-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug with "login error missing entity alias attribute value" was not fixed in version 1.16.1 #26568
Comments
I was able to login using a similar config as yours without issue on 1.16.1, however, I did not use Google LDAP. I will try to reproduce with that specific implementation. |
@hennadii2012 I think I might see the problem. Prior to 1.16, Vault was doing something clever when Can you check the user account in Google's LDAP and make sure the |
@jasonodonnell , I am not sure in 100%, how to check, that entity set. But looks like no, because, I can set |
@hennadii2012 The error is happening because LDAP isn't returning the user attributes you are asserting should be there ( To debug further, I'm wondering if you would be able to use the ldapsearch -x -H ldaps://ldap.example.com -D <admin_dn> -W -b ou=Users,dc=example,dc=com mail |
@jasonodonnell , I get mail in the answer of my ldap server
|
Thanks @hennadii2012, that's valuable info. Now to understand why Vault isn't seeing that 😅. Few things I want to check:
|
Hello, thank you for your attention to this issue. Are you using Vault CE or Enterprise? - Vault CE
|
Hello, same issue when upgrading Vault from version 1.8.5 to version 1.16.0-1 in an Ubuntu 20.04 operating system. Any workaround or fix? |
I had similiar problem with LDAP. My user was in another OU unit that in LDAP configuration (OU=users,DC=domain) After moving usert to corrent User DN (OU=users,DC=domain) the problem is gone. |
@ldipaolaIT , some issue with ldap were fixed in version 1.16.1 (but not my). Could you check, please, if your issue was fixed in version 1.16.1? |
Hello @hennadii2012 , I have upgraded to version 1.16.2 and the issue is fixed. Many thanks! |
Hello @jasonodonnell, do we have any progress here? |
@hennadii2012 : try to clear the |
It works with upn “”, but completely break the logic for policies, that were based on domain, so all users would need to be recreated. I hoped, that I would not need to go with this way
…________________________________
From: Eero Aaltonen ***@***.***>
Sent: Wednesday, July 31, 2024 4:17:19 PM
To: hashicorp/vault ***@***.***>
Cc: Nikitin, Hennadii ***@***.***>; Mention ***@***.***>
Subject: Re: [hashicorp/vault] Bug with "login error missing entity alias attribute value" was not fixed in version 1.16.1 (Issue #26568)
@hennadii2012<https://github.com/hennadii2012> : try to clear the upndomain (set it to empty string, ""). I couldn't get username login to work with upndomain set.
—
Reply to this email directly, view it on GitHub<#26568 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AVZ2VPSLVVSINT2JW4TGEY3ZPDWW7AVCNFSM6AAAAABGQJARJCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRQGYZTINZSHA>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Describe the bug
When I am trying to login into vault, using LDAP after upgrade from 1.13.2 to 1.16.1 - I get an error: Authentication failed missing entity alias attribute value
Downgrade to version 1.15.6 fix this issue
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Login via LDAP on version 1.16+ is working as it did on version 1.15.6
Environment:
Vault server configuration file(s):
Additional context
LDAP config
The text was updated successfully, but these errors were encountered: