New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug with "login error missing entity alias attribute value" was not fixed in version 1.16.1 #26568
Comments
I was able to login using a similar config as yours without issue on 1.16.1, however, I did not use Google LDAP. I will try to reproduce with that specific implementation. |
@hennadii2012 I think I might see the problem. Prior to 1.16, Vault was doing something clever when Can you check the user account in Google's LDAP and make sure the |
@jasonodonnell , I am not sure in 100%, how to check, that entity set. But looks like no, because, I can set |
@hennadii2012 The error is happening because LDAP isn't returning the user attributes you are asserting should be there ( To debug further, I'm wondering if you would be able to use the ldapsearch -x -H ldaps://ldap.example.com -D <admin_dn> -W -b ou=Users,dc=example,dc=com mail |
@jasonodonnell , I get mail in the answer of my ldap server
|
Thanks @hennadii2012, that's valuable info. Now to understand why Vault isn't seeing that 😅. Few things I want to check:
|
Hello, thank you for your attention to this issue. Are you using Vault CE or Enterprise? - Vault CE
|
Hello, same issue when upgrading Vault from version 1.8.5 to version 1.16.0-1 in an Ubuntu 20.04 operating system. Any workaround or fix? |
I had similiar problem with LDAP. My user was in another OU unit that in LDAP configuration (OU=users,DC=domain) After moving usert to corrent User DN (OU=users,DC=domain) the problem is gone. |
@ldipaolaIT , some issue with ldap were fixed in version 1.16.1 (but not my). Could you check, please, if your issue was fixed in version 1.16.1? |
Hello @hennadii2012 , I have upgraded to version 1.16.2 and the issue is fixed. Many thanks! |
Describe the bug
When I am trying to login into vault, using LDAP after upgrade from 1.13.2 to 1.16.1 - I get an error: Authentication failed missing entity alias attribute value
Downgrade to version 1.15.6 fix this issue
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Login via LDAP on version 1.16+ is working as it did on version 1.15.6
Environment:
Vault server configuration file(s):
Additional context
LDAP config
The text was updated successfully, but these errors were encountered: