Skip to content

Not apply "Search full LDAP directory" permission to ldap service user #14549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
StafLoker opened this issue May 18, 2025 · 0 comments
Open

Not apply "Search full LDAP directory" permission to ldap service user #14549

StafLoker opened this issue May 18, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@StafLoker
Copy link

Describe the bug
LDAP Access result: ldap_bind: Insufficient access (50)

Similar issue: #14518

To Reproduce

  1. Configure ldap-outpost
  2. ldapsearch -LL -x -H ${LDAP_HOST} -D "${LDAP_READONLY_BIND_DN}" -b "${LDAP_USER_BASE_DN}" -w ${LDAP_PASSWORD} ${FILTER_USER}
    ldap_bind: Insufficient access (50)
  3. See error

Expected behavior
ldapsearch prints result

Screenshots

Image
Image
Image
Image
Image

Logs

Login successful:

{
    "outpost": {
        "instance": {
            "pk": "37ec60c723374782b5b18a9fe593a936",
            "app": "authentik_outposts",
            "name": "authentik LDAP",
            "model_name": "outpost"
        }
    },
    "auth_method": "token",
    "http_request": {
        "args": {
            "goauthentik.io/outpost/ldap": "true"
        },
        "path": "/api/v3/flows/executor/ldap-authentication-flow/",
        "method": "GET",
        "request_id": "cf4f2cf035ef49a4af00371982350189",
        "user_agent": "goauthentik.io/outpost/2025.4.1"
    },
    "auth_method_args": {
        "token": {
            "pk": "5786d3c126fc499eb09bd5a370cd1528",
            "app": "authentik_core",
            "name": "service-account-ldapservice-password",
            "model_name": "token"
        }
    }

Version and Deployment (please complete the following information):

  • authentik version: 2025.4.1
  • Deployment: docker-compose

Additional context
I can see output information of ldapsearch for admin (root) user but for ldap have permission problem. First time was resolved putting OU=goauthentik.io/service-accounts but now it not useful. Problem return when I rebooted server.

ldapsearch -x -H ldap://127.0.0.1:389 -D 'cn=ldapservice,ou=goauthentik.io/service-accounts,DC=ldap,DC=po*****,DC=casa' -w '<token>' -b 'DC=ldap,DC=po*******,DC=casa' '(objectClass=user)'
ldapsearch -x -H ldap://127.0.0.1:389 -D 'cn=ldapservice,ou=users,DC=ldap,DC=po*****,DC=casa' -w '<token>' -b 'DC=ldap,DC=po*****,DC=casa' '(objectClass=user)'
@StafLoker StafLoker added the bug Something isn't working label May 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@StafLoker