LDAP (Active Directory) Authentication

[42Fourward]

Hello,
I would like to be able to authenticate on Authentik via an Active Directory account. So I followed this document in order to integrate my AD server : https://docs.goauthentik.io/integrations/sources/active-directory/
User synchronization works correctly, accounts are created on Authentik:

However, when I try to log in with an LDAP account it says the password is incorrect.
I have activated the LDAP backend in the Password Stage:

Here are the logs when I try to connect:

authentik_server  | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "LDAP Auth attempt", "host": "idp.domain.com", "level": "debug", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "source": "<LDAPSource: MY-AD-SERVER.LAN>", "timestamp": "2024-04-13T11:49:06.112897"}
authentik_server  | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "Attempting to bind as user", "host": "idp.domain.com", "level": "debug", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.114576", "user": "<User: my-ldap-user>"}
authentik_server  | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "failed to bind to LDAP", "exc": "LDAPServerPoolExhaustedError('no random active server available in server pool after maximum number of tries')", "host": "idp.domain.com", "level": "warning", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.115081"}
authentik_server  | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "**Failed to bind, password invalid**", "host": "idp.domain.com", "level": "debug", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.115272"}
authentik_server  | {"auth_via": "unauthenticated", "backend": "authentik.sources.ldap.auth.LDAPBackend", "domain_url": "idp.domain.com", "event": "Backend returned nothing, continuing", "host": "idp.domain.com", "level": "debug", "logger": "authentik.stages.password.stage", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.115449"}

If we believe the error (no random active server available in server pool after maximum number of tries), my LDAP server would not be reachable. This is not possible because I can still synchronize the accounts.

If I manually change the password of a synced account directly in Authentik it works but that's not the desired goal, I want to be able to authenticate with the AD server password.

• Authentik version: 2024.2.2
• Deployment: docker-compose

Thank you in advance for your feedback 👍

[authentik-automation]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.