I am using the LDAP module from ldap-7.x-2.x-dev.tar.gz released on 2013-Jan-09 with Drupal 7.19. The LDAP server is OpenLDAP 2.4.23 running on Debian Squeeze.
I am attempting to have Drupal users authenticate against entries in the LDAP server and so I have the LDAP Authentication module (and LDAP Servers) installed, enabled, and configured.
I have a single server configuration enabled with binding method "Service Account Bind". The server test page shows a successful bind.
I am running slapd in debug mode (level 256) and when I attempt to login to my Drupal site the slapd log shows a successful bind, but then an immediate unbind and no attempt to query:
conn=1000 fd=19 ACCEPT from IP=XXX.YYY.ZZZ.110:58362 (IP=0.0.0.0:636)
conn=1000 fd=19 TLS established tls_ssf=128 ssf=128
conn=1000 op=0 BIND dn="cn=admin,o=swamp,dc=example,dc=com" method=128
conn=1000 op=0 BIND dn="cn=admin,o=swamp,dc=example,dc=com" mech=SIMPLE ssf=0
conn=1000 op=0 RESULT tag=97 err=0 text=
conn=1000 op=1 UNBIND
conn=1000 fd=19 closed
The Drupal page shows me "Sorry, unrecognized username or password". Log messages show "Authentication result id=0 auth_result=3 (Sorry, unrecognized username or password.)"
I would have expected that after the successful bind using the service account there would be a search query taking the Username input (email@example.com) and searching with that to find the DN with the username attribute (my configuration has eduPersonPrincipalName) having that value, and then after finding the DN an attempt would have been made to authenticate using that DN and the password entered into the form.
Is my expectation of how the module(s) work incorrect?
Note that the service account does have the necessary authorization for both the bind and the query '(eduPersonPrincipalNamefirstname.lastname@example.org)'.
I appreciate any input people might have.