Open v1k7g85 opened 7 months ago
v1k7g85
commented
7 months ago Can anyone tell me how to debug this? There is no information in the logs, there is nothing in the web interface, there is no description of troubleshooting in the documentation. It is absolutely unclear how to start fixing this problem.
lukasruckenstuhl
commented
7 months ago Hey, I had the same issue once. In my case I configured the LDAP credentials wrong. However, it has told me so in the Logs.
LukaszC86
commented
7 months ago Hello, in my case manual syncs are working fine on the latest version 2024.2.1 from docker image, but not the automatic ones. I have configured two LDAP sources in "Federation and Social login", one for the users OU, second for the groups OU. The tasks for ldap_sync (or rather ldap_sync_all?) are not created and run every 2 hours as they should be - after 3 hours the manual tasks are removed and not visible in "System Tasks" dashboard... and there is nothing in worker log regarding the automatic LDAP sync. 🙁
Edit: I have done a fresh deployment of version 2024.2.1 and I merged two LDAP sources into one (I didn't notice previously the options for setting addition user and group DN under additional settings) . So I can see now in worker container logs that celery beat scheduler is running the ldap_sync_all task every 2 hours, but as the due task and the synchronization is actually not performed:
2024-02-25T06:59:00.001582806Z INF event=TenantAwareScheduler: Sending due task sources_ldap_sync (authentik.sources.ldap.tasks.ldap_sync_all) to all tenants logger=tenant_schemas_celery.scheduler timestamp=1708844340.0011525
2024-02-25T08:59:00.006889074Z INF event=TenantAwareScheduler: Sending due task sources_ldap_sync (authentik.sources.ldap.tasks.ldap_sync_all) to all tenants logger=tenant_schemas_celery.scheduler timestamp=1708851540.006593
2024-02-25T10:59:00.001910968Z INF event=TenantAwareScheduler: Sending due task sources_ldap_sync (authentik.sources.ldap.tasks.ldap_sync_all) to all tenants logger=tenant_schemas_celery.scheduler timestamp=1708858740.0013678The same is with ldap_check_connection task - when I check source status in Admin panel it's not getting updated. I wasted so many hours to fix it... Maybe it's time to switch to Zitadel... 🤔
Edit 2: Also why there is SCIM source provider on the dashboard always shown as unsynced? It's by default, I didn't configure any...
v1k7g85
commented
7 months ago @lukasruckenstuhl hi! I checked the credentials by strarting manual synchronization and it works fine.
avidflyer17
commented
6 months ago Hello,
I'm having same issues :
If I run it manually it's working. After, I can see in system tasks and in ldap provider that it has been synchronized successfully. But after some time, the system tasks for ldap are gone as the status in ldap provider (back to "no sync yet").
LukaszC86
commented
6 months ago If I run it manually it's working. After, I can see in system tasks and in ldap provider that it has been synchronized successfully. But after some time, the system tasks for ldap are gone as the status in ldap provider (back to "no sync yet").
As a (hopefully) temporary workaround I'm running the sync in cron on docker host:
docker exec authentik-worker-1 ak ldap_sync your_ldap_source_slug
maybe it will help you too. You won't see the sync status in the dashboard, but the objects will be synced.
cardboardpig
commented
6 months ago also seeing this issue, ldap sync jobs have vanished, and I can only get an ldap sync to run by running it manually in the worker container. Manually running sync in UI does not create jobs.
medir
commented
6 months ago We are under a similar problem.
Installation: Docker version 20.10.17, build 100c701 | docker-compose version 1.29.2 Authentik version: 2024.2.2
Problem: The schedule process it's not running as expected every 2h. If we force the sincronitzation throught "Directory => Federation and Social Login => button Run sync again" the sincronitzation process works fine.
Following the Troubleshooting we try to force the sync usign cli:
docker compose run --rm worker ldap_sync *MY-SLUG-SOURCE* With this command It also works fine.
If we test the ldap connection using this command:
docker compose run --rm worker ldap_check_connection *slug of the source*We can see a syntax warning, it could cause the failure on schedule sync task?
/ak-root/venv/lib/python3.12/site-packages/opencontainers/distribution/reggie/defaults.py:17: SyntaxWarning: invalid escape sequence '\(' "http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+"We also tried to recreate the redis database but with the same result, using the button works but schedule task don't run.
Thanks in advance,
authentik-automation[bot]
commented
4 months ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
LukaszC86
commented
4 months ago @BeryJu this is still not fixed in the latest version. 🙁
janwels89
commented
2 months ago Please get this fixed!
cardboardpig
commented
2 months ago This is resolved for me in 2024.4.2 with a fresh installation
PentaPaetzold
commented
1 month ago For me, jobs are working with docker / v24.6.3 - but LDAP users are not created from Authentik users. Will open a new Issue.
@v1k7g85 Can we close this one?
Describe the bug Synchronization with LDAP does not work. Manually and on a schedule. Nothing happens after pressing the button "Run sync again" I checked for 2 days. Synchronization never started and the state of users/groups was not synchronized with LDAP.
To Reproduce It is not clear under what conditions it can be reproduced. But in my installation it is:
Expected behavior Synchronization should work as expected. Periodically according to a schedule and by manually pressing a button.
Screenshots
Logs
Version and Deployment (please complete the following information):