[GH-ISSUE #602] How to integrate UrBackup and lldap? #222

New issue

Closed

opened 2026-02-27 08:15:57 +03:00 by kerem · 10 comments

kerem commented 2026-02-27 08:15:57 +03:00

Owner

Copy link

Originally created by @arbdevml on GitHub (Jun 11, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/602

Hello.
First of all thank you very much for this project.
UrBackup - Open Source client/server backup system
https://www.urbackup.org

Test login failed.
Error: Login denied(ec=67),
LDAP remote: bind failed Success Not a subtree of the base tree

UrBackup config:

LDAP/AD server name: lldap
LDAP/AD server port: 3890
LDAP/AD user name prefix: OU=people
LDAP/AD user name suffix:
LDAP/AD group and class query: DC=example,DC=com?memberOf,objectClass?sub?(sAMAccountName={USERNAME})
LDAP/AD group key name in query: memberOf
LDAP/AD class key name in query: objectClass
LDAP/AD group rights map: CN=admins,*==>all=all
LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens

Could you offer some advice how to integrate lldap and UrBackup?
Thank you very much for your answer.

Originally created by @arbdevml on GitHub (Jun 11, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/602 Hello. First of all thank you very much for this project. UrBackup - Open Source client/server backup system https://www.urbackup.org Test login failed. Error: Login denied(ec=67), LDAP remote: bind failed Success Not a subtree of the base tree UrBackup config: ``` LDAP/AD server name: lldap LDAP/AD server port: 3890 LDAP/AD user name prefix: OU=people LDAP/AD user name suffix: LDAP/AD group and class query: DC=example,DC=com?memberOf,objectClass?sub?(sAMAccountName={USERNAME}) LDAP/AD group key name in query: memberOf LDAP/AD class key name in query: objectClass LDAP/AD group rights map: CN=admins,*==>all=all LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens ``` Could you offer some advice how to integrate lldap and UrBackup? Thank you very much for your answer.

kerem 2026-02-27 08:15:57 +03:00

• closed this issue
• added the
  integration
  label

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Jun 12, 2023):

Hi! I tried to find their doc for LDAP settings, but couldn't find anything, so I'll give it my best guess. However, it would really help if you could enable verbose mode in LLDAP and post the logs from trying to use UrBackup.

Some changes I'd make:

• user name prefix: either empty or uid=
• user name suffix: ou=people,dc=example, dc=com
• group and class query: not sure what that is, but the syntax you have here is not LDAP, and the field sAMAccountName doesn't exist. You probably want something like (member={USERNAME}) (or maybe (member=uid={USERNAME},ou=people,dc=example,dc=com)).
• group key name: uid

Tell me how that works, and post the LLDAP logs. And if you have trouble, feel free to join the discord for more interactive help.

<!-- gh-comment-id:1586847901 --> @nitnelave commented on GitHub (Jun 12, 2023): Hi! I tried to find their doc for LDAP settings, but couldn't find anything, so I'll give it my best guess. However, it would really help if you could enable verbose mode in LLDAP and post the logs from trying to use UrBackup. Some changes I'd make: - user name prefix: either empty or `uid=` - user name suffix: `ou=people,dc=example, dc=com` - group and class query: not sure what that is, but the syntax you have here is not LDAP, and the field sAMAccountName doesn't exist. You probably want something like `(member={USERNAME})` (or maybe `(member=uid={USERNAME},ou=people,dc=example,dc=com)`). - group key name: `uid` Tell me how that works, and post the LLDAP logs. And if you have trouble, feel free to join the discord for more interactive help.

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@arbdevml commented on GitHub (Jun 12, 2023):

Thank you very much for your answer.

Environment configuration below:

#promiscuous mode enabled

ifconfig eth0 up
ifconfig eth0 promisc

mkdir -p /home/docker/lldap/data/
mkdir -p /home/docker/urbackup/database/
mkdir -p /home/docker/urbackup/backup/

#docker-compose.yml

version: "2.3"
networks:
  isolated:
    driver: bridge
    internal: true
  macvlan_network:
    driver: macvlan
    driver_opts:
      parent: eth0
    ipam:
      config:
        - subnet: 10.10.0.0/24
services:
    lldap:
        image: nitnelave/lldap
        container_name: lldap
        hostname: lldap
#        ports:
#         For LDAP
#            - 3890:3890
#         For the web front-end
#            - 17170:17170
        volumes:
            - /etc/localtime:/etc/localtime:ro
            - /etc/timezone:/etc/timezone:ro
            - /home/docker/lldap/data/:/data/
        environment:
            - UID=1000
            - GID=1000
            - TZ=UTC
            - LLDAP_JWT_SECRET=LLDAPJWTSECRET
            - LLDAP_LDAP_USER_PASS=PA$$W0RD
            - LLDAP_LDAP_BASE_DN=dc=example,dc=com
	    - LLDAP_VERBOSE=true
        mac_address: 02:42:ac:11:00:01
        networks: 
            isolated:
            macvlan_network:
                ipv4_address: 10.10.0.1
        restart: unless-stopped
    urbackup:
        image: uroni/urbackup-server
        container_name: urbackup
        environment:
#            - PUID=1000
#            - PGID=1000
            - TZ=UTC
        volumes:
            - /etc/localtime:/etc/localtime:ro
            - /etc/timezone:/etc/timezone:ro
            - /home/docker/urbackup/backup/:/backups/
            - /home/docker/urbackup/database/:/var/urbackup/
#        ports:
#            - "55413-55415:55413-55415"
#            - "35623:35623/udp"
        mac_address: 02:42:ac:11:00:02
        networks:
            isolated:
            macvlan_network:
                ipv4_address: 10.10.0.2
        restart: unless-stopped

UrBackup config:

LDAP/AD server name: lldap
LDAP/AD server port: 3890
LDAP/AD user name prefix: uid=
LDAP/AD user name suffix: ou=people,dc=example,dc=com
LDAP/AD group and class query: member=uid={USERNAME},ou=people,dc=example,dc=com
LDAP/AD group key name in query: uid
LDAP/AD class key name in query: objectClass
LDAP/AD group rights map: cn=admins,*==>all=all
LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens

UrBackup log:
ERROR: Login via LDAP failed: Login denied(ec=67), LDAP remote: bind failed Success Too many elements in distinguished name: ""uid"", ""adminou"", ""people""

lldap log:

2023-06-12T09:58:29.987671429+00:00  INFO     LDAP session [ 88.9µs | 39.19% / 100.00% ]
2023-06-12T09:58:29.987692235+00:00  INFO     ┝━ LDAP request [ 51.2µs | 52.94% / 57.62% ]
2023-06-12T09:58:29.987700524+00:00  DEBUG    │  ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=adminou=people,dc=example,dc=com", cred: Simple("********") }), ctrl: [] }
2023-06-12T09:58:29.987701688+00:00  DEBUG    │  ┝━ do_bind [ 4.16µs | 4.68% ]
2023-06-12T09:58:29.987703233+00:00  DEBUG    │  │  ┕━ 🐛 [debug]: DN: uid=adminou=people,dc=example,dc=com
2023-06-12T09:58:29.987713047+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | response: BindResponse(LdapBindResponse { res: LdapResult { code: NamingViolation, matcheddn: "", message: "Too many elements in distinguished name: \"\"uid\"\", \"\"adminou\"\", \"\"people\"\"", referral: [] }, saslcreds: None })
2023-06-12T09:58:29.987772545+00:00  INFO     ┕━ LDAP request [ 2.84µs | 3.19% ]
2023-06-12T09:58:29.987774585+00:00  DEBUG       ┕━ 🐛 [debug]:  | msg: LdapMsg { msgid: 2, op: UnbindRequest, ctrl: [] }
2023-06-12T09:58:42.847152802+00:00  INFO     HTTP request [ 7.81µs | 100.00% ]
2023-06-12T09:58:42.847154396+00:00  INFO     ┝━ ｉ [info]:  | uri: /health
2023-06-12T09:58:42.847161435+00:00  INFO     ┕━ ｉ [info]:  | status_code: 200
2023-06-12T09:58:42.847011185+00:00  INFO     LDAP session [ 107µs | 33.51% / 100.00% ]
2023-06-12T09:58:42.847057260+00:00  INFO     ┕━ LDAP request [ 70.9µs | 66.49% ]
2023-06-12T09:58:42.847065350+00:00  DEBUG       ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
2023-06-12T09:58:42.847067411+00:00  DEBUG       ┝━ 🐛 [debug]: rootDSE request
2023-06-12T09:58:42.847083861+00:00  DEBUG       ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: [[116, 111, 112]] }, LdapPartialAttribute { atype: "vendorName", vals: [[76, 76, 68, 65, 80]] }, LdapPartialAttribute { atype: "vendorVersion", vals: [[108, 108, 100, 97, 112, 95, 48, 46, 53, 46, 48, 45, 97, 108, 112, 104, 97]] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: [[51]] }, LdapPartialAttribute { atype: "supportedExtension", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 49, 49, 46, 49]] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 53, 46, 49]] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "namingContexts", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: [[102, 97, 108, 115, 101]] }] })
2023-06-12T09:58:42.847115994+00:00  DEBUG       ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })

Thank you very much for your answer.

<!-- gh-comment-id:1587023578 --> @arbdevml commented on GitHub (Jun 12, 2023): Thank you very much for your answer. Environment configuration below: #promiscuous mode enabled ``` ifconfig eth0 up ifconfig eth0 promisc ``` ``` mkdir -p /home/docker/lldap/data/ mkdir -p /home/docker/urbackup/database/ mkdir -p /home/docker/urbackup/backup/ ``` #docker-compose.yml ``` version: "2.3" networks: isolated: driver: bridge internal: true macvlan_network: driver: macvlan driver_opts: parent: eth0 ipam: config: - subnet: 10.10.0.0/24 services: lldap: image: nitnelave/lldap container_name: lldap hostname: lldap # ports: # For LDAP # - 3890:3890 # For the web front-end # - 17170:17170 volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - /home/docker/lldap/data/:/data/ environment: - UID=1000 - GID=1000 - TZ=UTC - LLDAP_JWT_SECRET=LLDAPJWTSECRET - LLDAP_LDAP_USER_PASS=PA$$W0RD - LLDAP_LDAP_BASE_DN=dc=example,dc=com - LLDAP_VERBOSE=true mac_address: 02:42:ac:11:00:01 networks: isolated: macvlan_network: ipv4_address: 10.10.0.1 restart: unless-stopped urbackup: image: uroni/urbackup-server container_name: urbackup environment: # - PUID=1000 # - PGID=1000 - TZ=UTC volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro - /home/docker/urbackup/backup/:/backups/ - /home/docker/urbackup/database/:/var/urbackup/ # ports: # - "55413-55415:55413-55415" # - "35623:35623/udp" mac_address: 02:42:ac:11:00:02 networks: isolated: macvlan_network: ipv4_address: 10.10.0.2 restart: unless-stopped ``` UrBackup config: ``` LDAP/AD server name: lldap LDAP/AD server port: 3890 LDAP/AD user name prefix: uid= LDAP/AD user name suffix: ou=people,dc=example,dc=com LDAP/AD group and class query: member=uid={USERNAME},ou=people,dc=example,dc=com LDAP/AD group key name in query: uid LDAP/AD class key name in query: objectClass LDAP/AD group rights map: cn=admins,*==>all=all LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens ``` UrBackup log: `ERROR: Login via LDAP failed: Login denied(ec=67), LDAP remote: bind failed Success Too many elements in distinguished name: ""uid"", ""adminou"", ""people""` lldap log: ``` 2023-06-12T09:58:29.987671429+00:00 INFO LDAP session [ 88.9µs | 39.19% / 100.00% ] 2023-06-12T09:58:29.987692235+00:00 INFO ┝━ LDAP request [ 51.2µs | 52.94% / 57.62% ] 2023-06-12T09:58:29.987700524+00:00 DEBUG │ ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=adminou=people,dc=example,dc=com", cred: Simple("********") }), ctrl: [] } 2023-06-12T09:58:29.987701688+00:00 DEBUG │ ┝━ do_bind [ 4.16µs | 4.68% ] 2023-06-12T09:58:29.987703233+00:00 DEBUG │ │ ┕━ 🐛 [debug]: DN: uid=adminou=people,dc=example,dc=com 2023-06-12T09:58:29.987713047+00:00 DEBUG │ ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: NamingViolation, matcheddn: "", message: "Too many elements in distinguished name: \"\"uid\"\", \"\"adminou\"\", \"\"people\"\"", referral: [] }, saslcreds: None }) 2023-06-12T09:58:29.987772545+00:00 INFO ┕━ LDAP request [ 2.84µs | 3.19% ] 2023-06-12T09:58:29.987774585+00:00 DEBUG ┕━ 🐛 [debug]: | msg: LdapMsg { msgid: 2, op: UnbindRequest, ctrl: [] } 2023-06-12T09:58:42.847152802+00:00 INFO HTTP request [ 7.81µs | 100.00% ] 2023-06-12T09:58:42.847154396+00:00 INFO ┝━ ｉ [info]: | uri: /health 2023-06-12T09:58:42.847161435+00:00 INFO ┕━ ｉ [info]: | status_code: 200 2023-06-12T09:58:42.847011185+00:00 INFO LDAP session [ 107µs | 33.51% / 100.00% ] 2023-06-12T09:58:42.847057260+00:00 INFO ┕━ LDAP request [ 70.9µs | 66.49% ] 2023-06-12T09:58:42.847065350+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } 2023-06-12T09:58:42.847067411+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request 2023-06-12T09:58:42.847083861+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: [[116, 111, 112]] }, LdapPartialAttribute { atype: "vendorName", vals: [[76, 76, 68, 65, 80]] }, LdapPartialAttribute { atype: "vendorVersion", vals: [[108, 108, 100, 97, 112, 95, 48, 46, 53, 46, 48, 45, 97, 108, 112, 104, 97]] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: [[51]] }, LdapPartialAttribute { atype: "supportedExtension", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 49, 49, 46, 49]] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 53, 46, 49]] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "namingContexts", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: [[102, 97, 108, 115, 101]] }] }) 2023-06-12T09:58:42.847115994+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) ``` Thank you very much for your answer.

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Jun 12, 2023):

Oh, wow, they do extremely basic string concatenation. Try to add a comma at the beginning of the suffix: ,ou=people,dc=example, dc=com

<!-- gh-comment-id:1587085038 --> @nitnelave commented on GitHub (Jun 12, 2023): Oh, wow, they do _extremely_ basic string concatenation. Try to add a comma at the beginning of the suffix: `,ou=people,dc=example, dc=com`

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@arbdevml commented on GitHub (Jun 12, 2023):

nitnelave, thank you very much for your help.

UrBackup config:

LDAP/AD server name: lldap
LDAP/AD server port: 3890
LDAP/AD user name prefix: uid=
LDAP/AD user name suffix: ,ou=people,dc=example,dc=com
LDAP/AD group and class query: member=uid={USERNAME},ou=people,dc=example,dc=com
LDAP/AD group key name in query: uid
LDAP/AD class key name in query: objectClass
LDAP/AD group rights map: cn=admins,*==>all=all
LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens

UrBackup log:
ERROR: Login via LDAP failed: LDAP: search failed(ec=39), LDAP remote: search failed Success Too many elements in distinguished name: ""member"", ""uid"", ""admin""

lldap log:

2023-06-12T11:07:58.234838195+00:00  INFO     HTTP request [ 8.61µs | 100.00% ]
2023-06-12T11:07:58.234840002+00:00  INFO     ┝━ ｉ [info]:  | uri: /health
2023-06-12T11:07:58.234847828+00:00  INFO     ┕━ ｉ [info]:  | status_code: 200
2023-06-12T11:07:58.234705916+00:00  INFO     LDAP session [ 113µs | 39.58% / 100.00% ]
2023-06-12T11:07:58.234746366+00:00  INFO     ┕━ LDAP request [ 68.6µs | 60.42% ]
2023-06-12T11:07:58.234754384+00:00  DEBUG       ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] }
2023-06-12T11:07:58.234756456+00:00  DEBUG       ┝━ 🐛 [debug]: rootDSE request
2023-06-12T11:07:58.234771757+00:00  DEBUG       ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: [[116, 111, 112]] }, LdapPartialAttribute { atype: "vendorName", vals: [[76, 76, 68, 65, 80]] }, LdapPartialAttribute { atype: "vendorVersion", vals: [[108, 108, 100, 97, 112, 95, 48, 46, 53, 46, 48, 45, 97, 108, 112, 104, 97]] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: [[51]] }, LdapPartialAttribute { atype: "supportedExtension", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 49, 49, 46, 49]] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 53, 46, 49]] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "namingContexts", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: [[102, 97, 108, 115, 101]] }] })
2023-06-12T11:07:58.234803705+00:00  DEBUG       ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
2023-06-12T11:08:04.889672461+00:00  INFO     LDAP session [ 51.3ms | 0.16% / 100.00% ]
2023-06-12T11:08:04.890776428+00:00  INFO     ┝━ LDAP request [ 51.2ms | 0.16% / 99.74% ]
2023-06-12T11:08:04.890784515+00:00  DEBUG    │  ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=example,dc=com", cred: Simple("********") }), ctrl: [] }
2023-06-12T11:08:04.890787101+00:00  DEBUG    │  ┝━ do_bind [ 51.1ms | 0.04% / 99.58% ]
2023-06-12T11:08:04.890789404+00:00  DEBUG    │  │  ┝━ 🐛 [debug]: DN: uid=admin,ou=people,dc=example,dc=com
2023-06-12T11:08:04.890794494+00:00  DEBUG    │  │  ┝━ bind [ 50.9ms | 0.03% / 99.20% ]
2023-06-12T11:08:04.890804233+00:00  DEBUG    │  │  │  ┝━ get_password_file_for_user [ 81.4µs | 0.16% ]
2023-06-12T11:08:04.891008448+00:00  DEBUG    │  │  │  ┕━ passwords_match [ 50.8ms | 99.01% ]
2023-06-12T11:08:04.941840312+00:00  DEBUG    │  │  ┝━ get_user_groups [ 176µs | 0.34% ]
2023-06-12T11:08:04.941844690+00:00  DEBUG    │  │  │  ┝━ 🐛 [debug]:  | user_id: UserId("admin")
2023-06-12T11:08:04.942348812+00:00  DEBUG    │  │  │  ┕━ 🐛 [debug]:  | return: {GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-05-12T21:14:10.427030105, uuid: Uuid("36c211d9-92e5-32ac-9813-07b0fdc62ed7") }, GroupDetails { group_id: GroupId(4), display_name: "admins", creation_date: 2023-05-12T21:21:10.039454408, uuid: Uuid("214f8213-2caa-3b8f-a559-985bdd2bf412") }}
2023-06-12T11:08:04.942352074+00:00  DEBUG    │  │  ┕━ 🐛 [debug]: Success!
2023-06-12T11:08:04.942357533+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None })
2023-06-12T11:08:04.942469270+00:00  INFO     ┝━ LDAP request [ 48.8µs | 0.09% / 0.10% ]
2023-06-12T11:08:04.942475092+00:00  DEBUG    │  ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 2, op: SearchRequest(LdapSearchRequest { base: "member=uid=admin,ou=people,dc=example,dc=com", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectclass"), attrs: [] }), ctrl: [] }
2023-06-12T11:08:04.942476339+00:00  DEBUG    │  ┝━ do_search [ 3.35µs | 0.01% ]
2023-06-12T11:08:04.942483661+00:00  DEBUG    │  ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: InvalidDNSyntax, matcheddn: "", message: "Too many elements in distinguished name: \"\"member\"\", \"\"uid\"\", \"\"admin\"\"", referral: [] })
2023-06-12T11:08:04.942612254+00:00  INFO     ┕━ LDAP request [ 2.96µs | 0.01% ]
2023-06-12T11:08:04.942614464+00:00  DEBUG       ┕━ 🐛 [debug]:  | msg: LdapMsg { msgid: 3, op: UnbindRequest, ctrl: [] }

<!-- gh-comment-id:1587121775 --> @arbdevml commented on GitHub (Jun 12, 2023): [nitnelave](https://github.com/nitnelave), thank you very much for your help. UrBackup config: ``` LDAP/AD server name: lldap LDAP/AD server port: 3890 LDAP/AD user name prefix: uid= LDAP/AD user name suffix: ,ou=people,dc=example,dc=com LDAP/AD group and class query: member=uid={USERNAME},ou=people,dc=example,dc=com LDAP/AD group key name in query: uid LDAP/AD class key name in query: objectClass LDAP/AD group rights map: cn=admins,*==>all=all LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens ``` UrBackup log: `ERROR: Login via LDAP failed: LDAP: search failed(ec=39), LDAP remote: search failed Success Too many elements in distinguished name: ""member"", ""uid"", ""admin""` lldap log: ``` 2023-06-12T11:07:58.234838195+00:00 INFO HTTP request [ 8.61µs | 100.00% ] 2023-06-12T11:07:58.234840002+00:00 INFO ┝━ ｉ [info]: | uri: /health 2023-06-12T11:07:58.234847828+00:00 INFO ┕━ ｉ [info]: | status_code: 200 2023-06-12T11:07:58.234705916+00:00 INFO LDAP session [ 113µs | 39.58% / 100.00% ] 2023-06-12T11:07:58.234746366+00:00 INFO ┕━ LDAP request [ 68.6µs | 60.42% ] 2023-06-12T11:07:58.234754384+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 0, op: SearchRequest(LdapSearchRequest { base: "", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectClass"), attrs: ["supportedExtension"] }), ctrl: [] } 2023-06-12T11:07:58.234756456+00:00 DEBUG ┝━ 🐛 [debug]: rootDSE request 2023-06-12T11:07:58.234771757+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: [[116, 111, 112]] }, LdapPartialAttribute { atype: "vendorName", vals: [[76, 76, 68, 65, 80]] }, LdapPartialAttribute { atype: "vendorVersion", vals: [[108, 108, 100, 97, 112, 95, 48, 46, 53, 46, 48, 45, 97, 108, 112, 104, 97]] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: [[51]] }, LdapPartialAttribute { atype: "supportedExtension", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 49, 49, 46, 49]] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 53, 46, 49]] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "namingContexts", vals: [[100, 99, 61, 97, 116, 44, 100, 99, 61, 108, 97, 110]] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: [[102, 97, 108, 115, 101]] }] }) 2023-06-12T11:07:58.234803705+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) 2023-06-12T11:08:04.889672461+00:00 INFO LDAP session [ 51.3ms | 0.16% / 100.00% ] 2023-06-12T11:08:04.890776428+00:00 INFO ┝━ LDAP request [ 51.2ms | 0.16% / 99.74% ] 2023-06-12T11:08:04.890784515+00:00 DEBUG │ ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=example,dc=com", cred: Simple("********") }), ctrl: [] } 2023-06-12T11:08:04.890787101+00:00 DEBUG │ ┝━ do_bind [ 51.1ms | 0.04% / 99.58% ] 2023-06-12T11:08:04.890789404+00:00 DEBUG │ │ ┝━ 🐛 [debug]: DN: uid=admin,ou=people,dc=example,dc=com 2023-06-12T11:08:04.890794494+00:00 DEBUG │ │ ┝━ bind [ 50.9ms | 0.03% / 99.20% ] 2023-06-12T11:08:04.890804233+00:00 DEBUG │ │ │ ┝━ get_password_file_for_user [ 81.4µs | 0.16% ] 2023-06-12T11:08:04.891008448+00:00 DEBUG │ │ │ ┕━ passwords_match [ 50.8ms | 99.01% ] 2023-06-12T11:08:04.941840312+00:00 DEBUG │ │ ┝━ get_user_groups [ 176µs | 0.34% ] 2023-06-12T11:08:04.941844690+00:00 DEBUG │ │ │ ┝━ 🐛 [debug]: | user_id: UserId("admin") 2023-06-12T11:08:04.942348812+00:00 DEBUG │ │ │ ┕━ 🐛 [debug]: | return: {GroupDetails { group_id: GroupId(1), display_name: "lldap_admin", creation_date: 2023-05-12T21:14:10.427030105, uuid: Uuid("36c211d9-92e5-32ac-9813-07b0fdc62ed7") }, GroupDetails { group_id: GroupId(4), display_name: "admins", creation_date: 2023-05-12T21:21:10.039454408, uuid: Uuid("214f8213-2caa-3b8f-a559-985bdd2bf412") }} 2023-06-12T11:08:04.942352074+00:00 DEBUG │ │ ┕━ 🐛 [debug]: Success! 2023-06-12T11:08:04.942357533+00:00 DEBUG │ ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None }) 2023-06-12T11:08:04.942469270+00:00 INFO ┝━ LDAP request [ 48.8µs | 0.09% / 0.10% ] 2023-06-12T11:08:04.942475092+00:00 DEBUG │ ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 2, op: SearchRequest(LdapSearchRequest { base: "member=uid=admin,ou=people,dc=example,dc=com", scope: Base, aliases: Never, sizelimit: 0, timelimit: 0, typesonly: false, filter: Present("objectclass"), attrs: [] }), ctrl: [] } 2023-06-12T11:08:04.942476339+00:00 DEBUG │ ┝━ do_search [ 3.35µs | 0.01% ] 2023-06-12T11:08:04.942483661+00:00 DEBUG │ ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: InvalidDNSyntax, matcheddn: "", message: "Too many elements in distinguished name: \"\"member\"\", \"\"uid\"\", \"\"admin\"\"", referral: [] }) 2023-06-12T11:08:04.942612254+00:00 INFO ┕━ LDAP request [ 2.96µs | 0.01% ] 2023-06-12T11:08:04.942614464+00:00 DEBUG ┕━ 🐛 [debug]: | msg: LdapMsg { msgid: 3, op: UnbindRequest, ctrl: [] } ```

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@arbdevml commented on GitHub (Jun 12, 2023):

nitnelave, thank you very much for your help.

On the UrBackup forum I have found this information:

https://forums.urbackup.org/t/active-directory-and-urbackup/809/11

LDAP/AD user name prefix
What gets prepended to the username when logging in usually “firmenname”.

LDAP/AD user name suffix
Can be left empty.

LDAP/AD group and class query --> “DC=example,DC=com…”
Change to your choice of domain name. E.g. DC=firmenname,DC=de

https://forums.urbackup.org/t/ldap-server-bind/10047/4
DC=home,DC=intern?memberOf,objectClass?sub?(sAMAccountName={USERNAME})
Here you can simply change “sAMAccountName” to whatever you want the username to be queried from.

https://forums.urbackup.org/t/cannot-open-backups-using-an-ldap-account/6988/2
The mapping to administrator (“all=all”) failed and it falls back to normal user authentication.

<!-- gh-comment-id:1587123488 --> @arbdevml commented on GitHub (Jun 12, 2023): [nitnelave](https://github.com/nitnelave), thank you very much for your help. On the UrBackup forum I have found this information: https://forums.urbackup.org/t/active-directory-and-urbackup/809/11 LDAP/AD user name prefix What gets prepended to the username when logging in usually “firmenname”. LDAP/AD user name suffix Can be left empty. LDAP/AD group and class query --> “DC=example,DC=com…” Change to your choice of domain name. E.g. DC=firmenname,DC=de https://forums.urbackup.org/t/ldap-server-bind/10047/4 DC=home,DC=intern?memberOf,objectClass?sub?(sAMAccountName={USERNAME}) Here you can simply change “sAMAccountName” to whatever you want the username to be queried from. https://forums.urbackup.org/t/cannot-open-backups-using-an-ldap-account/6988/2 The mapping to administrator (“all=all”) failed and it falls back to normal user authentication.

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@martadinata666 commented on GitHub (Jun 12, 2023):

This is as far i can get, the problem is all user will be admin??? 🤔

<!-- gh-comment-id:1587154023 --> @martadinata666 commented on GitHub (Jun 12, 2023): This is as far i can get, the problem is all user will be admin??? 🤔 

kerem commented 2026-02-27 08:15:57 +03:00

Author

Owner

Copy link

@arbdevml commented on GitHub (Jun 12, 2023):

martadinata666, thank you very much for your help.

UrBackup config:

LDAP/AD server name: lldap
LDAP/AD server port: 3890
LDAP/AD user name prefix: uid=
LDAP/AD user name suffix: ,ou=people,dc=example,dc=com
LDAP/AD group and class query: dc=example,dc=com?memberOf,objectClass?sub?(uid={USERNAME})
LDAP/AD group key name in query: memberOf
LDAP/AD class key name in query: objectClass
LDAP/AD group rights map: cn=admins,*==>all=all
LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens

Test login succeeded. Rights of user: all=all

<!-- gh-comment-id:1587189523 --> @arbdevml commented on GitHub (Jun 12, 2023): [martadinata666](https://github.com/martadinata666), thank you very much for your help. UrBackup config: ``` LDAP/AD server name: lldap LDAP/AD server port: 3890 LDAP/AD user name prefix: uid= LDAP/AD user name suffix: ,ou=people,dc=example,dc=com LDAP/AD group and class query: dc=example,dc=com?memberOf,objectClass?sub?(uid={USERNAME}) LDAP/AD group key name in query: memberOf LDAP/AD class key name in query: objectClass LDAP/AD group rights map: cn=admins,*==>all=all LDAP/AD class rights map: user==>lastacts={AUTOCLIENTS},progress={AUTOCLIENTS},status={AUTOCLIENTS},stop_backup={AUTOCLIENTS},start_backup=all,browse_backups=tokens ``` Test login succeeded. Rights of user: all=all

kerem commented 2026-02-27 08:15:58 +03:00

Author

Owner

Copy link

@arbdevml commented on GitHub (Jun 12, 2023):

martadinata666, thank you very much for your help.

This is as far i can get, the problem is all user will be admin??? 🤔

What do you think about this users restriction:
Administrator users: internal storage;
Users from LDAP: restricted group rights map.

<!-- gh-comment-id:1587253874 --> @arbdevml commented on GitHub (Jun 12, 2023): [martadinata666](https://github.com/martadinata666), thank you very much for your help. > This is as far i can get, the problem is all user will be admin??? 🤔 What do you think about this users restriction: Administrator users: internal storage; Users from LDAP: restricted group rights map.

kerem commented 2026-02-27 08:15:58 +03:00

Author

Owner

Copy link

@martadinata666 commented on GitHub (Jun 12, 2023):

I dunno how this translate to urbackup permission, as a client that logged via LDAP, I prefer simple.

1. Upload backup
2. Manage backup

Then there is this https://www.urbackup.org/administration_manual.html#x1-190004.1 maybe it set on the LDAP *==>all=all things, but technically this is personal preferences on how client can/can't do.

<!-- gh-comment-id:1587270235 --> @martadinata666 commented on GitHub (Jun 12, 2023): I dunno how this translate to urbackup permission, as a client `that logged via LDAP`, I prefer simple. 1. Upload backup 2. Manage backup Then there is this https://www.urbackup.org/administration_manual.html#x1-190004.1 maybe it set on the LDAP `*==>all=all` things, but technically this is personal preferences on how client can/can't do.

kerem commented 2026-02-27 08:15:58 +03:00

Author

Owner

Copy link

@martadinata666 commented on GitHub (Jun 12, 2023):

What I'm curious is: LDAP/AD class rights map how/when this affect LDAP login. 🤔
As the one that can set permission is LDAP/AD group rights map:

My current LDAP/AD group rights map
cn=lldap_urbackup,*==>browse_backups=all,start_backup=all,status=all,logs=all,progress=all,stop_backup=all,lastacts=all

<!-- gh-comment-id:1587383579 --> @martadinata666 commented on GitHub (Jun 12, 2023): What I'm curious is: `LDAP/AD class rights map` how/when this affect LDAP login. 🤔 As the one that can set permission is `LDAP/AD group rights map:` My current LDAP/AD group rights map `cn=lldap_urbackup,*==>browse_backups=all,start_backup=all,status=all,logs=all,progress=all,stop_backup=all,lastacts=all`

kerem referenced this issue 2026-02-27 08:18:14 +03:00

[PR #222] [MERGED] docs: add emby config #628

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#222

No description provided.