LDAP not working, Invalid credentials

[Bleala]

Hello there!

I tried to get the LDAP Outpost in Authentik working, but i'm always getting an Invalid credentials error. I don't know what to do now.

I created an LDAP Providar, Application and Outpost, as you can see on the screenshots.

And also a custom flow, because i read that LDAP is not working if a flow has MFA enabled.

But when i try to do a ldapsearch i'm getting the following error:

ldapsearch -x -h 192.***.***.*** -p 389 -D cn=***,ou=users,dc=ldap,dc=***,dc=*** -w '***' -b 'ou=users,DC=ldap,DC=***,DC=***' '(objectClass=user)' -vvv
ldap_initialize( ldap://192.***.***.***:389 )
ldap_bind: Invalid credentials (49)

In the ak-outpost-ldap container created by Authentik i get the following log:
{"bindDN":"cn=***,ou=users,dc=ldap,dc=***,dc=***","client":"192.***.***.***","event":"Bind request","level":"info","requestId":"5e90557b-5942-4001-b2dd-fa4453798bac","timestamp":"2022-04-18T07:34:28Z","took-ms":35479}

I'm using the latest Authentik version 2022.4.1 and deployed everything with docker-compose.

Do you have an idea what the problem is here?

Greetings

[antoineraulin]

Hi!

I have had more successful results using the following flow:

Look at the documentation for LDAP providers, the allowed stages are Identification, Password and Authenticator validator . While in your flow I see a Login stage, this may be the source of your problem.

[twicechild]

Hello everyone!

I finding my self with a similar problem. I tinkered with the flow but without success. Were you able to make this work?

Only difference is I'm using the Kubernetes integration.

Thank you!

[hanneshier]

Same problem for me... Does anyone had success in resolving this issue yet?

[Natureshadow]

Problem reproducible here.

[BeryJu]

Can you post the logs of both the ldap outpost, the authentik server itself, and also try with the default authentication flow?

[Natureshadow]

Can you post the logs of both the ldap outpost, the authentik server itself, and also try with the default authentication flow?

The logs of the outpost are already posted here. Setting the level to debug does not help, no more info is logged. I am already using the default flow. The Aurhentik server itself does not produce any log output when searching the LDAP. Maybe a caching issue? I could try using direct bind and search.

[BeryJu]

When using the cached binding, restart the outpost, then you should get more logs

[benedikt-bartscher]

I have the same problem, i tried many different Flow setups.
Here are my logs:

bb-authentik_ldap-1  | {"event":"No session found for user, executing flow","level":"debug","logger":"authentik.outpost.ldap.binder.session","timestamp":"2023-02-26T12:47:12Z"}
bb-authentik_ldap-1  | {"bindDN":"cn=opnsense-user,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"10.11.104.1","component":"ak-stage-identification","event":"Got challenge","flow":"ldap","level":"debug","requestId":"ce607e69-1e56-4215-9179-eaf608654f88","timestamp":"2023-02-26T12:47:13Z","type":"native"}
bb-authentik_ldap-1  | {"bindDN":"cn=opnsense-user,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"10.11.104.1","component":"ak-stage-identification","event":"Got response","flow":"ldap","level":"debug","requestId":"ce607e69-1e56-4215-9179-eaf608654f88","timestamp":"2023-02-26T12:47:13Z","type":"native"}
bb-authentik_ldap-1  | {"bindDN":"cn=opnsense-user,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"10.11.104.1","error":"flow error non_field_errors: Failed to authenticate.","event":"failed to execute flow","level":"warning","requestId":"ce607e69-1e56-4215-9179-eaf608654f88","timestamp":"2023-02-26T12:47:13Z"}
bb-authentik_ldap-1  | {"bindDN":"cn=opnsense-user,ou=users,dc=ldap,dc=goauthentik,dc=io","client":"10.11.104.1","event":"Bind request","level":"info","requestId":"ce607e69-1e56-4215-9179-eaf608654f88","timestamp":"2023-02-26T12:47:13Z","took-ms":318}

[marrobHD]

Same here...

Edit: Somehow I needed to recreate the ldap outpost...

[glycerine102]

Same problem here running on version 2023.2.2 inside Kubernetes.
The LDAP outposts were provisioned with the Kubernetes integration.
I followed the docs from the Create LDAP Provider step first. When that didn't work I went back and set up the stages and flow. Both the default flow and the ldap specific flow still just give me invalid credentials.

ldap_bind: Invalid credentials (49)

The logs below are from the outpost ldap pod with debug on. I don't see any logs appear in the server/worker pods when triggering these.

ak-outpost-ldap-phl-cb6545fdb-zm5ls ldap {"event":"No session found for user, executing flow","level":"debug","logger":"authentik.outpost.ldap.binder.session","timestamp":"2023-03-02T16:37:10Z"}
ak-outpost-ldap-phl-cb6545fdb-zm5ls ldap {"bindDN":"cn=ldapservice,ou=users,dc=ldap,dc=***,dc=net","client":"10.81.0.138","component":"ak-stage-access-denied","event":"Got challenge","flow":"ldap-authentication-flow","level":"debug","requestId":"0894b67c-2b87-4290-b4bd-4f96519f3327","timestamp":"2023-03-02T16:37:10Z","type":"native"}
ak-outpost-ldap-phl-cb6545fdb-zm5ls ldap {"bindDN":"cn=ldapservice,ou=users,dc=ldap,dc=***,dc=net","client":"10.81.0.138","event":"Invalid credentials","level":"info","requestId":"0894b67c-2b87-4290-b4bd-4f96519f3327","timestamp":"2023-03-02T16:37:10Z"}
ak-outpost-ldap-phl-cb6545fdb-zm5ls ldap {"bindDN":"cn=ldapservice,ou=users,dc=ldap,dc=***,dc=net","client":"10.81.0.138","event":"Bind request","level":"info","requestId":"0894b67c-2b87-4290-b4bd-4f96519f3327","timestamp":"2023-03-02T16:37:10Z","took-ms":31}

EDIT: I've fixed my issue by adding another stage in my flow. I noticed the docs under the Create Custom Flow section only utilized two of the created stages with orders 10 and 30 (between steps 3 and 4). I added the ldap-authentication-password stage with an order of 20. I also recreated the application, provider, and outpost as I don't believe my changes were taking effect on the outpost.

[xubiaosunny]

我这里也有这个问题

server log

{"auth_via": "unauthenticated", "event": "f(exec): Flow not applicable to current user", "exc": "FlowNonApplicableException()", "flow_slug": "ldap-authentication-flow", "host": "example.com:8012", "level": "warning", "logger": "authentik.flows.views.executor", "pid": 6278, "request_id": "3378dd964c47428fabbac97fc426289a", "timestamp": "2023-03-03T08:46:45.218857"}
{"auth_via": "unauthenticated", "errors": {"error_message": ["Not a valid string."]}, "event": "f(ch): Invalid challenge", "host": "example:8012", "level": "warning", "logger": "authentik.flows.stage", "pid": 6278, "request_id": "3378dd964c47428fabbac97fc426289a", "stage": null, "stage_view": "authentik.flows.stage.AccessDeniedChallengeView", "timestamp": "2023-03-03T08:46:45.220117"}
{"auth_via": "unauthenticated", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "example.com:8012", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 6278, "remote": "10.196.220.254", "request_id": "3378dd964c47428fabbac97fc426289a", "runtime": 17, "scheme": "http", "status": 200, "timestamp": "2023-03-03T08:46:45.226641", "user": "", "user_agent": "goauthentik.io/outpost/2023.2.2"}

[andresiraola]

I had the same issue. The only way I found to fix it is using direct binding/querying.

[Mailstorm-ctrl]

This issue and #5017 are related. As if you use the default flow, you'll get issue #5017. Create your own flow as documented, and you end up with this issue.

[Mrs-Feathers]

i'm using a flow i created from the cooptonian youtube video that has the identification stage and and password stage just as the image showed in this thread.. it was working for a while and stopped. the restarting of the ldap docker outpost didn't help... creating the user, outpost, and everything LDAP related did work but a couple days later everythign stopped working agian... and i can confirm its not a cache issue as it doesn't work on direct connection either.

[TMUniversal]

I managed to get it to work with these settings:

Please let me know if this works for you, especially the notes marked as important.
You can @ mention me for questions about this configuration.

authentik version 2023.10.7
LDAP Client: Jellyfin LDAP Auth Plugin v18, I have also had success with LDAPSoft Ldap Browser 6.10

Important

Pay special attention to the Authentik LDAP Provider's Direct Binding. Thank you @Zapfmeister

LDAP

Bind User: cn=ldap_bind_user,ou=ldap_bind_user,dc=ldap,dc=goauthentik,dc=io

Important

Note how the group ou is set to the username, for which a single-user group exists in authentik.
To do this, I created a service account named ldap_bind_user, with a group of the same name.

Base DN: dc=ldap,dc=goauthentik,dc=io
Bind Password: the service account's token.

Connection is set to SSL (port 636) (you may need to specify skip verification), not StartTLS.

Authentik

Flow

Flow settings

• Slug: ldap-authentication-flow
• Designation: Authentication
• Authentication: Require no authentication (likely optional, this is the prerequisite to use this flow)
• Behavior
  • Compatibility Mode: on
  • Denied action: MESSAGE_CONTINUE
  • Policy engine mode: any

Stage Bindings

• 10 ldap-identification-stage Identification Stage
• 30 ldap-authentication-login User Login Stage

Both set to:

• Evaluate when flow is planned: yes
• Evaluate when stage is run: no
• Invalid response behavior: RETRY
• Policy engine mode: any

Identification Stage

• Name: ldap-identification-stage
• User fields: Username, E-Mail (UPN is not selected)
• Password stage: ldap-authentication-password
• Case insensitive matching: yes
• Show matched user: yes
• Sources: authentik Built-in (should not be necessary)
• Show sources' labels: no
• Flow settings: all blank

Password Stage

• Name: ldap-authentication-password
• Backends: User database + standard password, User database + app password, User database + LDAP password
• Configuration flow: default-password-change (Change Password) (default)
• Failed attempts before cancel: 5 (default)

Authentication Stage

• Name: ldap-authentication-login
• Session duration: seconds=0 (default)
• Stay signed in offset: seconds=0 (default)
• Terminate other sessions: no

Provider

Your provider must be associated with an application and selected in the LDAP outpost.

• Name: LDAP
• Modes set to direct
• Base DN: dc=ldap,dc=goauthentik,dc=io

Important

I have a search group set, ldap_search, which must be created separately.
The ldap_bind_user must be assigned to that group.

[Zapfmeister]

ldapsearch -x -LLL -h IP -p 389 -W -D "CN=ldapsearch,ou=users,dc=ldap,dc=mydomain,dc=mydomainsuffix" -b 'DC=ldap,DC=mydomain,dc=mydomainsuffix' '(objectClass=*)' -d "debug"
Enter LDAP Password:

Produced the error:
ldap_bind: Insufficient access (50)

What fixed it for me, was to change the provider from cached binding and cached querying to direct.
Also, make sure to create a service user, not a normal users

[kuolemaaa]

FIXED (sort of): My so-called authentik_ldap LDAP outpost container was contacting my authentik server container via http://authentik_server:9000 that is the internal (by means of docker network) endpoint using the environment variable in docker compose AUTHENTIK_HOST: http://authentik_server:9000.

Turns out it did not liked it (I guess 'it' is the main authentik server, looking at the log below and the HTTP 302s there). Hence I switched to an https version of the endpoint, using the url on the advanced setting in the LDAP application edit page, and the ldapsearch query worked.

The problem is that the URL that authentik showed me is the public one and I would like to keep the communication between the ldap outpost and the authentik server inside the docker network, for example, using https://authentik_server:9443.

Using the internal name of docker it does not work tho. Suggestions are welcome.

---

authentik 2024.2.1

Same configuration (if im not wrong) as TMUniversal's setup (above) and it does not work for me.

Executing from another container inside the same network of the ldap outpost, authentik and authentik's worker:

# ldapsearch -H 'ldap://authentik_ldap:3389' -D 'cn=ldapsearch,ou=ldapsearch,dc=ldap,dc=goauthentik,dc=io' -w 'service'
ldap_bind: Invalid credentials (49)

My outpost container tells me:

{"bindDN":"cn=ldapsearch,ou=ldapsearch,dc=ldap,dc=goauthentik,dc=io","client":"172.22.0.2","error":"exceeded stage recursion depth","event":"failed to execute flow","level":"warning","requestId":"49eb9457-c7ab-4e0e-9767-dbb3b6a931d7","timestamp":"2024-03-04T16:12:37Z"}
{"bindDN":"cn=ldapsearch,ou=ldapsearch,dc=ldap,dc=goauthentik,dc=io","client":"172.22.0.2","event":"Bind request","level":"info","requestId":"49eb9457-c7ab-4e0e-9767-dbb3b6a931d7","timestamp":"2024-03-04T16:12:37Z","took-ms":6436}

My authentik container tells me:

{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "3b21c15be01a40818f2e661627d03907", "runtime": 403, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:17.620257", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "f26d08c709b44eb9a35a0ac2d37dfb8d", "schema_name": "public", "timestamp": "2024-03-04T16:14:17.800623", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "f26d08c709b44eb9a35a0ac2d37dfb8d", "runtime": 193, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:17.823018", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "c755e3f1f1e14848bb2fd3303a6c5e6b", "runtime": 410, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:18.242729", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "9589673d28914e77804e40389ce812f9", "schema_name": "public", "timestamp": "2024-03-04T16:14:18.417375", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "9589673d28914e77804e40389ce812f9", "runtime": 169, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:18.419895", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "df74bfcf82af4fb1b1ea628bd9fcd907", "runtime": 407, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:18.837047", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "8a643cec3a584e6baa085b4b3f80658d", "schema_name": "public", "timestamp": "2024-03-04T16:14:19.036878", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "8a643cec3a584e6baa085b4b3f80658d", "runtime": 193, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:19.039706", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "7a2b72d25eea435f831c6e10e8f8a085", "runtime": 404, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:19.452507", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "0b82d6fe12b64d9a83ec1b1f71d309dc", "schema_name": "public", "timestamp": "2024-03-04T16:14:19.641777", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "0b82d6fe12b64d9a83ec1b1f71d309dc", "runtime": 182, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:19.643699", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "5eef509353494f62957bf218a1aa8699", "runtime": 397, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:20.050471", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "e76a8ff4d6804c2d84dcebbae842c02f", "schema_name": "public", "timestamp": "2024-03-04T16:14:20.246877", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "e76a8ff4d6804c2d84dcebbae842c02f", "runtime": 189, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:20.249319", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "b25f1cb8886449c49d27e2eddf3bca2f", "runtime": 394, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:20.652793", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "cf387883ebdf4449ad95c1f05c2d80f0", "schema_name": "public", "timestamp": "2024-03-04T16:14:20.843857", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "cf387883ebdf4449ad95c1f05c2d80f0", "runtime": 183, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:20.845853", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "5226f04662c340618df47cfdb814077a", "runtime": 401, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:21.255458", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "53099260dbca4e339a2048ba73a86a60", "schema_name": "public", "timestamp": "2024-03-04T16:14:21.436105", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "53099260dbca4e339a2048ba73a86a60", "runtime": 174, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:21.438323", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "120422b435da42a4b714e4852f90c1a1", "runtime": 403, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:21.851588", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "b63fc48092af4f8481864123160ae52b", "schema_name": "public", "timestamp": "2024-03-04T16:14:22.041525", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "b63fc48092af4f8481864123160ae52b", "runtime": 184, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:22.043855", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "1b6d8bffae8e431185fb87de1200289d", "runtime": 393, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:22.446041", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "e71c6c5c416245c39b32a831c67dec15", "schema_name": "public", "timestamp": "2024-03-04T16:14:22.628431", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "e71c6c5c416245c39b32a831c67dec15", "runtime": 174, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:22.630782", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "bd77937d812b4a57b5c0337395aa0be2", "runtime": 406, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:23.046196", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "backend": "authentik.core.auth.InbuiltBackend", "domain_url": "authentik", "event": "Successful authentication", "host": "authentik:9000", "level": "info", "logger": "authentik.stages.password.stage", "pid": 48, "request_id": "9c432c4f52a54e03a5f864500c26945f", "schema_name": "public", "timestamp": "2024-03-04T16:14:23.242935", "user": "ldapsearch"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "POST", "pid": 48, "remote": "172.22.0.2", "request_id": "9c432c4f52a54e03a5f864500c26945f", "runtime": 190, "schema_name": "public", "scheme": "http", "status": 302, "timestamp": "2024-03-04T16:14:23.246267", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}
{"auth_via": "unauthenticated", "domain_url": "authentik", "event": "/api/v3/flows/executor/ldap-authentication-flow/?query=goauthentik.io%252Foutpost%252Fldap%3Dtrue", "host": "authentik:9000", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 48, "remote": "172.22.0.2", "request_id": "9c6afe9dacdc4b058669ccd1c99d21ce", "runtime": 388, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-03-04T16:14:23.643545", "user": "", "user_agent": "goauthentik.io/outpost/2024.2.1"}

I dont know if worth mentioning: I "checked access" of the application LDAP against ldapsearch user and passed.

[dotupNET]

Any news?