in https://github.com/tatankat/joomla-cms/tree/patched.
I am very keen to hear about your experiences.

Furthermore, I succeeded to use the docker openldap with Joomla.
To successfully log in using the ldap user, it needs an email address set which you can add by:
creating a file with contents:

dn: cn=customuser,ou=users,dc=example,dc=org
add: mail
mail: customuser@example.com
-

and executing:

ldapmodify -v -x -H ldap://localhost -f <the file's name> -D cn=admin,dc=example,dc=org -w adminpassword

So if anyone can tell me where to put the tests and which files I can use to get the structure from, I can create some automated tests.

I've tried to create a package to ease testing of upgrading to V4 the LDAP patches, see: https://github.com/tatankat/joomla-cms/releases/tag/patched
Do not use this on an instance if you plan to continue using it!

So if anyone can tell me where to put the tests and which files I can use to get the structure from, I can create some automated tests.

@tatankat When looking how unit tests have been done for the task plugins here https://github.com/joomla/joomla-cms/tree/4.2-dev/tests/Unit/Plugin/Task (we seem not to have any other unit tests for other plugin groups yet), I think you should create a folder "tests/Unit/Plugin/authentication" for the plugin group, and in that folder a folder "ldap", and in that one you put your test. The ldap plugin has not been changed to the new structure yet, so it will not need a sub-folder "Extension" like plugins in the "tests/Unit/Plugin/Task" folder have, and your folder will be named "ldap" and not "ldap", I think.

But maybe @laoneo has a better idea?

Or did you mean system tests?

Hi, @tatankat I used your package to test the LDAP and unfortunately it's still not working. The only error messages I see every time I try to log in are of this kind, '2022-05-24T13:15:10+00:00 INFO 10.255.7.56 ldapfailure Username and password do not match, or you do not have an account yet.'

@HLeithner @richard67 I created some tests in tatankat@2ee0907
As this adds another service (and docker image) in drone, I thinks it's best I wait approval before creating a PR. Can you approve?
For now, the services will certainly fail, as the certificates are missing. Do you have an opinion on how to generate the certificates? Do you know where I can put them?
The tests are usable as-is, but most certainly need improvements.
@HLeithner thanks for the information. To answer your question, I think it is more an integration test, but I put it in the unit tests as you explained.
@nickdring see my answer in #37959

@tatankat looks good. about the certificate, create a certificate that is valid for 50 years and add it to the tests/Codeception/_data/certs subdirectory.
I'm not sure how the client can use the correct certificates...

Also remove 4.2 with DEPLOY_VERSION please

But please create a pull request and we can see how it goes.

thanks
Harald

I have tested this item ✅ successfully on 9fd0f31

Can you please also change the tests to skip when LDAP is not available?

@Hackwar #38775 may already solve part of your problem

Hi, I updated to 4.2.3, and it still doesn't work for me, I don't know if the changes made here were incorporated into that release. @tatankat could you make me an installer for Joomla with all the patches you added, so I can try again?
I'm following another thread on GitHub where other people are still having issues.
Thanks!

@nickdring the changes are not yet incorporated as there are not enough successful human tests...
I have created a new update package with all fixes: https://github.com/tatankat/joomla-cms/releases/tag/4.2.3-patched

@nickdring you also can download test build under each Pull Request

Follow the Details link https://ci.joomla.org/artifacts/joomla/joomla-cms/4.2-dev/37962/downloads/58382/
and download Development-Full_Package.zip or Development-Update_Package.zip for test.

Important addition: if you only need the changes of 1 PR. The build I created contains the changes of all ldap related PRs.

Great guys, I have installed on my local machine. I'll start trying and let you know soon.

Hi, no luck I'm afraid. I switched logging on so here is the output of the variations I tried.
#Fields: datetime priority clientip category message
2022-10-07T12:04:17+00:00 DEBUG ::1 ldap Creating LDAP session with options: {"host":"10.255.8.30","port":3269,"version":2,"referrals":true,"encryption":"ssl","debug":true}
2022-10-07T12:04:17+00:00 DEBUG ::1 ldap Creating LDAP session to connect to "ldaps://10.255.8.30:3269" while binding
2022-10-07T12:04:17+00:00 DEBUG ::1 ldap Direct binding to LDAP server with entered user dn "nicholas.dring@iit.it" and user entered password
2022-10-07T12:04:17+00:00 ERROR ::1 ldap Can't contact LDAP server
2022-10-07T12:04:17+00:00 INFO ::1 ldapfailure Username and password do not match or you do not have an account yet.
2022-10-07T12:04:17+00:00 WARNING ::1 jerror Username and password do not match or you do not have an account yet.
2022-10-07T12:05:19+00:00 INFO ::1 controller Holding edit ID com_plugins.edit.plugin.90 Array ( [0] => 90 )
2022-10-07T12:05:19+00:00 INFO ::1 controller Checking edit ID com_plugins.edit.plugin.90: 1 Array ( [0] => 90 )
2022-10-07T12:05:23+00:00 INFO ::1 controller Holding edit ID com_plugins.edit.plugin.90 Array ( [0] => 90 )
2022-10-07T12:05:23+00:00 INFO ::1 controller Checking edit ID com_plugins.edit.plugin.90: 1 Array ( [0] => 90 )
2022-10-07T12:05:31+00:00 DEBUG ::1 ldap Creating LDAP session with options: {"host":"10.255.8.30","port":3269,"version":2,"referrals":true,"encryption":"tls","debug":true}
2022-10-07T12:05:31+00:00 DEBUG ::1 ldap Creating LDAP session to connect to "ldap://10.255.8.30:3269" while binding
2022-10-07T12:05:31+00:00 DEBUG ::1 ldap Direct binding to LDAP server with entered user dn "nicholas.dring@iit.it" and user entered password
2022-10-07T12:05:31+00:00 ERROR ::1 ldap Could not initiate TLS connection: Success
2022-10-07T12:05:31+00:00 INFO ::1 ldapfailure Username and password do not match or you do not have an account yet.
2022-10-07T12:05:31+00:00 WARNING ::1 jerror Username and password do not match or you do not have an account yet.
2022-10-07T12:05:47+00:00 INFO ::1 controller Holding edit ID com_plugins.edit.plugin.90 Array ( [0] => 90 )
2022-10-07T12:05:48+00:00 INFO ::1 controller Checking edit ID com_plugins.edit.plugin.90: 1 Array ( [0] => 90 )
2022-10-07T12:05:55+00:00 DEBUG ::1 ldap Creating LDAP session with options: {"host":"10.255.8.30","port":3269,"version":3,"referrals":true,"encryption":"tls","debug":true}
2022-10-07T12:05:55+00:00 DEBUG ::1 ldap Creating LDAP session to connect to "ldap://10.255.8.30:3269" while binding
2022-10-07T12:05:55+00:00 DEBUG ::1 ldap Direct binding to LDAP server with entered user dn "nicholas.dring@iit.it" and user entered password
2022-10-07T12:05:55+00:00 ERROR ::1 ldap Could not initiate TLS connection: Success
2022-10-07T12:05:55+00:00 INFO ::1 ldapfailure Username and password do not match or you do not have an account yet.
2022-10-07T12:05:55+00:00 WARNING ::1 jerror Username and password do not match or you do not have an account yet.
2022-10-07T12:06:12+00:00 INFO ::1 controller Holding edit ID com_plugins.edit.plugin.90 Array ( [0] => 90 )
2022-10-07T12:06:13+00:00 INFO ::1 controller Checking edit ID com_plugins.edit.plugin.90: 1 Array ( [0] => 90 )
2022-10-07T12:06:18+00:00 DEBUG ::1 ldap Creating LDAP session with options: {"host":"10.255.8.30","port":3269,"version":3,"referrals":true,"encryption":"ssl","debug":true}
2022-10-07T12:06:18+00:00 DEBUG ::1 ldap Creating LDAP session to connect to "ldaps://10.255.8.30:3269" while binding
2022-10-07T12:06:18+00:00 DEBUG ::1 ldap Direct binding to LDAP server with entered user dn "nicholas.dring@iit.it" and user entered password
2022-10-07T12:06:18+00:00 ERROR ::1 ldap Can't contact LDAP server
2022-10-07T12:06:18+00:00 INFO ::1 ldapfailure Username and password do not match or you do not have an account yet.
2022-10-07T12:06:18+00:00 WARNING ::1 jerror Username and password do not match or you do not have an account yet.

@nickdring you need to look at the ldap client debug messages (the one you provided only a part of in #37959, see #37959 (comment))
You probably need TLS_REQCERT never (this should be clear from the ldap client debug log) and read the mark about it at #37959 (comment)

I'll put this patch build on a staging server so I'm sure its not a local machine problem with the ldap server

Hi team,
This is also an ongoing issue for our recent migration from J3 latest to J4.2.3.

I am also willing to test, but the following link seems to be dead:
https://ci.joomla.org/artifacts/joomla/joomla-cms/4.2-dev/37962/downloads/58382/

Also I need to get setup properly in docker first, perhaps sometime this week pending time available.

What I am seeing is an issue with a connection to the Symphony adapter, if that is immediately helpful:
2022-10-25T23:01:28+00:00 CRITICAL 172.19.1.212 error Uncaught Throwable of type TypeError thrown with message "ldap_set_option(): Argument #1 ($ldap) must be of type ?LDAP\Connection, bool given". Stack trace: #0 [ROOT]/libraries/vendor/symfony/ldap/Adapter/ExtLdap/Connection.php(104): ldap_set_option()

I have tried the fix suggested here, which doesn't work for me:
#35829

Is this still the most direct/recent tree to test from?
https://github.com/tatankat/joomla-cms/tree/patched

As I stated, I'm willing to test, or even help with development.

@noxidsoft I restarted the build. In a few minutes a new link to the download package will appear here, which will work.

@Hackwar Tested your changes, now get following which is progress. I'm just checking my Map settings are correct with a response dump.

Joomla everything.php log

2022-10-26T07:04:58+00:00	INFO 172.19.1.212	ldapfailure	Username and password do not match or you do not have an account yet.
2022-10-26T07:04:58+00:00	WARNING 172.19.1.212	jerror	Username and password do not match or you do not have an account yet.

@noxidsoft
The https://github.com/tatankat/joomla-cms/tree/patched tree has all available LDAP fixes applied. It has just been updated.
The fixes you need depend on your environment and needs. For example, you need #38388 to get the correct error message and not the message you are getting now.
Edit: I have just seen your message and I'm a bit puzzled the merge with latest tree changed messages, is it possible you also changed something in the configuration?
To get more clear error messages than "Username and password do not match or you do not have an account yet." (and some debug messages), you need #37959

@Hackwar
It's a bit demotivating to see a php code style error making the build fail while none of my bug fixes for multiple multiple times reported issues are not being merged due to the lack of human testing.

@tatankat I understand your pain. I only grabbed @Hackwar changes based on what I was seeing for the logs at that time.

I am about to launch to production (Joomla 4.2.4, patched today), I can't risk -dev advanced release (50+ changes) for something so close to necessary launch, so we will need to utilize another third-party solution until native LDAP is fully functional.

After today (AEST), I will have to wait, at least a few days until we have something I can break again and thoroughly test.

I will keep testing in the future, but need to pause for now. Do you think the LDAP changes will make it through to Joomla 4.2.5 ?

Thank you both for the help.

If it will make to 4.2.5, really depends on testers I fear, so please, do test.

The amount of commits are mostly merges to keep the branch up to date. The patched tree is just combining #37962 #37959 and #38388 (and backported tests #38593 and #38775, which you don't need) in a convenient way. You can also apply them by patch files/hand or just use 1 and see where it takes you.

@joomla team: should I combine the LDAP fixes in 1 PR? I thought small PRs would make it quicker into the Joomla code, but this does not same the case as it seems only harder to do testing.

@FPC-RamonHerrera It seems you have used the "Alter test" button instead of the "Test this" button in the issue tracker. If you have tested this PR: Could you use the "Test this" button? That's the right one, and it will properly show your test result. The "Alter test" button is for correcting a previous test result. Thanks in advance.

Before this PR can be merged, the update SQL scripts should be renamed from "4.2.0-2022-06-28.sql" to e.g. "4.2.6-2022-11-10.sql". The date part is not so important, but the version part should be changed for sure, otherwise the SQL will not run when updating a 4.2.5.

@tatankat Could you do that? It will not invalidate previous test results.

@richard67 I totally did this in error, my apologies, I took a wrong turn. I clicked "Test this" here and realized my mistake, so I deleted it.

@FPC-RamonHerrera Well, you have not really deleted your test. It is still counted. I will set it back by using the "Alter test" button and changing the value to "Not tested".

Hmm you are right, it doesn't work. Will do other method.

I've restored @VitaSati 's positive test result from September 15 because all changes after that were only clean branch updates.

@richard67 Thanks. I applied your suggestion.

Hi, I finally have a staging server to test this properly. Where can I find the PR-4.3-dev or the updated pkg with all these fixes? On the Joomla update, under the testing channel - development I only see Joomla! 4.2.7-rc1.
Thanks!

@nickdring In your case, you still need an additional patch to find/verify your additional (probably certificate) issue. The latest package with all ldap patches can be found here: https://github.com/tatankat/joomla-cms/releases/tag/4.3.0-alpha2-patched

Hi @tatankat, I uploaded the patches from the link you sent me. It says I'm on ‎4.2.7-rc1. But it's still not working for me. My colleagues in ICT say the LDAP server is reachable. I'm logging everything, and all I see is:
2023-01-24T11:25:33+00:00 INFO 172.25.0.5 ldapfailure Username and password do not match or you do not have an account yet.
2023-01-24T11:25:33+00:00 WARNING 172.25.0.5 jerror Username and password do not match or you do not have an account yet.
ICT has also added a local CA certificate.
In your message, you mention an additional patch? Where is that?
Thanks

One note, if I use ldaps://10.255.8.30:3269 or ldaps://10.255.8.30 as the host I get this error when logging in ldap_set_option(): supplied argument is not a valid ldap link resource

one final point, in earlier tests in the months past with patches, applied I remember I had the option to set the TLS and SSL but in this version, I'm not seeing that. And also, I remember in the logs we were able to see if it was using LDAPS but I don't see that now either.

Hi @nickdring, those were the wrong files, which explains the bad naming. You are right about the option. If it fails, do not forget to also enable the ldap debug logging and provide it's complete output.
If ICT added a local certificate to your server's trusted certificate store used by ldap, there a chance it will work this time.

ok so where are the right files :)

at the same place, I replaced them, you will see the updated names:
Joomla_4.3.0-alpha3-dev-*

at the same place, I replaced them, you will see the updated names:
Joomla_4.3.0-alpha3-dev-*

cool, i see the new changes to the plugin now.
But I'm still getting an error, here is what the log says:
2023-01-24T15:58:25+00:00 DEBUG 172.25.0.5 ldap Creating LDAP session with options: {"host":"10.255.8.31","port":3269,"version":2,"referrals":true,"encryption":"ssl","debug":true}
2023-01-24T15:58:25+00:00 DEBUG 172.25.0.5 ldap Creating LDAP session to connect to "ldaps://10.255.8.31:3269" while binding
2023-01-24T15:58:25+00:00 DEBUG 172.25.0.5 ldap Direct binding to LDAP server with entered user dn "nicholas.dring@iit.it" and user entered password
2023-01-24T15:58:25+00:00 ERROR 172.25.0.5 ldap Can't contact LDAP server
2023-01-24T15:58:25+00:00 INFO 172.25.0.5 ldapfailure Username and password do not match or you do not have an account yet.
2023-01-24T15:58:25+00:00 WARNING 172.25.0.5 jerror Username and password do not match or you do not have an account yet.

I'm getting my colleagues in IT to check that the LDAP server is actually reachable

@nickdring The kind of log you provided in #37959 (comment) should give more details (that can't be provided by Joomla or php). Please provide it completely.

Hi here is the apache:

ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: HOME env is NULL
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldaps://10.255.8.30:3269)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 10.255.8.30:3269
ldap_new_socket: 12
ldap_prepare_socket: 12
ldap_connect_to_host: Trying 10.255.8.30:3269
ldap_pvt_connect: fd: 12 tm: 60 async: 0
ldap_ndelay_on: 12
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 12 tm: 60
ldap_is_sock_ready: 12
ldap_ndelay_off: 12
ldap_pvt_connect: 0
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_err2string

There you go, as expected. You should configure the ldap client (on OS level) to accept the certificate.

TLS: peer cert untrusted or revoked (0x42)

Hi there, my colleagues in ICT are asking if you have any information regarding the configutation of the ldap client.
Thanks.

@nickdring see #37959 (comment) and #37959 (comment)

But, as #37959 and others are being merged and @laoneo is making me happy, I basically undid #35323 and implemented #24115 again using the symfony ldap client (and new php ldap options since 7.1).
So now it is possible to either: ignore ssl certificate issues or to configure the certificate (or it's CA) directly in Joomla. It may take a restart of the webserver to take these settings into account.

New packages with all ldap patches applied are at https://github.com/tatankat/joomla-cms/releases/tag/4.3.0-alpha3-dev-patched

Hi @tatankat ok upload patch. Non errors and its working for us.
From everything.php:
2023-01-30T09:56:03+00:00 DEBUG 172.25.0.5 ldap Creating LDAP session with options: {"host":"IITDCWGE001.iit.local","port":3269,"version":3,"referrals":true,"encryption":"ssl","debug":true}
2023-01-30T09:56:03+00:00 DEBUG 172.25.0.5 ldap Creating LDAP session to connect to "ldaps://IITDCWGE001.iit.local:3269" while binding
2023-01-30T09:56:03+00:00 DEBUG 172.25.0.5 ldap Direct binding to LDAP server with entered user dn "nicholas.dring@iit.it" and user entered password
2023-01-30T09:56:03+00:00 DEBUG 172.25.0.5 ldap Searching LDAP entry with filter: "userprincipalname=nicholas.dring@iit.it"
2023-01-30T09:56:03+00:00 DEBUG 172.25.0.5 ldap LDAP login succeeded; username: "nicholas.dring@iit.it", email: "nicholas.dring@iit.it", fullname: "Nicholas Dring"

From apache log:
[11:00] Davide De Marco
dap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

This is good news, when these changes are released we can start planning the migration of our 90+ sites to J4.

Thanks for your help!

@tatankat can you update the update SQL file names to reflect the current date and version 4.3. Then we can merge it.

Awesome work - thanks for perservering

Thanks for the tests and confirmation @nickdring.
I have done the requested changes.

@nickdring's tests also confirm that #38388 is working. Can that one also be merged?

Thank you very much for help bringing the ldap plugin to a new level. On some point the variables in the plugin need to be renamed to fit more our camelCase style. But for now this is fine.

Can you folks confirm this change made it to the J 4.3.x release? We are currently on 4.2.7 and looking to rely on the LDAP(S) plugin again for our SSO, rather than the miniorange one.

I'm still getting this error in the logs:

#Date: 2023-10-23 23:40:49 UTC
#Software: Joomla! 4.2.7 Stable [ Uaminifu ] 31-January-2023 15:00 GMT

#Fields: datetime       priority clientip       category        message
2023-10-23T23:40:49+00:00       CRITICAL 192.168.50.97  error   Uncaught Throwable of type TypeError thrown with message "ldap_set_option():>
#1 [ROOT]/libraries/vendor/symfony/ldap/Adapter/ExtLdap/Connection.php(153): Symfony\Component\Ldap\Adapter\ExtLdap\Connection->setOption()
#2 [ROOT]/libraries/vendor/symfony/ldap/Adapter/ExtLdap/Connection.php(73): Symfony\Component\Ldap\Adapter\ExtLdap\Connection->connect()
#3 [ROOT]/libraries/vendor/symfony/ldap/Ldap.php(37): Symfony\Component\Ldap\Adapter\ExtLdap\Connection->bind()
#4 [ROOT]/plugins/authentication/ldap/ldap.php(133): Symfony\Component\Ldap\Ldap->bind()
#5 [ROOT]/libraries/src/Authentication/Authentication.php(175): PlgAuthenticationLdap->onUserAuthenticate()
#6 [ROOT]/libraries/src/Application/CMSApplication.php(816): Joomla\CMS\Authentication\Authentication->authenticate()
#7 [ROOT]/libraries/src/Application/SiteApplication.php(665): Joomla\CMS\Application\CMSApplication->login()
#8 [ROOT]/components/com_users/src/Controller/UserController.php(90): Joomla\CMS\Application\SiteApplication->login()
#9 [ROOT]/libraries/src/MVC/Controller/BaseController.php(672): Joomla\Component\Users\Site\Controller\UserController->login()
#10 [ROOT]/libraries/src/Dispatcher/ComponentDispatcher.php(143): Joomla\CMS\MVC\Controller\BaseController->execute()
#11 [ROOT]/libraries/src/Component/ComponentHelper.php(355): Joomla\CMS\Dispatcher\ComponentDispatcher->dispatch()
#12 [ROOT]/libraries/src/Application/SiteApplication.php(200): Joomla\CMS\Component\ComponentHelper::renderComponent()
#13 [ROOT]/libraries/src/Application/SiteApplication.php(241): Joomla\CMS\Application\SiteApplication->dispatch()
#14 [ROOT]/libraries/src/Application/CMSApplication.php(294): Joomla\CMS\Application\SiteApplication->doExecute()
#15 [ROOT]/includes/app.php(61): Joomla\CMS\Application\CMSApplication->execute()
#16 [ROOT]/index.php(32): require_once('...')
#17 {main}
```<hr /><sub>This comment was created with the <a href="https://github.com/joomla/jissues">J!Tracker Application</a> at <a href="https://issues.joomla.org/tracker/joomla-cms/37962">issues.joomla.org/tracker/joomla-cms/37962</a>.</sub>

@noxidsoft Yes, this made it in 4.3