You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I would like to be able to authenticate on Authentik via an Active Directory account. So I followed this document in order to integrate my AD server : https://docs.goauthentik.io/integrations/sources/active-directory/
User synchronization works correctly, accounts are created on Authentik:
However, when I try to log in with an LDAP account it says the password is incorrect.
I have activated the LDAP backend in the Password Stage:
Here are the logs when I try to connect:
authentik_server | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "LDAP Auth attempt", "host": "idp.domain.com", "level": "debug", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "source": "<LDAPSource: MY-AD-SERVER.LAN>", "timestamp": "2024-04-13T11:49:06.112897"}
authentik_server | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "Attempting to bind as user", "host": "idp.domain.com", "level": "debug", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.114576", "user": "<User: my-ldap-user>"}
authentik_server | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "failed to bind to LDAP", "exc": "LDAPServerPoolExhaustedError('no random active server available in server pool after maximum number of tries')", "host": "idp.domain.com", "level": "warning", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.115081"}
authentik_server | {"auth_via": "unauthenticated", "domain_url": "idp.domain.com", "event": "**Failed to bind, password invalid**", "host": "idp.domain.com", "level": "debug", "logger": "authentik.sources.ldap.auth", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.115272"}
authentik_server | {"auth_via": "unauthenticated", "backend": "authentik.sources.ldap.auth.LDAPBackend", "domain_url": "idp.domain.com", "event": "Backend returned nothing, continuing", "host": "idp.domain.com", "level": "debug", "logger": "authentik.stages.password.stage", "pid": 43, "request_id": "0ca578ce09b14cf482ad0edbf18d8115", "schema_name": "public", "timestamp": "2024-04-13T11:49:06.115449"}
If we believe the error (no random active server available in server pool after maximum number of tries), my LDAP server would not be reachable. This is not possible because I can still synchronize the accounts.
If I manually change the password of a synced account directly in Authentik it works but that's not the desired goal, I want to be able to authenticate with the AD server password.
Authentik version: 2024.2.2
Deployment: docker-compose
Thank you in advance for your feedback 👍
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hello,
I would like to be able to authenticate on Authentik via an Active Directory account. So I followed this document in order to integrate my AD server : https://docs.goauthentik.io/integrations/sources/active-directory/
User synchronization works correctly, accounts are created on Authentik:
However, when I try to log in with an LDAP account it says the password is incorrect.
I have activated the LDAP backend in the Password Stage:
Here are the logs when I try to connect:
If we believe the error (no random active server available in server pool after maximum number of tries), my LDAP server would not be reachable. This is not possible because I can still synchronize the accounts.
If I manually change the password of a synced account directly in Authentik it works but that's not the desired goal, I want to be able to authenticate with the AD server password.
Thank you in advance for your feedback 👍
The text was updated successfully, but these errors were encountered: