LDAP users become unauthorized after LDAP sync runs

I just stood up a Gitea docker container along with using MariaDB.

I’ve configured it to authenticate users against our Active Directory server using LDAP via BindDN. Users can initially login, but after a couple of hours, their account becomes deactivated.

I can reproduce this behavior by manually running the LDAP sync. Not quite sure how to resolve, as users should be able to continue to login unless LDAP disallows their account.

What should I do to debug and fix?

Thanks,

Jim

Hi, I’m having the same issue here. I ended up disabling the automatic ldap sync. It’s still possible to register new user via LDAP, if there weren’t new LDAP objects itself.

I’ve been able to solve this, see also my post here. Case sensitivity is a thing, apparently :slight_smile:

Awesome! This helps a lot. I stopped counting the hours I tried to debug this and ended up disabling Enable User Synchronization and recommended my users to use an internal account.

And indeed, I didn’t set the Username Attribute to anything. Hopefully it’s solved now ^^

I think we have already sent some PRs to fix all the LDAP problems. Which should be released in v1.16.2

1 Like