search

TandoorRecipes / recipes

Application for managing recipes, planning meals, building shopping lists and much much more!
https://docs.tandoor.dev
Other
5.15k stars 549 forks source link

LDAP with Authentik #2831

Open lemystere opened 6 months ago

lemystere commented 6 months ago

Issue

I want to use LDAP with Authentik but I can't figure out how it works.

With the log I can see that Tandoor can successfully query Authentik to see all users in Authentik : search_s('ou=users,dc=****,dc=****,dc=****', 2, '(objectClass=user)') returned 1 objects: cn=****,ou=users,dc=****,dc=****,dc=****;

But after I get : Authentication failed for test: failed to map the username to a DN.

So, my guess of the problem involve the environment variable AUTH_LDAP_USER_ATTR_MAP but unfortunately I can't figure out to make it work.

Here is all my environment variables :

LDAP_AUTH=1
AUTH_LDAP_SERVER_URI=ldap://localhost:389
AUTH_LDAP_BIND_DN=cn=****,ou=users,dc=****,dc=****,dc=****
AUTH_LDAP_BIND_PASSWORD=****
AUTH_LDAP_USER_SEARCH_BASE_DN=ou=users,dc=****,dc=****,dc=****
AUTH_LDAP_USER_SEARCH_FILTER_STR=(objectClass=user)
AUTH_LDAP_USER_ATTR_MAP={'username': 'cn'}

Also for the LDAP Outpost of Tandoor here is the log :

INF bindDN=cn=****,ou=users,dc=****,dc=****,dc=**** event=authenticated from session logger=authentik.outpost.ldap.binder.session timestamp=2023-12-24T00:15:13Z

INF bindDN=cn=****,ou=users,dc=****,dc=****,dc=**** client=172.17.0.1 event=Bind request requestId=ad17515f-c780-4157-bf17-57bda564fe76 timestamp=2023-12-24T00:15:13Z took-ms=0

INF attributes=[] baseDN=ou=users,dc=****,dc=****,dc=**** bindDN=cn=****,ou=users,dc=****,dc=****,dc=**** client=172.17.0.1 event=Search request filter=(objectClass=user) requestId=6b65f726-d8ee-459b-98ed-a5e041a1bcc3 scope=Whole Subtree timestamp=2023-12-24T00:15:13Z took-ms=0

For documentation I used :

Tandoor Version

1.5.10

OS Version

Ubuntu 23.10

Setup

Docker / Docker-Compose

Reverse Proxy

Traefik

Other

No response

Environment file

No response

Docker-Compose file

No response

Relevant logs

No response

felixp98 commented 1 month ago

got it working with the following config: 

LDAP_AUTH=1
AUTH_LDAP_SERVER_URI=ldap://****:389
AUTH_LDAP_BIND_DN=CN=ldapservice,OU=users,DC=****,DC=****,DC=****
AUTH_LDAP_BIND_PASSWORD=****
AUTH_LDAP_USER_SEARCH_BASE_DN=ou=users,dc=****,dc=****,dc=****
AUTH_LDAP_USER_SEARCH_FILTER_STR=(cn=%(user)s)
AUTH_LDAP_USER_ATTR_MAP={'username': 'cn', 'email': 'mail'}