Closed Svenum closed 1 year ago
Is the service account you're binding with allowed to access the application assigned to the ldap provider? You can check this in the application view using the check access button
Yes, it is passing:
Now i found this error in my logs:
2023/03/22 14:40:04 handleSearchRequest error LDAP Result Code 50 "Insufficient Access Rights": Search Error: Anonymous BindDN not allowed
After deleting and recreating Service Accounts, Provider, Application and involved Groups everything works as expected...
I having this problem, though recreating stuff didn't help.
EDIT: Nvm, i was being dumb and not having a login stage in my LDAP flow
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
i had this issue, recreated ldap service account, provider and application and group and it worked... but whats annoying is that it hasn't even been a month and already its failing like this again... recreating stuff works but.. what is happening why does it do this? how can i stop this exact error from happening in production?
Same problem here. New created service-account as ldap bind user was unable to query "ldap_bind: Insufficient access (50)". Identical rights as another user created yesterday for another binding. Tested per ldapsearch from the same server.
Seems to be a caching problem! -> "event":"authenticated from session" Solved after restart authentik-ldap docker container.
Logs before restarting
working (usera)
{"bindDN":"cn=ldap_bind_usera,ou=users,dc=ldap,dc=goauthentik,dc=io","event":"authenticated from session","level":"info","logger":"authentik.outpost.ldap.binder.session","timestamp":"2023-09-03T21:07:09Z"}
{"bindDN":"cn=ldap_bind_usera,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"172.16.10.33","event":"Bind request","level":"info","requestId":"9abf8aa5-5445-40ea-806d-03b284f72f70","timestamp":"2023-09-03T21:07:09Z","took-ms":2}
{"attributes":[],"baseDN":"DC=ldap,DC=goauthentik,DC=io","bindDN":"cn=ldap_bind_XXX,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"172.16.10.33","event":"Search request","filter":"(objectClass=group)","level":"info","requestId":"4963
77db-57e4-4cac-a50d-d04a82c73e4a","scope":"Whole Subtree","timestamp":"2023-09-03T21:07:09Z","took-ms":0}
not working (userb)
{"bindDN":"cn=ldap_bind_userb,ou=users,dc=ldap,dc=goauthentik,dc=io","event":"authenticated from session","level":"info","logger":"authentik.outpost.ldap.binder.session","timestamp":"2023-09-03T21:07:21Z"}
{"bindDN":"cn=ldap_bind_userb,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"172.16.10.33","event":"Bind request","level":"info","requestId":"14b4cd5a-8d27-4e5e-8b3a-993d5da69508","timestamp":"2023-09-03T21:07:21Z","took-ms":0}
Yup same issue. When I first setup the outpost and applications everything works fine. Then several minutes later...it just starts to fail. So I made the LDAP flow as described in the docs which did not help. After creating that flow and assigning it I still get insufficient access. If I bind the flow the user I'm testing with, I get invalid credentials.
Haven't tried remaking everything but I don't believe that's a valid solution as that implies there's a deeper root issue that should be resolved first.
Same here, worked first, and then "Connect (Success); Bind: Insufficient Access Rights", after I changed nothing. Got it working now after adding the group to the application.
If I want to connect to my ldap I always get the error: "Insufficient Access Rights (50)" In the ldap-outpost is this in the log:
Steps to reproduce the behavior: I do not know how to reproduce this error. I followed the manual in your Docs. The user I use is in the Group thats allowed to bind.
I want to login to these applications via LDAP:
Provider Settings:
Nextcloud Settings:
Version and Deployment (please complete the following information):