[GH-ISSUE #713] Need some help. Authelia keeps saying incorrect login. #257

New issue

Closed

opened 2026-02-27 08:16:12 +03:00 by kerem · 4 comments

kerem commented

2026-02-27 08:16:12 +03:00

Owner

Originally created by @Tyree on GitHub (Oct 25, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/713

I've been using FreeIPA as my LDAP server, but I wanted to simplify things and use LLDAP instead.
Here's my config for LLDAP in Authelia:

ldap:
    implementation: custom
    # Container running on same custom docker network as Authelia
    # Container running on port 389
    url: ldap://192.168.75.10
    timeout: 5s
    # Use StartTLS with the LDAP connection, TLS not supported right now
    start_tls: false
    #tls:
    #  skip_verify: false
    #  minimum_version: TLS1.2
    base_dn: dc=example,dc=net
    username_attribute: uid
    additional_users_dn: ou=people
    users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))"
    additional_groups_dn: ou=groups
    groups_filter: "(member={dn})"
    group_name_attribute: cn
    mail_attribute: mail
    display_name_attribute: displayName
    user: uid=admin,ou=people,dc=example,dc=net
    password: 'password'

From the Authelia logs, it seems to connect to the LDAP server just fine. But when I try to log in, it says that my user is not found. I've double and triple checked and my username and password are set in LLDAP identically to how they are set in FreeIPA.
I did have some issues getting Authelia to connect to LLDAP at first. I had tried ldap://lldap since LLDAP is running on the same custom docker network as Authelia. But that failed to connect. So I switched to using the IP of the unRAID server with no port since I am running LLDAP on the default LDAP port of 389. It seemed happy with that, but again, it says my user is not found.

time="2023-10-24T15:40:34-04:00" level=error msg="Unsuccessful 1FA authentication attempt by user 'matt': user not found" method=POST path=/api/firstfactor remote_ip=50.78.232.89 stack="github.com/authelia/authelia/v4/internal/handlers/response.go:266 markAuthenticationAttempt\ngithub.com/authelia/authelia/v4/internal/handlers/handler_firstfactor.go:54 FirstFactorPOST.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/bridge.go:54 (*BridgeBuilder).Build.func1.1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:25 SecurityHeadersCSPNone.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:35 SecurityHeadersNoStore.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:16 SecurityHeaders.func1\ngithub.com/fasthttp/router@v1.4.14/router.go:414 (*Router).Handler\ngithub.com/valyala/fasthttp@v1.43.0/http.go:154 (*Response).StatusCode\ngithub.com/authelia/authelia/v4/internal/middlewares/strip_path.go:22 StripPath.func1.1\ngithub.com/valyala/fasthttp@v1.43.0/server.go:2338 (*Server).serveConn\ngithub.com/valyala/fasthttp@v1.43.0/workerpool.go:224 (*workerPool).workerFunc\ngithub.com/valyala/fasthttp@v1.43.0/workerpool.go:196 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1594 goexit"

Is there anything else blatantly wrong with my config here?

Thanks!

Originally created by @Tyree on GitHub (Oct 25, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/713 I've been using FreeIPA as my LDAP server, but I wanted to simplify things and use LLDAP instead. Here's my config for LLDAP in Authelia: ``` ldap: implementation: custom # Container running on same custom docker network as Authelia # Container running on port 389 url: ldap://192.168.75.10 timeout: 5s # Use StartTLS with the LDAP connection, TLS not supported right now start_tls: false #tls: # skip_verify: false # minimum_version: TLS1.2 base_dn: dc=example,dc=net username_attribute: uid additional_users_dn: ou=people users_filter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))" additional_groups_dn: ou=groups groups_filter: "(member={dn})" group_name_attribute: cn mail_attribute: mail display_name_attribute: displayName user: uid=admin,ou=people,dc=example,dc=net password: 'password' ``` From the Authelia logs, it seems to connect to the LDAP server just fine. But when I try to log in, it says that my user is not found. I've double and triple checked and my username and password are set in LLDAP identically to how they are set in FreeIPA. I did have some issues getting Authelia to connect to LLDAP at first. I had tried ldap://lldap since LLDAP is running on the same custom docker network as Authelia. But that failed to connect. So I switched to using the IP of the unRAID server with no port since I am running LLDAP on the default LDAP port of 389. It seemed happy with that, but again, it says my user is not found. `time="2023-10-24T15:40:34-04:00" level=error msg="Unsuccessful 1FA authentication attempt by user 'matt': user not found" method=POST path=/api/firstfactor remote_ip=50.78.232.89 stack="github.com/authelia/authelia/v4/internal/handlers/response.go:266 markAuthenticationAttempt\ngithub.com/authelia/authelia/v4/internal/handlers/handler_firstfactor.go:54 FirstFactorPOST.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/bridge.go:54 (*BridgeBuilder).Build.func1.1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:25 SecurityHeadersCSPNone.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:35 SecurityHeadersNoStore.func1\ngithub.com/authelia/authelia/v4/internal/middlewares/headers.go:16 SecurityHeaders.func1\ngithub.com/fasthttp/router@v1.4.14/router.go:414 (*Router).Handler\ngithub.com/valyala/fasthttp@v1.43.0/http.go:154 (*Response).StatusCode\ngithub.com/authelia/authelia/v4/internal/middlewares/strip_path.go:22 StripPath.func1.1\ngithub.com/valyala/fasthttp@v1.43.0/server.go:2338 (*Server).serveConn\ngithub.com/valyala/fasthttp@v1.43.0/workerpool.go:224 (*workerPool).workerFunc\ngithub.com/valyala/fasthttp@v1.43.0/workerpool.go:196 (*workerPool).getCh.func1\nruntime/asm_amd64.s:1594 goexit"` Is there anything else blatantly wrong with my config here? Thanks!

kerem

2026-02-27 08:16:12 +03:00

closed this issue
added the
question

integration
labels

kerem commented

2026-02-27 08:16:12 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 25, 2023):

Hmm, I don't see anything obviously wrong. But we'd get more information if we saw the LLDAP side of the request. Can you turn on verbose mode in LLDAP, try to connect via authelia as before, and paste the LLDAP logs?

@nitnelave commented on GitHub (Oct 25, 2023): Hmm, I don't see anything obviously wrong. But we'd get more information if we saw the LLDAP side of the request. Can you turn on verbose mode in LLDAP, try to connect via authelia as before, and paste the LLDAP logs?

kerem commented

2026-02-27 08:16:13 +03:00

Author

Owner

@Tyree commented on GitHub (Oct 25, 2023):

I had to set the LDAP server back to FreeIPA to get my services available again. I will give this a shot this evening when I can give it my full attention.
Thanks!

@Tyree commented on GitHub (Oct 25, 2023): I had to set the LDAP server back to FreeIPA to get my services available again. I will give this a shot this evening when I can give it my full attention. Thanks!

kerem commented

2026-02-27 08:16:13 +03:00

Author

Owner

@Tyree commented on GitHub (Oct 26, 2023):

Okay. So I flipped back over to LLDAP and now it seems to be letting me log in (no idea why as nothing has changed). As far as I can tell, I am good to go.
I kinda hate it when this happens (but not really). WHY is it suddenly working??? :-D
Thanks!

@Tyree commented on GitHub (Oct 26, 2023): Okay. So I flipped back over to LLDAP and now it seems to be letting me log in (no idea why as nothing has changed). As far as I can tell, I am good to go. I kinda hate it when this happens (but not really). WHY is it suddenly working??? :-D Thanks!

kerem commented

2026-02-27 08:16:13 +03:00

Author

Owner

@nitnelave commented on GitHub (Oct 26, 2023):

Glad you got it working!

On Thu, Oct 26, 2023 at 1:14 PM Matt Tyree @.***> wrote:

Okay. So I flipped back over to LLDAP and now it seems to be letting me
log in (no idea why as nothing has changed). As far as I can tell, I am
good to go.
I kinda hate it when this happens (but not really). WHY is it suddenly
working??? :-D
Thanks!

—
Reply to this email directly, view it on GitHub
https://github.com/lldap/lldap/issues/713#issuecomment-1780912391, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AAGCPWOM5FDRYWWVGQXRJK3YBJAY7AVCNFSM6AAAAAA6PH7ZPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBQHEYTEMZZGE
.
You are receiving this because you commented.Message ID:
@.***>

--
Valentin Tolmer

@nitnelave commented on GitHub (Oct 26, 2023): Glad you got it working! On Thu, Oct 26, 2023 at 1:14 PM Matt Tyree ***@***.***> wrote: > Okay. So I flipped back over to LLDAP and now it seems to be letting me > log in (no idea why as nothing has changed). As far as I can tell, I am > good to go. > I kinda hate it when this happens (but not really). WHY is it suddenly > working??? :-D > Thanks! > > — > Reply to this email directly, view it on GitHub > <https://github.com/lldap/lldap/issues/713#issuecomment-1780912391>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAGCPWOM5FDRYWWVGQXRJK3YBJAY7AVCNFSM6AAAAAA6PH7ZPOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTOOBQHEYTEMZZGE> > . > You are receiving this because you commented.Message ID: > ***@***.***> > -- Valentin Tolmer