authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

LDAP search seems to only return the user performing the search

Open kaylee-98 opened this issue 1 year ago • 8 comments

Describe your question/ I want to use Authentik as an LDAP provider. I followed to the letter the instructions provided in the documentation. However while testing this, I ran

ldapsearch -x -H ldap://localhost -D "cn=bind-user,ou=users,DC=ldap,DC=authentik,DC=company" -b "DC=ldap,DC=authentik,DC=company" '(objectClass=user)' -W

Which I expected would give me information about all the users on the system. However, it returns only the user information for bind-user itself. (Yes, bind-user is a member of the search group).

Relevant infos I'm using the latest version. It's also probably pertinent to point out that authentication for other users appears to work fine. It just won't provide a listing. I've tried various things, but to be honest I only vaguely understand LDAP so I didn't get far. My assumption is that this is something I am doing wrong, rather than some kind of bug, and I'm only posting here in the hope that someone might be able to help me find the right track.

Logs Nothing appears in the logs at all actually.

Version and Deployment (please complete the following information):

  • authentik version: 2023.10
  • Deployment: docker-compose

Thank you :)

kaylee-98 avatar Feb 18 '24 07:02 kaylee-98

+1 having the same issue here, anybody figure this out?

MaximalCats avatar Apr 04 '24 21:04 MaximalCats

Yep, also have the same issue when trying to integrate LDAP with CheckMK. only seeing LDAP Bind User and Group. nothing else.

0xNIEI avatar May 04 '24 09:05 0xNIEI

I don't understand why, but your LDAP Service User needs to be added to group authentik Users.

kusold avatar May 09 '24 05:05 kusold

I added the ldapservice user to my 'users' (i rename the group from authentik Users to users) group. still doesn't work

0xNIEI avatar May 10 '24 06:05 0xNIEI

I just ran into this too, you need edit your LDAP Provider to add a search group of users who can do searches.

image

NicholasFeldman avatar Jul 12 '24 17:07 NicholasFeldman

I just ran into this too, you need edit your LDAP Provider to add a search group of users who can do searches.

image

Exactly that's what I was missing. I think that should be a screenshot in the docs. Someone care for a PR?

aep avatar Jul 12 '24 20:07 aep

As said above, the search group is required for a user to be able to view all users in LDAP. I thought we had mentioned this in the docs more clearly but we did not

BeryJu avatar Jul 18 '24 16:07 BeryJu