authentik icon indicating copy to clipboard operation
authentik copied to clipboard

Published 20 hours ago verified publisher icon goauthentik

LDAP outpost unhealthy

Open grizzlycode opened this issue 1 year ago • 1 comments

Describe the bug I'm using Authentik compose with Traefik (in Docker) and followed your "Generic Setup" guide for LDAP Provider. When I get to the very last step of setting up the Outpost it initially has a check mark and last seen time. However, when I attempted a LDAP query it was unsuccuesful, so I checked the LDAP outpost again and it shows "Not available."

During the LDAP Outpost setup I noticed I don't have any options for Integration field but, "-------" (see pic) I'm currently using docker, but it doesn't show up in the drop-down list. Could this be why the outpost is unhealthy?

I'm using the following Traefik labels on the Authentik server:

traefik.enable: true
traefik.http.routers.app.rule=Host(`app.domain.com`) || HostRegexp(`{subdomain:[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?}.domain.com`) && PathPrefix(`/outpost.goauthentik.io/`)
traefik.http.routers.app.entrypoints: https
traefik.http.routers.app.tls=true
traefik.http.routers.app.middlewares: authentik@docker

Since "Docker Local Connection" doesn't show up I'm not sure if its a Docker, Authentik, or Traefik issue or some combination of. Or if this is even required for LDAP Provider to work. See "Additional context" secton for some other testing I did.

To Reproduce Steps to reproduce the behavior:

Followed "Generic Setup" LDAP provider guide. Outpost is not running when used with Traefik.

Expected behavior When ran behind Traefik, Outpost is healthy and "ak-outpost-ldap" container is spun up and LDAP works.

Screenshots

outpost_integration

authentik_flow_menu

Version and Deployment (please complete the following information):

  • authentik version: 2023.10.6
  • Deployment: docker-compose

Additional context I created a second Authentik instance with the only difference being I removed Traefik and used standard compose and everything works. I see the "Docker Local Connection" in LDAP Outpost integration field and it spins up a container called "ak-outpost-ldap" and LDAP query works.

For your situational awareness I also notice there is a new field in the create flow window, "Authentication" which isn't present in the "Generic Setup" guide (see pic). I wasn't sure what to pick as it had four options I selected "no requirement" and it still seem to work with my second Authentik instance. But not sure what the value should be in regards to LDAP setup as its not in the guide.

Please note that I can use Authentik behind Traefik using the embeded outpost to forward auth even though I can't assign an integration. So it seems not all functionality is effected just the LDAP outpost.

I tried restarting, waiting a while, and tried different versions of Authentik and I can't get "Docker Local Connection" to show up in integration field while behind Traefik. But my second Authentik instance just works...so I'm assuming Traefik has a role in this issue.

grizzlycode avatar Jan 21 '24 19:01 grizzlycode

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

authentik-automation[bot] avatar Mar 23 '24 01:03 authentik-automation[bot]