Comments (5)
BeryJu
commented on July 23, 2024
The definitely sounds like a bug, after successfully binding the outpost uses the /core/applications/{slug}/check_access/ API with the session that was just authenticated by the flow and thus it should correctly check access to the correct application. Although one thing that could also cause this behaviour is if both of your LDAP providers have the same base DN, as the outpost will use them to determine which application the request belongs to.
from authentik.
Ma27
commented on July 23, 2024
Although one thing that could also cause this behaviour is if both of your LDAP providers have the same base DN, as the outpost will use them to determine which application the request belongs to.
Sorry, should've mentioned that, they do indeed (all the stuff used the same OpenLDAP server before, so I decided to keep the base DN to make it a little easier).
from authentik.
BeryJu
commented on July 23, 2024
Having multiple LDAP providers with the same Base DN is supported, however they can't be in the same outpost
from authentik.
Ma27
commented on July 23, 2024
So I hope I didn't just miss it in the docs somewhere, but I think it might help to display a warning if that is about to be configured, no?
from authentik.
BeryJu
commented on July 23, 2024
There is a note towards the top of https://docs.goauthentik.io/docs/providers/ldap/, but it should definitely also be shown in the admin UI
from authentik.
Related Issues (20)
- Setting `goauthentik.io/user/token-expires` by group attribute
- Troubleshooting CSRF Errors with port number
- LDAP (Active Directory) Authentication HOT 1
- Feature Request: Display all parent groups for user groups HOT 1
- *arr authentication no longer works. HOT 4
- How to set up RS256 signature in oauth2 HOT 1
- SCIM does not work HOT 4
- Worker won't reconnect to Redis after a connection drop HOT 3
- General system exception in logs (stacktrace) HOT 5
- Add a 'Copy Snippet' button where applicable
- http-basic-auth headers for external OAuth source
- {"detail": "Request denied due to expired/invalid license.", "code": "denied_license"} HOT 2
- [Question] Implicit consent with offline_access scope ( RefreshToken ) posible ? HOT 1
- LDAP Outpost not working/no Docker service created by Outpost Integration at Start HOT 1
- User not created at first login from a SAML external source HOT 1
- Zabbix Integration Issue USername schema not avalilable HOT 3
- Example email template in docs causing error HOT 1
- SAML Response not signed HOT 1
- User "sub" attribute in JWT payload changes after upgrade from 2023.10 to 2024.2 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.