Ldap Object uniqueness field not mapped to ldap_uniq

[marlon006]

Describe the bug Unable to implement Ldap, because there is no object uniqueness. Even though the Object uniqueness field is populated with ObjectSid, it will not get mapped to ldap_uniq or when using custom property mapping. To Reproduce Steps to reproduce the behavior:

1. Go to 'Directory, Federation an Social Login'
2. Click on 'LDAP Source'
3. Scroll down to 'Run sync again'
4. See error: Group does not exist in our DB yet, run sync_groups first: 'CN=Administrators,OU=Groups,OU=Authentik,OU=OU-folder,DC=domain,DC=domain,DC=domain,DC=tld' This error occurs every sync, and the group is recreated every sync, if I let this continue for # hours, it will create # amount of groups.

Ldap_uniq is not set since 2024.6.2 at least If updated to the development version, Ldap sync is working properly and the property ldap_uniq gets created using the Object uniqueness field, which in my configuration is set as ObjectSid, which is confirmed working on dev-server and dev-worker.

Expected behavior Ldap_uniq Value be properly set according to the Object uniqueness field

Screenshots If applicable, add screenshots to help explain your problem. If required, these will be added,

Logs Output of docker-compose logs or kubectl logs respectively Currently Anonymizing the logs,

Version and Deployment (please complete the following information):

• authentik version: 2024.6.3
• Deployment: docker-compose

Additional context Creating a custom mapping to map ldap_uniq does not work sadly.

[forgo]

I also seem to be having this issue. I recently upgraded from 2024.6.2 to 2024.8.1 using helm, but can't say much about the difference in syncing behaviors, as I am still playing around with settings a lot to get something working.

[leedsjb]

Also having this issue. Any chance to get this looked at?

[forgo]

The other issue with this, is that after downgrading to 2024.6.1 (per the comments of @marlon006 above), I am having trouble getting the server pods back up due to this error being repeated:

{"error":"authentik starting","event":"failed to proxy to backend","level":"warning","logger":"authentik.router","timestamp":"2024-09-13T21:20:41Z"}
{"event": "Internal Server Error: /-/health/live/", "exception": [{"exc_type": "AttributeError", "exc_value": "Can't get attribute 'LicenseUsageStatus' on <module 'authentik.enterprise.models' from '/authentik/enterprise/models.py'>", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", "line": "", "lineno": 55, "locals": {"exc": "'AttributeError(\"Can\\'t get attribute \\'LicenseUsageStatus\\' on <module \\'authentik.e'+59", "get_response": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10", "request": "<ASGIRequest: GET '/-/health/live/'>"}, "name": "inner"}, {"filename": "/authentik/events/middleware.py", "line": "", "lineno": 152, "locals": {"request": "<ASGIRequest: GET '/-/health/live/'>", "self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "__call__"}, {"filename": "/authentik/enterprise/audit/middleware.py", "line": "", "lineno": 29, "locals": {"__class__": "<class 'authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware'>", "request": "<ASGIRequest: GET '/-/health/live/'>", "self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "connect"}, {"filename": "/authentik/enterprise/audit/middleware.py", "line": "", "lineno": 25, "locals": {"self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "enabled"}, {"filename": "/authentik/enterprise/apps.py", "line": "", "lineno": 22, "locals": {"self": "<AuthentikEnterpriseConfig: authentik_enterprise>"}, "name": "enabled"}, {"filename": "/authentik/enterprise/apps.py", "line": "", "lineno": 28, "locals": {"LicenseKey": "<class 'authentik.enterprise.license.LicenseKey'>", "self": "<AuthentikEnterpriseConfig: authentik_enterprise>"}, "name": "check_enabled"}, {"filename": "/authentik/enterprise/license.py", "line": "", "lineno": 205, "locals": {}, "name": "cached_summary"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 92, "locals": {"client": "None", "default": "None", "key": "goauthentik.io/enterprise/license", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>", "version": "None"}, "name": "get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 29, "locals": {"args": "('goauthentik.io/enterprise/license', None, None, None)", "kwargs": "{}", "method": "<function RedisCache._get at 0x7f1ff22da200>", "return_value": "<object object at 0x7f1ff25fc9b0>", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>"}, "name": "_decorator"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 99, "locals": {"client": "None", "default": "None", "key": "goauthentik.io/enterprise/license", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>", "version": "None"}, "name": "_get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 265, "locals": {"client": "'Redis<ConnectionPool<Connection<host=authentik-stg-redis-master,port=6379,db=0>>'+1", "default": "None", "key": "public:authentik_cache:1:goauthentik.io/enterprise/license", "self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325", "version": "None"}, "name": "get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 452, "locals": {"self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "decode"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/serializers/pickle.py", "line": "", "lineno": 32, "locals": {"self": "<django_redis.serializers.pickle.PickleSerializer object at 0x7f1ff2663ad0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "loads"}], "is_cause": false, "syntax_error": null}, {"exc_type": "ValueError", "exc_value": "invalid literal for int() with base 10: b'\\x80\\x04\\x95\\xc4\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x94(\\x8c\\x0einternal_users\\x94K\\x00\\x8c\\x0eexternal_users\\x94K\\x00\\x8c\\x06status\\x94\\x8c\\x1bauthentik.enterprise.models\\x94\\x8c\\x12LicenseUsageStatus\\x9", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 445, "locals": {"self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "decode"}], "is_cause": false, "syntax_error": null}], "level": "error", "logger": "django.request", "timestamp": 1726262441.5614254}
{"auth_via": "unauthenticated", "domain_url": "localhost", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 64, "remote": "255.255.255.255", "request_id": "97e7b9ed6b7c41949cd17fae393ec4b6", "runtime": 11, "schema_name": "public", "scheme": "http", "status": 500, "timestamp": "2024-09-13T21:20:41.564716", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}
{"event": "Internal Server Error: /-/health/live/", "exception": [{"exc_type": "AttributeError", "exc_value": "Can't get attribute 'LicenseUsageStatus' on <module 'authentik.enterprise.models' from '/authentik/enterprise/models.py'>", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", "line": "", "lineno": 55, "locals": {"exc": "'AttributeError(\"Can\\'t get attribute \\'LicenseUsageStatus\\' on <module \\'authentik.e'+59", "get_response": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10", "request": "<ASGIRequest: GET '/-/health/live/'>"}, "name": "inner"}, {"filename": "/authentik/events/middleware.py", "line": "", "lineno": 152, "locals": {"request": "<ASGIRequest: GET '/-/health/live/'>", "self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "__call__"}, {"filename": "/authentik/enterprise/audit/middleware.py", "line": "", "lineno": 29, "locals": {"__class__": "<class 'authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware'>", "request": "<ASGIRequest: GET '/-/health/live/'>", "self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "connect"}, {"filename": "/authentik/enterprise/audit/middleware.py", "line": "", "lineno": 25, "locals": {"self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "enabled"}, {"filename": "/authentik/enterprise/apps.py", "line": "", "lineno": 22, "locals": {"self": "<AuthentikEnterpriseConfig: authentik_enterprise>"}, "name": "enabled"}, {"filename": "/authentik/enterprise/apps.py", "line": "", "lineno": 28, "locals": {"LicenseKey": "<class 'authentik.enterprise.license.LicenseKey'>", "self": "<AuthentikEnterpriseConfig: authentik_enterprise>"}, "name": "check_enabled"}, {"filename": "/authentik/enterprise/license.py", "line": "", "lineno": 205, "locals": {}, "name": "cached_summary"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 92, "locals": {"client": "None", "default": "None", "key": "goauthentik.io/enterprise/license", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>", "version": "None"}, "name": "get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 29, "locals": {"args": "('goauthentik.io/enterprise/license', None, None, None)", "kwargs": "{}", "method": "<function RedisCache._get at 0x7f1ff22da200>", "return_value": "<object object at 0x7f1ff25fc9b0>", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>"}, "name": "_decorator"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 99, "locals": {"client": "None", "default": "None", "key": "goauthentik.io/enterprise/license", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>", "version": "None"}, "name": "_get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 265, "locals": {"client": "'Redis<ConnectionPool<Connection<host=authentik-stg-redis-master,port=6379,db=0>>'+1", "default": "None", "key": "public:authentik_cache:1:goauthentik.io/enterprise/license", "self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325", "version": "None"}, "name": "get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 452, "locals": {"self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "decode"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/serializers/pickle.py", "line": "", "lineno": 32, "locals": {"self": "<django_redis.serializers.pickle.PickleSerializer object at 0x7f1ff2663ad0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "loads"}], "is_cause": false, "syntax_error": null}, {"exc_type": "ValueError", "exc_value": "invalid literal for int() with base 10: b'\\x80\\x04\\x95\\xc4\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x94(\\x8c\\x0einternal_users\\x94K\\x00\\x8c\\x0eexternal_users\\x94K\\x00\\x8c\\x06status\\x94\\x8c\\x1bauthentik.enterprise.models\\x94\\x8c\\x12LicenseUsageStatus\\x9", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 445, "locals": {"self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "decode"}], "is_cause": false, "syntax_error": null}], "level": "error", "logger": "django.request", "timestamp": 1726262442.5311837}
{"auth_via": "unauthenticated", "domain_url": "localhost", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 65, "remote": "255.255.255.255", "request_id": "01178b5fc8dc49caa35f1dc3757454d4", "runtime": 10, "schema_name": "public", "scheme": "http", "status": 500, "timestamp": "2024-09-13T21:20:42.534111", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}
{"event": "Internal Server Error: /-/health/live/", "exception": [{"exc_type": "AttributeError", "exc_value": "Can't get attribute 'LicenseUsageStatus' on <module 'authentik.enterprise.models' from '/authentik/enterprise/models.py'>", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/django/core/handlers/exception.py", "line": "", "lineno": 55, "locals": {"exc": "'AttributeError(\"Can\\'t get attribute \\'LicenseUsageStatus\\' on <module \\'authentik.e'+59", "get_response": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10", "request": "<ASGIRequest: GET '/-/health/live/'>"}, "name": "inner"}, {"filename": "/authentik/events/middleware.py", "line": "", "lineno": 152, "locals": {"request": "<ASGIRequest: GET '/-/health/live/'>", "self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "__call__"}, {"filename": "/authentik/enterprise/audit/middleware.py", "line": "", "lineno": 29, "locals": {"__class__": "<class 'authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware'>", "request": "<ASGIRequest: GET '/-/health/live/'>", "self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "connect"}, {"filename": "/authentik/enterprise/audit/middleware.py", "line": "", "lineno": 25, "locals": {"self": "'<authentik.enterprise.audit.middleware.EnterpriseAuditMiddleware object at 0x7f1'+10"}, "name": "enabled"}, {"filename": "/authentik/enterprise/apps.py", "line": "", "lineno": 22, "locals": {"self": "<AuthentikEnterpriseConfig: authentik_enterprise>"}, "name": "enabled"}, {"filename": "/authentik/enterprise/apps.py", "line": "", "lineno": 28, "locals": {"LicenseKey": "<class 'authentik.enterprise.license.LicenseKey'>", "self": "<AuthentikEnterpriseConfig: authentik_enterprise>"}, "name": "check_enabled"}, {"filename": "/authentik/enterprise/license.py", "line": "", "lineno": 205, "locals": {}, "name": "cached_summary"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 92, "locals": {"client": "None", "default": "None", "key": "goauthentik.io/enterprise/license", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>", "version": "None"}, "name": "get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 29, "locals": {"args": "('goauthentik.io/enterprise/license', None, None, None)", "kwargs": "{}", "method": "<function RedisCache._get at 0x7f1ff22da200>", "return_value": "<object object at 0x7f1ff25fc9b0>", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>"}, "name": "_decorator"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/cache.py", "line": "", "lineno": 99, "locals": {"client": "None", "default": "None", "key": "goauthentik.io/enterprise/license", "self": "<django_redis.cache.RedisCache object at 0x7f1ff2661850>", "version": "None"}, "name": "_get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 265, "locals": {"client": "'Redis<ConnectionPool<Connection<host=authentik-stg-redis-master,port=6379,db=0>>'+1", "default": "None", "key": "public:authentik_cache:1:goauthentik.io/enterprise/license", "self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325", "version": "None"}, "name": "get"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 452, "locals": {"self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "decode"}, {"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/serializers/pickle.py", "line": "", "lineno": 32, "locals": {"self": "<django_redis.serializers.pickle.PickleSerializer object at 0x7f1ff2663ad0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "loads"}], "is_cause": false, "syntax_error": null}, {"exc_type": "ValueError", "exc_value": "invalid literal for int() with base 10: b'\\x80\\x04\\x95\\xc4\\x00\\x00\\x00\\x00\\x00\\x00\\x00}\\x94(\\x8c\\x0einternal_users\\x94K\\x00\\x8c\\x0eexternal_users\\x94K\\x00\\x8c\\x06status\\x94\\x8c\\x1bauthentik.enterprise.models\\x94\\x8c\\x12LicenseUsageStatus\\x9", "frames": [{"filename": "/ak-root/venv/lib/python3.12/site-packages/django_redis/client/default.py", "line": "", "lineno": 445, "locals": {"self": "<django_redis.client.default.DefaultClient object at 0x7f1ff2669fa0>", "value": "\"b'\\\\x80\\\\x04\\\\x95\\\\xc4\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00}\\\\x94(\\\\x8c\\\\x0einternal_users\\\\x94K\\\\\"+325"}, "name": "decode"}], "is_cause": false, "syntax_error": null}], "level": "error", "logger": "django.request", "timestamp": 1726262443.5311735}
{"auth_via": "unauthenticated", "domain_url": "localhost", "event": "/-/health/live/", "host": "localhost:8000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 64, "remote": "255.255.255.255", "request_id": "b9b9e7ba5c554596bc336d5d3b3809ad", "runtime": 11, "schema_name": "public", "scheme": "http", "status": 500, "timestamp": "2024-09-13T21:20:43.533893", "user": "", "user_agent": "goauthentik.io/router/healthcheck"}

I'm guessing there was some license middleware checks added between these versions, and the down migrations are not accounting for this.

Unfortunately this is now preventing me from downgrading or upgrading successfully without nuking my databases.

Can someone offer some suggestions to either resolve this error in 2024.8.1:

        "message": "Failed to create user: User() got unexpected keyword arguments: 'ldap_uniq' To merge new user with existing user, set the user's Attribute 'ldap_uniq' to '{063e0e0c-fb9d-40d9-a815-80354aecf3b0}'"

Alternatively, if there is a workaround to the downgrade to 2024.6.1 and the LicenseUsageStatus error, let me know.

My next attempt will be to upgrade somewhere in the middle (2024.6.2), as it was unclear if it was that version or 2024.6.3 that introduced the issue with ldap_uniq mapping.

[forgo]

Updating to 2024.6.2 has the same LicenseUsageStatus errors trying to start up the server pods. Going to go back to the latest 2024.8.1 and hope there's some workaround or patch for this LDAP issue.

[forgo]

I believe I may have spotted a potential bug on this line of the sources/ldap/models.py file.

Potential Fix

You could modify the line in update_properties_with_uniqueness_field to use self.object_uniqueness_field as the key, replacing the hardcoded LDAP_UNIQUENESS:

properties["attributes"][self.object_uniqueness_field] = flatten(ldap.get(self.object_uniqueness_field))

This change will ensure that the key in the attributes dictionary corresponds to self.object_uniqueness_field, which is dynamically set via user input, rather than being fixed to LDAP_UNIQUENESS.

By making this adjustment, the code should start using the user-specified uniqueness field for both the key and the value in the properties dictionary, avoiding the hardcoded "ldap_uniq" issue.

Also, the error message should only fallback to the constant when the input field is not defined -- to give more useful feedback to the user.

I'm not sure I 100% understand the consequences of these changes. Hopefully someone with more experience in this code like @rissson can confirm if this could potentially be problematic.

A temporary workaround, it may seem, could be that we duplicate our ObjectGUID unique identifier as ldap_uniq in the actual LDAP fields?

Appreciate any help here, and have a good weekend everyone!

[forgo]

I'm seeing an authentik release 2024.8.2 from 7 hours ago which makes reference in the change log to:

• sources/ldap: fix missing search attribute (cherry-pick #11125) by @gcp-cherry-pick-bot in #11340

Looking at those commits, I was hopeful they would resolve my issue, but the error persists.

"message": "Failed to create user: Username was not set by propertymappings To merge new user with existing user, set the user's Attribute 'ldap_uniq' to '{043e0e0c-fb9d-50d9-a815-82354aecf3b3}'"

I've tried removing/adding property mappings entirely for the users (i am not syncing groups) without luck.

Here is an example of the custom property mapping I tried to address the error above:

Here is an example (in this case without the custom property mapping):

And some of the "Additional Settings" which seem very relevant to this error (especially Object uniqueness field)

[saz]

@forgo Is there an attribute on the user named ldap_uniq?

[forgo]

@saz Thanks for the message. We had a talk with Authentik and turns out there was a slight bug where group mappings were expected to exist for the LDAP sync to occur at all. This was the underlying issue that was preventing the sync from happening in general. Despite not needing to sync group information for our use case, we set one of the default out-of-the-box group mappings for LDAP, and the sync started to work more predictably again, and we were able to map properties from our source into the top-level user fields and the metadata attributes.

[marlon006]

I can confirm, that updating from the development branch to 2024.8.2, has solved my issue, and new ldap groups get properly mapped.