-
-
Notifications
You must be signed in to change notification settings - Fork 863
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP search permissions no longer work #11404
Comments
there were some bugs for this that are fixed on 2024.8 |
I am using the manual outpost method for my LDAP outpost found here does this not get updated at the same frequency as everything else? As I use docker-compose I update everything at the same time. I also have already updated to 2024.8.2 with no fix yet :( |
the latest image gets updated at the same time, but I recommend explicitly using a version tag. On startup the outpost prints which version it is, could you post the logs from the container start? |
|
Same issue here, LDAP is broken. Outpost has been updated to the latest version [2024.8.2] {"bindDN":"cn=[email protected],ou=users,dc=ldap,dc=domain,dc=com","client":"192.168.10.1","error":"unsupported challenge type ak-stage-flow-error","event":"failed to execute flow","level":"warning","requestId":"d95cc463-d433-4f2a-8f1a-cdf7156697cc","timestamp":"2024-09-18T13:21:32Z"} |
I managed to figure this out. After reading through the LDAP Provider setup found here I noticed that my stage bindings were different than what was in the guide. Below is an image of what I had in my stage bindings. I deleted the Password Stage binding and everything worked! I'm not entirely sure why this stage binding was here, but oh well. Check yours @McGeaverBeaver maybe its the same issue? |
Describe the bug
Ever since the 2024.8 update my LDAP user access has not been functional. I get "ldap_bind: Insufficient access (50)" when testing. Reading through the changelogs led me to finding out that the search group was removed and all LDAP permissions were moved to RBAC. I tried creating a role for LDAP search access and adding my LDAP bind user to a group with that role attached to no avail. Am I doing something wrong with my configurations?
To Reproduce
Steps to reproduce the behavior:
Expected behavior
LDAP bind searches users
Screenshots
Logs
ldapsearch -x -H <REDACTED> -D 'cn=ldapservice,ou=users,ou=ldap,DC=ldap,DC=example,DC=com' -w <REDACTED> '(objectClass=username)'
ldap_bind: Insufficient access (50)
Logs from auhtentik-ldap container:
ldap-1 | {"bindDN":"cn=ldapservice,ou=users,ou=ldap,dc=ldap,dc=example,dc=com","client":"<REDACTED>","event":"No provider found for request","level":"warning","request":"bind","requestId":"89c29721-3d8a-475a-86a4-180bc3f28c80","timestamp":"2024-09-17T02:30:18Z"}
ldap-1 | {"bindDN":"cn=ldapservice,ou=users,ou=ldap,dc=ldap,dc=example,dc=com","client":"<REDACTED>","event":"Bind request","level":"info","requestId":"89c29721-3d8a-475a-86a4-180bc3f28c80","timestamp":"2024-09-17T02:30:18Z","took-ms":1}
Version and Deployment (please complete the following information):
The text was updated successfully, but these errors were encountered: