starred/lldap-lldap

Fork 0

mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00

[GH-ISSUE #1171] [INTEGRATION] Troubles with connecting LLDAP to Peerube #418

New issue

Closed

opened 2026-02-27 08:17:11 +03:00 by kerem · 8 comments

kerem commented

2026-02-27 08:17:11 +03:00

Owner

Originally created by @ChibyX on GitHub (May 10, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1171

Checklist

Check if there is already an example config for it.
Try to figure out the configuration values for the new service yourself.
- You can use other example configs for inspiration.
- If you're having trouble, you can ask on Discord or create an issue.
- If you succeed, make sure to contribute an example configuration, or a configuration guide.
If you hit a block because of an unimplemented feature, create an issue.

Description of the service
Peertube is a federated video hosting service. It has official LDAP plugin (https://framagit.org/framasoft/peertube/official-plugins/-/tree/master/peertube-plugin-auth-ldap). Unfortunately, it seems to lack configuration guides (the only mention of it in official docks is https://docs.joinpeertube.org/admin/managing-users#external-auths-support)

What you've tried
I based my config on the one I used for Nextcloud and Jellyfin:

Auth weight: 100
URL: ldap://192.168.1.101:3890
Insecure TLS: true
Path to LDAP Server Certificate Chain of Trust: none
Bind DN: uid=peertube_bind,ou=people,dc=raft-server,dc=local
Bind Password: peertubebinduser
Search base: ou=people,dc=raft-server,dc=local
Search filter: (&(|(objectclass=person))(|(memberOf=cn=peertube_users,ou=groups,dc=raft-server,dc=local)))
Mail property: mail
Mail property index: 0
Username property: uid
Group base: ou=groups,dc=raft-server,dc=local
Group filter: (&(|(objectclass=groupOfUniqueNames))(|(cn=family)(cn=friends)))
Administrator group DN: none
Moderator group DN: none
User group DN: none
No group matched login: true

What's not working
From Peertube's side:

warn[10.05.2025, 13:05:37] Cannot login fchib in LDAP plugin.

{
  "err": {
    "stack": "InvalidCredentialsError: Invalid Credentials\n    at messageCallback (/data/plugins/node_modules/ldapjs/lib/client/client.js:1220:45)\n    at Parser.onMessage (/data/plugins/node_modules/ldapjs/lib/client/client.js:888:14)\n    at Parser.emit (node:events:517:28)\n    at Parser.write (/data/plugins/node_modules/ldapjs/lib/messages/parser.js:107:8)\n    at Socket.onData (/data/plugins/node_modules/ldapjs/lib/client/client.js:875:22)\n    at Socket.emit (node:events:517:28)\n    at addChunk (node:internal/streams/readable:368:12)\n    at readableAddChunk (node:internal/streams/readable:341:9)\n    at Readable.push (node:internal/streams/readable:278:10)\n    at TCP.onStreamRead (node:internal/stream_base_commons:190:23)",
    "lde_message": "Invalid Credentials",
    "lde_dn": null
  }
}

From LLDAP's side:

2025-05-10T10:05:37.942144627+00:00  INFO     LDAP request [ 51.5ms | 100.00% ] session_id: ac6a4cf4-2216-4f44-a52b-182991e6dd27
2025-05-10T10:05:37.942472295+00:00  INFO     ┝━ ｉ [info]: Login attempt for "peertube_bind"
2025-05-10T10:05:37.993807094+00:00  ERROR    ┝━ 🚨 [error]:  | error: Authentication protocol error for `Protocol error: `This error results from an error during password verification``
2025-05-10T10:05:37.993811488+00:00  ERROR    ┕━ 🚨 [error]:  | error: Authentication error for user "peertube_bind"
2025-05-10T10:05:37.994642624+00:00  INFO     LDAP request [ 2.34µs | 100.00% ] session_id: e6d59147-4268-4cd9-921f-be24f960469c
2025-05-10T10:05:37.994655715+00:00  INFO     ｉ [info]: LDAP session end: e6d59147-4268-4cd9-921f-be24f960469c

Seems that LLDAP hears request from Peertube, but doesn't accept it, although credentials of bind user and user who performs login are correct.

Originally created by @ChibyX on GitHub (May 10, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1171 **Checklist** - [x] Check if there is already an [example config](https://github.com/lldap/lldap/tree/main/example_configs) for it. - [x] Try to figure out the configuration values for the new service yourself. - You can use other example configs for inspiration. - If you're having trouble, you can ask on [Discord](https://discord.gg/h5PEdRMNyP) or create an issue. - If you succeed, make sure to contribute an example configuration, or a configuration guide. - If you hit a block because of an unimplemented feature, create an issue. **Description of the service** Peertube is a federated video hosting service. It has official LDAP plugin (https://framagit.org/framasoft/peertube/official-plugins/-/tree/master/peertube-plugin-auth-ldap). Unfortunately, it seems to lack configuration guides (the only mention of it in official docks is https://docs.joinpeertube.org/admin/managing-users#external-auths-support) **What you've tried** I based my config on the one I used for Nextcloud and Jellyfin: - **Auth weight:** 100 - **URL:** ldap://192.168.1.101:3890 - **Insecure TLS:** true - **Path to LDAP Server Certificate Chain of Trust:** none - **Bind DN:** uid=peertube_bind,ou=people,dc=raft-server,dc=local - **Bind Password:** peertubebinduser - **Search base:** ou=people,dc=raft-server,dc=local - **Search filter:** (&(|(objectclass=person))(|(memberOf=cn=peertube_users,ou=groups,dc=raft-server,dc=local))) - **Mail property:** mail - **Mail property index:** 0 - **Username property:** uid - **Group base:** ou=groups,dc=raft-server,dc=local - **Group filter:** (&(|(objectclass=groupOfUniqueNames))(|(cn=family)(cn=friends))) - **Administrator group DN:** none - **Moderator group DN:** none - **User group DN:** none - **No group matched login:** true **What's not working** From Peertube's side: ``` warn[10.05.2025, 13:05:37] Cannot login fchib in LDAP plugin. { "err": { "stack": "InvalidCredentialsError: Invalid Credentials\n at messageCallback (/data/plugins/node_modules/ldapjs/lib/client/client.js:1220:45)\n at Parser.onMessage (/data/plugins/node_modules/ldapjs/lib/client/client.js:888:14)\n at Parser.emit (node:events:517:28)\n at Parser.write (/data/plugins/node_modules/ldapjs/lib/messages/parser.js:107:8)\n at Socket.onData (/data/plugins/node_modules/ldapjs/lib/client/client.js:875:22)\n at Socket.emit (node:events:517:28)\n at addChunk (node:internal/streams/readable:368:12)\n at readableAddChunk (node:internal/streams/readable:341:9)\n at Readable.push (node:internal/streams/readable:278:10)\n at TCP.onStreamRead (node:internal/stream_base_commons:190:23)", "lde_message": "Invalid Credentials", "lde_dn": null } } ``` From LLDAP's side: ``` 2025-05-10T10:05:37.942144627+00:00 INFO LDAP request [ 51.5ms | 100.00% ] session_id: ac6a4cf4-2216-4f44-a52b-182991e6dd27 2025-05-10T10:05:37.942472295+00:00 INFO ┝━ ｉ [info]: Login attempt for "peertube_bind" 2025-05-10T10:05:37.993807094+00:00 ERROR ┝━ 🚨 [error]: | error: Authentication protocol error for `Protocol error: `This error results from an error during password verification`` 2025-05-10T10:05:37.993811488+00:00 ERROR ┕━ 🚨 [error]: | error: Authentication error for user "peertube_bind" 2025-05-10T10:05:37.994642624+00:00 INFO LDAP request [ 2.34µs | 100.00% ] session_id: e6d59147-4268-4cd9-921f-be24f960469c 2025-05-10T10:05:37.994655715+00:00 INFO ｉ [info]: LDAP session end: e6d59147-4268-4cd9-921f-be24f960469c ``` Seems that LLDAP hears request from Peertube, but doesn't accept it, although credentials of bind user and user who performs login are correct.

kerem

2026-02-27 08:17:11 +03:00

closed this issue
added the
integration
label

kerem commented

2026-02-27 08:17:11 +03:00

Author

Owner

@ChibyX commented on GitHub (May 10, 2025):

Meanwhile, after I switched Bind DN to admin with correct password, it now gives different messages on login attempts:

2025-05-10T11:17:54.934097994+00:00  INFO     LDAP request [ 59.8ms | 100.00% ] session_id: 57ddf884-6b75-49fe-af49-6fa8db149ac0
2025-05-10T11:17:54.934435873+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
2025-05-10T11:17:54.995024455+00:00  INFO     LDAP request [ 508µs | 100.00% ] session_id: 57ddf884-6b75-49fe-af49-6fa8db149ac0
2025-05-10T11:17:55.039149669+00:00  INFO     LDAP request [ 5.65µs | 100.00% ] session_id: 57ddf884-6b75-49fe-af49-6fa8db149ac0
2025-05-10T11:17:55.039199439+00:00  INFO     ｉ [info]: LDAP session end: 57ddf884-6b75-49fe-af49-6fa8db149ac0

-/ on LLDAP side

warn[10.05.2025, 14:09:52] Cannot login fchib in LDAP plugin.

{
  "err": "unexpected number of matches (3) for \"fchib\" username"
}

warn[10.05.2025, 14:09:52] Login error

{
  "err": {
    "stack": "invalid_grant: Invalid grant: user credentials are invalid\n    at handlePasswordGrant (file:///app/dist/core/lib/auth/oauth.js:112:15)\n    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n    at async handleToken (file:///app/dist/core/controllers/api/users/token.js:32:23)",
    "message": "Invalid grant: user credentials are invalid",
    "statusCode": 400,
    "status": 400,
    "code": 400,
    "name": "invalid_grant"
  }
}

-/ on Peertube side

@ChibyX commented on GitHub (May 10, 2025): Meanwhile, after I switched Bind DN to admin with correct password, it now gives different messages on login attempts: ``` 2025-05-10T11:17:54.934097994+00:00 INFO LDAP request [ 59.8ms | 100.00% ] session_id: 57ddf884-6b75-49fe-af49-6fa8db149ac0 2025-05-10T11:17:54.934435873+00:00 INFO ┕━ ｉ [info]: Login attempt for "admin" 2025-05-10T11:17:54.995024455+00:00 INFO LDAP request [ 508µs | 100.00% ] session_id: 57ddf884-6b75-49fe-af49-6fa8db149ac0 2025-05-10T11:17:55.039149669+00:00 INFO LDAP request [ 5.65µs | 100.00% ] session_id: 57ddf884-6b75-49fe-af49-6fa8db149ac0 2025-05-10T11:17:55.039199439+00:00 INFO ｉ [info]: LDAP session end: 57ddf884-6b75-49fe-af49-6fa8db149ac0 ``` -/ on LLDAP side ``` warn[10.05.2025, 14:09:52] Cannot login fchib in LDAP plugin. { "err": "unexpected number of matches (3) for \"fchib\" username" } warn[10.05.2025, 14:09:52] Login error { "err": { "stack": "invalid_grant: Invalid grant: user credentials are invalid\n at handlePasswordGrant (file:///app/dist/core/lib/auth/oauth.js:112:15)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async handleToken (file:///app/dist/core/controllers/api/users/token.js:32:23)", "message": "Invalid grant: user credentials are invalid", "statusCode": 400, "status": 400, "code": 400, "name": "invalid_grant" } } ``` -/ on Peertube side

kerem commented

2026-02-27 08:17:11 +03:00

Author

Owner

@nitnelave commented on GitHub (May 10, 2025):

I didn't have time to investigate properly, but I do see from the logs that your peertube bind user is not privileged (not part of an admin/read-only group), so it can only see itself.

@nitnelave commented on GitHub (May 10, 2025): I didn't have time to investigate properly, but I do see from the logs that your peertube bind user is not privileged (not part of an admin/read-only group), so it can only see itself.

kerem commented

2026-02-27 08:17:12 +03:00

Author

Owner

@nitnelave commented on GitHub (May 10, 2025):

And for the logs with the admin user, can you enable verbose mode and retry? I don't see the details on LLDAP side

@nitnelave commented on GitHub (May 10, 2025): And for the logs with the admin user, can you enable verbose mode and retry? I don't see the details on LLDAP side

kerem commented

2026-02-27 08:17:12 +03:00

Author

Owner

@ChibyX commented on GitHub (May 10, 2025):

Oh, thanks, I thought, this was verbose mode. Now I enabled it properly, and it gives:

lldap-1  | 2025-05-10T20:48:54.072925543+00:00  INFO     ｉ [info]: LDAP session start: 5b4cf6ee-27d7-4644-b199-9ede61a4d219
lldap-1  | 2025-05-10T20:48:54.072975764+00:00  INFO     LDAP request [ 50.2ms | 0.00% / 100.00% ] session_id: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913
lldap-1  | 2025-05-10T20:48:54.072997337+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=raft-server,dc=local", cred: LdapBindCred::Simple }), ctrl: [] }
lldap-1  | 2025-05-10T20:48:54.073002586+00:00  DEBUG    ┝━ do_bind [ 50.2ms | 0.00% / 100.00% ] dn: uid=admin,ou=people,dc=raft-server,dc=local
lldap-1  | 2025-05-10T20:48:54.073023463+00:00  DEBUG    │  ┝━ bind [ 50.0ms | 0.00% / 99.69% ]
lldap-1  | 2025-05-10T20:48:54.073029176+00:00  DEBUG    │  │  ┝━ get_password_file_for_user [ 417µs | 0.83% ] user_id: "admin"
lldap-1  | 2025-05-10T20:48:54.073679752+00:00  INFO     │  │  ┝━ ｉ [info]: Login attempt for "admin"
lldap-1  | 2025-05-10T20:48:54.073683478+00:00  DEBUG    │  │  ┕━ passwords_match [ 49.6ms | 98.86% ] username: admin
lldap-1  | 2025-05-10T20:48:54.123300360+00:00  DEBUG    │  ┝━ get_user_groups [ 153µs | 0.31% ] user_id: "admin"
lldap-1  | 2025-05-10T20:48:54.123837435+00:00  DEBUG    │  │  ┕━ 🐛 [debug]:  | return: {GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }, GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }}
lldap-1  | 2025-05-10T20:48:54.123840374+00:00  DEBUG    │  ┕━ 🐛 [debug]: Success!
lldap-1  | 2025-05-10T20:48:54.123846158+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None })
lldap-1  | 2025-05-10T20:48:54.125200872+00:00  INFO     LDAP request [ 590µs | 16.34% / 100.00% ] session_id: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913
lldap-1  | 2025-05-10T20:48:54.125210762+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 2, op: SearchRequest(LdapSearchRequest { base: "ou=people,dc=raft-server,dc=local", scope: Subtree, aliases: Never, sizelimit: 0, timelimit: 10, typesonly: false, filter: And([Equality("objectclass", "person"), Equality("memberOf", "cn=peertube_users,ou=groups,dc=raft-server,dc=local")]), attrs: [] }), ctrl: [] }
lldap-1  | 2025-05-10T20:48:54.125212003+00:00  DEBUG    ┝━ do_search [ 493µs | 28.26% / 83.66% ]
lldap-1  | 2025-05-10T20:48:54.125386770+00:00  DEBUG    │  ┝━ 🐛 [debug]:  | request.base: "ou=people,dc=raft-server,dc=local" | scope: Users
lldap-1  | 2025-05-10T20:48:54.125387864+00:00  DEBUG    │  ┝━ get_user_list [ 318µs | 0.00% / 53.97% ]
lldap-1  | 2025-05-10T20:48:54.125394139+00:00  DEBUG    │  │  ┝━ 🐛 [debug]:  | filters: And([And([]), MemberOf("peertube_users")])
lldap-1  | 2025-05-10T20:48:54.125396950+00:00  DEBUG    │  │  ┕━ list_users [ 318µs | 53.97% ] filters: Some(And([And([]), MemberOf("peertube_users")])) | _get_groups: false
lldap-1  | 2025-05-10T20:48:54.125834901+00:00  DEBUG    │  │     ┕━ 🐛 [debug]:  | return: [UserAndGroups { user: User { user_id: "admin", email: "", display_name: Some("Administrator"), creation_date: 2025-05-09T10:43:54.766266459, uuid: "50c9dbf9-177a-3ad0-91e9-6ff6b69d7622", attributes: [] }, groups: Some([GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }, UserAndGroups { user: User { user_id: "fchib", email: "fchib@yandex.ru", display_name: Some("ChibyX"), creation_date: 2025-05-09T11:12:58.997015051, uuid: "5dd70f52-cc8b-3f85-9609-0bd716b39d24", attributes: [AttributeValue { name: AttributeName(CaseInsensitiveString("first_name")), value: Serialized("Фёдор") }, AttributeValue { name: AttributeName(CaseInsensitiveString("last_name")), value: Serialized("Чибисов") }] }, groups: Some([GroupDetails { group_id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", attributes: [] }, GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", attributes: [] }, GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }, UserAndGroups { user: User { user_id: "peertube_bind", email: "pbind@example.com", display_name: None, creation_date: 2025-05-09T14:30:41.078202829, uuid: "ce733f5c-a4bd-320f-80be-c4c45aedec36", attributes: [] }, groups: Some([GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }, UserAndGroups { user: User { user_id: "test", email: "test@example.com", display_name: Some("John Doe"), creation_date: 2025-05-09T10:46:49.563420914, uuid: "39874100-3a63-3707-bdc9-4683f9ddfc46", attributes: [AttributeValue { name: AttributeName(CaseInsensitiveString("first_name")), value: Serialized("John") }, AttributeValue { name: AttributeName(CaseInsensitiveString("last_name")), value: Serialized("Doe") }] }, groups: Some([GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }]
lldap-1  | 2025-05-10T20:48:54.125838820+00:00  DEBUG    │  ┕━ expand_attribute_wildcards [ 8.42µs | 1.43% ] ldap_attributes: []
lldap-1  | 2025-05-10T20:48:54.125847352+00:00  DEBUG    │     ┕━ 🐛 [debug]:  | attributes_out: {AttributeName(CaseInsensitiveString("cn")): "cn", AttributeName(CaseInsensitiveString("createtimestamp")): "createtimestamp", AttributeName(CaseInsensitiveString("entryuuid")): "entryuuid", AttributeName(CaseInsensitiveString("givenname")): "givenname", AttributeName(CaseInsensitiveString("jpegphoto")): "jpegPhoto", AttributeName(CaseInsensitiveString("mail")): "mail", AttributeName(CaseInsensitiveString("objectclass")): "objectclass", AttributeName(CaseInsensitiveString("sn")): "sn", AttributeName(CaseInsensitiveString("uid")): "uid"}
lldap-1  | 2025-05-10T20:48:54.125890995+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=admin,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["Administrator"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T10:43:54.766266459+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["50c9dbf9-177a-3ad0-91e9-6ff6b69d7622"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "uid", vals: ["admin"] }] })
lldap-1  | 2025-05-10T20:48:54.125927725+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=fchib,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["ChibyX"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T11:12:58.997015051+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["5dd70f52-cc8b-3f85-9609-0bd716b39d24"] }, LdapPartialAttribute { atype: "first_name", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "givenname", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "last_name", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "mail", vals: ["fchib@yandex.ru"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "sn", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "uid", vals: ["fchib"] }] })
lldap-1  | 2025-05-10T20:48:54.125947247+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=peertube_bind,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T14:30:41.078202829+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["ce733f5c-a4bd-320f-80be-c4c45aedec36"] }, LdapPartialAttribute { atype: "mail", vals: ["pbind@example.com"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "uid", vals: ["peertube_bind"] }] })
lldap-1  | 2025-05-10T20:48:54.125966350+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=test,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["John Doe"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T10:46:49.563420914+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["39874100-3a63-3707-bdc9-4683f9ddfc46"] }, LdapPartialAttribute { atype: "first_name", vals: ["John"] }, LdapPartialAttribute { atype: "givenname", vals: ["John"] }, LdapPartialAttribute { atype: "last_name", vals: ["Doe"] }, LdapPartialAttribute { atype: "mail", vals: ["test@example.com"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "sn", vals: ["Doe"] }, LdapPartialAttribute { atype: "uid", vals: ["test"] }] })
lldap-1  | 2025-05-10T20:48:54.125977639+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap-1  | 2025-05-10T20:48:54.171303375+00:00  INFO     LDAP request [ 21.3µs | 100.00% ] session_id: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913
lldap-1  | 2025-05-10T20:48:54.171319753+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 3, op: UnbindRequest, ctrl: [] }
lldap-1  | 2025-05-10T20:48:54.171325378+00:00  DEBUG    ┕━ 🐛 [debug]: Unbind request for admin
lldap-1  | 2025-05-10T20:48:54.171379225+00:00  INFO     ｉ [info]: LDAP session end: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913
lldap-1  | 2025-05-10T20:48:54.174100659+00:00  INFO     LDAP request [ 12.3µs | 100.00% ] session_id: 5b4cf6ee-27d7-4644-b199-9ede61a4d219
lldap-1  | 2025-05-10T20:48:54.174109980+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 1, op: UnbindRequest, ctrl: [] }
lldap-1  | 2025-05-10T20:48:54.174113097+00:00  DEBUG    ┕━ 🐛 [debug]: Unbind request for <not bound>
lldap-1  | 2025-05-10T20:48:54.174146458+00:00  INFO     ｉ [info]: LDAP session end: 5b4cf6ee-27d7-4644-b199-9ede61a4d219

@ChibyX commented on GitHub (May 10, 2025): Oh, thanks, I thought, this was verbose mode. Now I enabled it properly, and it gives: ``` lldap-1 | 2025-05-10T20:48:54.072925543+00:00 INFO ｉ [info]: LDAP session start: 5b4cf6ee-27d7-4644-b199-9ede61a4d219 lldap-1 | 2025-05-10T20:48:54.072975764+00:00 INFO LDAP request [ 50.2ms | 0.00% / 100.00% ] session_id: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913 lldap-1 | 2025-05-10T20:48:54.072997337+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=raft-server,dc=local", cred: LdapBindCred::Simple }), ctrl: [] } lldap-1 | 2025-05-10T20:48:54.073002586+00:00 DEBUG ┝━ do_bind [ 50.2ms | 0.00% / 100.00% ] dn: uid=admin,ou=people,dc=raft-server,dc=local lldap-1 | 2025-05-10T20:48:54.073023463+00:00 DEBUG │ ┝━ bind [ 50.0ms | 0.00% / 99.69% ] lldap-1 | 2025-05-10T20:48:54.073029176+00:00 DEBUG │ │ ┝━ get_password_file_for_user [ 417µs | 0.83% ] user_id: "admin" lldap-1 | 2025-05-10T20:48:54.073679752+00:00 INFO │ │ ┝━ ｉ [info]: Login attempt for "admin" lldap-1 | 2025-05-10T20:48:54.073683478+00:00 DEBUG │ │ ┕━ passwords_match [ 49.6ms | 98.86% ] username: admin lldap-1 | 2025-05-10T20:48:54.123300360+00:00 DEBUG │ ┝━ get_user_groups [ 153µs | 0.31% ] user_id: "admin" lldap-1 | 2025-05-10T20:48:54.123837435+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: {GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }, GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }} lldap-1 | 2025-05-10T20:48:54.123840374+00:00 DEBUG │ ┕━ 🐛 [debug]: Success! lldap-1 | 2025-05-10T20:48:54.123846158+00:00 DEBUG ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None }) lldap-1 | 2025-05-10T20:48:54.125200872+00:00 INFO LDAP request [ 590µs | 16.34% / 100.00% ] session_id: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913 lldap-1 | 2025-05-10T20:48:54.125210762+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 2, op: SearchRequest(LdapSearchRequest { base: "ou=people,dc=raft-server,dc=local", scope: Subtree, aliases: Never, sizelimit: 0, timelimit: 10, typesonly: false, filter: And([Equality("objectclass", "person"), Equality("memberOf", "cn=peertube_users,ou=groups,dc=raft-server,dc=local")]), attrs: [] }), ctrl: [] } lldap-1 | 2025-05-10T20:48:54.125212003+00:00 DEBUG ┝━ do_search [ 493µs | 28.26% / 83.66% ] lldap-1 | 2025-05-10T20:48:54.125386770+00:00 DEBUG │ ┝━ 🐛 [debug]: | request.base: "ou=people,dc=raft-server,dc=local" | scope: Users lldap-1 | 2025-05-10T20:48:54.125387864+00:00 DEBUG │ ┝━ get_user_list [ 318µs | 0.00% / 53.97% ] lldap-1 | 2025-05-10T20:48:54.125394139+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | filters: And([And([]), MemberOf("peertube_users")]) lldap-1 | 2025-05-10T20:48:54.125396950+00:00 DEBUG │ │ ┕━ list_users [ 318µs | 53.97% ] filters: Some(And([And([]), MemberOf("peertube_users")])) | _get_groups: false lldap-1 | 2025-05-10T20:48:54.125834901+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: [UserAndGroups { user: User { user_id: "admin", email: "", display_name: Some("Administrator"), creation_date: 2025-05-09T10:43:54.766266459, uuid: "50c9dbf9-177a-3ad0-91e9-6ff6b69d7622", attributes: [] }, groups: Some([GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }, UserAndGroups { user: User { user_id: "fchib", email: "fchib@yandex.ru", display_name: Some("ChibyX"), creation_date: 2025-05-09T11:12:58.997015051, uuid: "5dd70f52-cc8b-3f85-9609-0bd716b39d24", attributes: [AttributeValue { name: AttributeName(CaseInsensitiveString("first_name")), value: Serialized("Фёдор") }, AttributeValue { name: AttributeName(CaseInsensitiveString("last_name")), value: Serialized("Чибисов") }] }, groups: Some([GroupDetails { group_id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", attributes: [] }, GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", attributes: [] }, GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }, UserAndGroups { user: User { user_id: "peertube_bind", email: "pbind@example.com", display_name: None, creation_date: 2025-05-09T14:30:41.078202829, uuid: "ce733f5c-a4bd-320f-80be-c4c45aedec36", attributes: [] }, groups: Some([GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }, UserAndGroups { user: User { user_id: "test", email: "test@example.com", display_name: Some("John Doe"), creation_date: 2025-05-09T10:46:49.563420914, uuid: "39874100-3a63-3707-bdc9-4683f9ddfc46", attributes: [AttributeValue { name: AttributeName(CaseInsensitiveString("first_name")), value: Serialized("John") }, AttributeValue { name: AttributeName(CaseInsensitiveString("last_name")), value: Serialized("Doe") }] }, groups: Some([GroupDetails { group_id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", attributes: [] }]) }] lldap-1 | 2025-05-10T20:48:54.125838820+00:00 DEBUG │ ┕━ expand_attribute_wildcards [ 8.42µs | 1.43% ] ldap_attributes: [] lldap-1 | 2025-05-10T20:48:54.125847352+00:00 DEBUG │ ┕━ 🐛 [debug]: | attributes_out: {AttributeName(CaseInsensitiveString("cn")): "cn", AttributeName(CaseInsensitiveString("createtimestamp")): "createtimestamp", AttributeName(CaseInsensitiveString("entryuuid")): "entryuuid", AttributeName(CaseInsensitiveString("givenname")): "givenname", AttributeName(CaseInsensitiveString("jpegphoto")): "jpegPhoto", AttributeName(CaseInsensitiveString("mail")): "mail", AttributeName(CaseInsensitiveString("objectclass")): "objectclass", AttributeName(CaseInsensitiveString("sn")): "sn", AttributeName(CaseInsensitiveString("uid")): "uid"} lldap-1 | 2025-05-10T20:48:54.125890995+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=admin,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["Administrator"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T10:43:54.766266459+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["50c9dbf9-177a-3ad0-91e9-6ff6b69d7622"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "uid", vals: ["admin"] }] }) lldap-1 | 2025-05-10T20:48:54.125927725+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=fchib,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["ChibyX"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T11:12:58.997015051+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["5dd70f52-cc8b-3f85-9609-0bd716b39d24"] }, LdapPartialAttribute { atype: "first_name", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "givenname", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "last_name", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "mail", vals: ["fchib@yandex.ru"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "sn", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "uid", vals: ["fchib"] }] }) lldap-1 | 2025-05-10T20:48:54.125947247+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=peertube_bind,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T14:30:41.078202829+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["ce733f5c-a4bd-320f-80be-c4c45aedec36"] }, LdapPartialAttribute { atype: "mail", vals: ["pbind@example.com"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "uid", vals: ["peertube_bind"] }] }) lldap-1 | 2025-05-10T20:48:54.125966350+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=test,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["John Doe"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T10:46:49.563420914+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["39874100-3a63-3707-bdc9-4683f9ddfc46"] }, LdapPartialAttribute { atype: "first_name", vals: ["John"] }, LdapPartialAttribute { atype: "givenname", vals: ["John"] }, LdapPartialAttribute { atype: "last_name", vals: ["Doe"] }, LdapPartialAttribute { atype: "mail", vals: ["test@example.com"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "sn", vals: ["Doe"] }, LdapPartialAttribute { atype: "uid", vals: ["test"] }] }) lldap-1 | 2025-05-10T20:48:54.125977639+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap-1 | 2025-05-10T20:48:54.171303375+00:00 INFO LDAP request [ 21.3µs | 100.00% ] session_id: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913 lldap-1 | 2025-05-10T20:48:54.171319753+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 3, op: UnbindRequest, ctrl: [] } lldap-1 | 2025-05-10T20:48:54.171325378+00:00 DEBUG ┕━ 🐛 [debug]: Unbind request for admin lldap-1 | 2025-05-10T20:48:54.171379225+00:00 INFO ｉ [info]: LDAP session end: 8dbd85f0-43a8-4aaf-9b28-5508fa2cb913 lldap-1 | 2025-05-10T20:48:54.174100659+00:00 INFO LDAP request [ 12.3µs | 100.00% ] session_id: 5b4cf6ee-27d7-4644-b199-9ede61a4d219 lldap-1 | 2025-05-10T20:48:54.174109980+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 1, op: UnbindRequest, ctrl: [] } lldap-1 | 2025-05-10T20:48:54.174113097+00:00 DEBUG ┕━ 🐛 [debug]: Unbind request for <not bound> lldap-1 | 2025-05-10T20:48:54.174146458+00:00 INFO ｉ [info]: LDAP session end: 5b4cf6ee-27d7-4644-b199-9ede61a4d219 ```

kerem commented

2026-02-27 08:17:12 +03:00

Author

Owner

@nitnelave commented on GitHub (May 11, 2025):

I see what's wrong: your search filter is supposed to have the username inside (something like "(uid={0})" or some equivalent placeholder). Right now the query works, but returns more users than expected (all the peertube users).

You can also go back to using your bind user, if you add it to the lldap_strict_readonly group

@nitnelave commented on GitHub (May 11, 2025): I see what's wrong: your search filter is supposed to have the username inside (something like "(uid={0})" or some equivalent placeholder). Right now the query works, but returns more users than expected (all the peertube users). You can also go back to using your bind user, if you add it to the lldap_strict_readonly group

kerem commented

2026-02-27 08:17:12 +03:00

Author

Owner

@ChibyX commented on GitHub (May 12, 2025):

Well, I set Search filter to (|(mail={{username}})(uid={{username}})), as it was by plugin's default. I also had to bind groups for admin, moderator and user role because it turned to be mandatory (info[12.05.2025, 10:49:34] Do not login user fchib because admin did not configure LDAP Groups.) After that I finally managed to log in. But now Peertube cannot recognize LDAP groups I belong to: without No group matched login set to true it doesn't let me in (warn[12.05.2025, 10:52:10] User fchib does not have any allowed LDAP groups.). And with this settings it doesn't give me admin role despite I belong to lldap-admin group.

Here's my entire group config:

Group base: ou=groups,dc=raft-server,dc=local
Group filter: objectclass=groupOfUniqueNames
Administrator group DN: (memberOf=cn=lldap_admin,ou=groups,dc=raft-server,dc=local)
Moderator group DN: (memberOf=cn=peertube_mods,ou=groups,dc=raft-server,dc=local)
User group DN: (memberOf=cn=peertube_users,ou=groups,dc=raft-server,dc=local)
No group matched login: true

Here's also LLDAP log entry on succesful login:

lldap-1  | 2025-05-12T08:05:33.284367004+00:00  INFO     ｉ [info]: LDAP session start: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c
lldap-1  | 2025-05-12T08:05:33.284577404+00:00  INFO     ｉ [info]: LDAP session start: 1da101af-4135-489f-86bc-f9606829a69e
lldap-1  | 2025-05-12T08:05:33.285387260+00:00  INFO     LDAP request [ 41.4ms | 0.16% / 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c
lldap-1  | 2025-05-12T08:05:33.285409818+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=raft-server,dc=local", cred: LdapBindCred::Simple }), ctrl: [] }
lldap-1  | 2025-05-12T08:05:33.285415786+00:00  DEBUG    ┝━ do_bind [ 41.3ms | 0.00% / 99.84% ] dn: uid=admin,ou=people,dc=raft-server,dc=local
lldap-1  | 2025-05-12T08:05:33.285437246+00:00  DEBUG    │  ┝━ bind [ 41.0ms | 0.00% / 99.05% ]
lldap-1  | 2025-05-12T08:05:33.285443351+00:00  DEBUG    │  │  ┝━ get_password_file_for_user [ 215µs | 0.52% ] user_id: "admin"
lldap-1  | 2025-05-12T08:05:33.285782733+00:00  INFO     │  │  ┝━ ｉ [info]: Login attempt for "admin"
lldap-1  | 2025-05-12T08:05:33.285785871+00:00  DEBUG    │  │  ┕━ passwords_match [ 40.8ms | 98.53% ] username: admin
lldap-1  | 2025-05-12T08:05:33.326583028+00:00  DEBUG    │  ┝━ get_user_groups [ 328µs | 0.79% ] user_id: "admin"
lldap-1  | 2025-05-12T08:05:33.327805668+00:00  DEBUG    │  │  ┕━ 🐛 [debug]:  | return: {GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }}
lldap-1  | 2025-05-12T08:05:33.327818469+00:00  DEBUG    │  ┕━ 🐛 [debug]: Success!
lldap-1  | 2025-05-12T08:05:33.327825521+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None })
lldap-1  | 2025-05-12T08:05:33.328861342+00:00  INFO     LDAP request [ 334µs | 4.00% / 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c
lldap-1  | 2025-05-12T08:05:33.328869874+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 2, op: SearchRequest(LdapSearchRequest { base: "ou=people,dc=raft-server,dc=local", scope: Subtree, aliases: Never, sizelimit: 0, timelimit: 10, typesonly: false, filter: Or([Equality("mail", "fchib"), Equality("uid", "fchib")]), attrs: [] }), ctrl: [] }
lldap-1  | 2025-05-12T08:05:33.328870970+00:00  DEBUG    ┝━ do_search [ 320µs | 48.53% / 96.00% ]
lldap-1  | 2025-05-12T08:05:33.329088467+00:00  DEBUG    │  ┝━ 🐛 [debug]:  | request.base: "ou=people,dc=raft-server,dc=local" | scope: Users
lldap-1  | 2025-05-12T08:05:33.329089613+00:00  DEBUG    │  ┝━ get_user_list [ 151µs | 1.42% / 45.13% ]
lldap-1  | 2025-05-12T08:05:33.329094084+00:00  DEBUG    │  │  ┝━ 🐛 [debug]:  | filters: Or([Equality(LowercaseEmail, "fchib"), UserId("fchib")])
lldap-1  | 2025-05-12T08:05:33.329096880+00:00  DEBUG    │  │  ┕━ list_users [ 146µs | 43.71% ] filters: Some(Or([Equality(LowercaseEmail, "fchib"), UserId("fchib")])) | _get_groups: false
lldap-1  | 2025-05-12T08:05:33.329453032+00:00  DEBUG    │  │     ┕━ 🐛 [debug]:  | return: [UserAndGroups { user: User { user_id: "fchib", email: "fchib@yandex.ru", display_name: Some("ChibyX"), creation_date: 2025-05-09T11:12:58.997015051, uuid: "5dd70f52-cc8b-3f85-9609-0bd716b39d24", attributes: [AttributeValue { name: AttributeName(CaseInsensitiveString("first_name")), value: Serialized("Фёдор") }, AttributeValue { name: AttributeName(CaseInsensitiveString("last_name")), value: Serialized("Чибисов") }] }, groups: Some([GroupDetails { group_id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", attributes: [] }, GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", attributes: [] }]) }]
lldap-1  | 2025-05-12T08:05:33.329457052+00:00  DEBUG    │  ┕━ expand_attribute_wildcards [ 7.81µs | 2.34% ] ldap_attributes: []
lldap-1  | 2025-05-12T08:05:33.329464878+00:00  DEBUG    │     ┕━ 🐛 [debug]:  | attributes_out: {AttributeName(CaseInsensitiveString("cn")): "cn", AttributeName(CaseInsensitiveString("createtimestamp")): "createtimestamp", AttributeName(CaseInsensitiveString("entryuuid")): "entryuuid", AttributeName(CaseInsensitiveString("givenname")): "givenname", AttributeName(CaseInsensitiveString("jpegphoto")): "jpegPhoto", AttributeName(CaseInsensitiveString("mail")): "mail", AttributeName(CaseInsensitiveString("objectclass")): "objectclass", AttributeName(CaseInsensitiveString("sn")): "sn", AttributeName(CaseInsensitiveString("uid")): "uid"}
lldap-1  | 2025-05-12T08:05:33.329495706+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=fchib,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["ChibyX"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T11:12:58.997015051+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["5dd70f52-cc8b-3f85-9609-0bd716b39d24"] }, LdapPartialAttribute { atype: "first_name", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "givenname", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "last_name", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "mail", vals: ["fchib@yandex.ru"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "sn", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "uid", vals: ["fchib"] }] })
lldap-1  | 2025-05-12T08:05:33.329520907+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap-1  | 2025-05-12T08:05:33.374805291+00:00  INFO     LDAP request [ 46.9ms | 0.16% / 100.00% ] session_id: 1da101af-4135-489f-86bc-f9606829a69e
lldap-1  | 2025-05-12T08:05:33.374826578+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=fchib,ou=people,dc=raft-server,dc=local", cred: LdapBindCred::Simple }), ctrl: [] }
lldap-1  | 2025-05-12T08:05:33.374831313+00:00  DEBUG    ┝━ do_bind [ 46.8ms | 0.00% / 99.84% ] dn: uid=fchib,ou=people,dc=raft-server,dc=local
lldap-1  | 2025-05-12T08:05:33.374853912+00:00  DEBUG    │  ┝━ bind [ 46.6ms | 0.02% / 99.46% ]
lldap-1  | 2025-05-12T08:05:33.374859200+00:00  DEBUG    │  │  ┝━ get_password_file_for_user [ 160µs | 0.34% ] user_id: "fchib"
lldap-1  | 2025-05-12T08:05:33.375545042+00:00  INFO     │  │  ┝━ ｉ [info]: Login attempt for "fchib"
lldap-1  | 2025-05-12T08:05:33.375550480+00:00  DEBUG    │  │  ┕━ passwords_match [ 46.5ms | 99.09% ] username: fchib
lldap-1  | 2025-05-12T08:05:33.422039151+00:00  DEBUG    │  ┝━ get_user_groups [ 178µs | 0.38% ] user_id: "fchib"
lldap-1  | 2025-05-12T08:05:33.422778744+00:00  DEBUG    │  │  ┕━ 🐛 [debug]:  | return: {GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", attributes: [] }, GroupDetails { group_id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", attributes: [] }}
lldap-1  | 2025-05-12T08:05:33.422782666+00:00  DEBUG    │  ┕━ 🐛 [debug]: Success!
lldap-1  | 2025-05-12T08:05:33.422787913+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None })
lldap-1  | 2025-05-12T08:05:33.423584083+00:00  INFO     LDAP request [ 519µs | 29.62% / 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c
lldap-1  | 2025-05-12T08:05:33.423592110+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 3, op: SearchRequest(LdapSearchRequest { base: "ou=groups,dc=raft-server,dc=local", scope: Subtree, aliases: Never, sizelimit: 0, timelimit: 10, typesonly: false, filter: Equality("objectclass", "groupOfUniqueNames"), attrs: [] }), ctrl: [] }
lldap-1  | 2025-05-12T08:05:33.423593095+00:00  DEBUG    ┝━ do_search [ 366µs | 5.40% / 70.38% ]
lldap-1  | 2025-05-12T08:05:33.423744787+00:00  DEBUG    │  ┝━ 🐛 [debug]:  | request.base: "ou=groups,dc=raft-server,dc=local" | scope: Groups
lldap-1  | 2025-05-12T08:05:33.423745821+00:00  DEBUG    │  ┝━ get_groups_list [ 331µs | 0.00% / 63.67% ]
lldap-1  | 2025-05-12T08:05:33.423747996+00:00  DEBUG    │  │  ┝━ 🐛 [debug]:  | filters: And([])
lldap-1  | 2025-05-12T08:05:33.423749738+00:00  DEBUG    │  │  ┕━ list_groups [ 331µs | 63.67% ] filters: Some(And([]))
lldap-1  | 2025-05-12T08:05:33.424251544+00:00  DEBUG    │  │     ┕━ 🐛 [debug]:  | return: [Group { id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", users: ["fchib", "chibocit"], attributes: [] }, Group { id: 6, display_name: "friends", creation_date: 2025-05-09T10:45:38.681324581, uuid: "7777176d-4620-3de3-9350-db8026bcc42b", users: [], attributes: [] }, Group { id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", users: ["admin", "fchib"], attributes: [] }, Group { id: 2, display_name: "lldap_password_manager", creation_date: 2025-05-09T10:43:54.755264733, uuid: "6ad2f118-2a81-3de4-9b8f-365519fdfe2b", users: [], attributes: [] }, Group { id: 3, display_name: "lldap_strict_readonly", creation_date: 2025-05-09T10:43:54.760307590, uuid: "7d66a129-4359-340d-9eea-51becec6461c", users: [], attributes: [] }, Group { id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", users: ["fchib", "chibocit"], attributes: [] }, Group { id: 9, display_name: "peertube_mods", creation_date: 2025-05-12T07:50:50.767324407, uuid: "df2e7458-8917-308b-8056-d2de426d6fdf", users: [], attributes: [] }, Group { id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", users: ["test", "peertube_bind"], attributes: [] }]
lldap-1  | 2025-05-12T08:05:33.424255649+00:00  DEBUG    │  ┕━ expand_attribute_wildcards [ 6.82µs | 1.31% ] ldap_attributes: []
lldap-1  | 2025-05-12T08:05:33.424262544+00:00  DEBUG    │     ┕━ 🐛 [debug]:  | attributes_out: {AttributeName(CaseInsensitiveString("cn")): "cn", AttributeName(CaseInsensitiveString("entryuuid")): "entryuuid", AttributeName(CaseInsensitiveString("member")): "member", AttributeName(CaseInsensitiveString("objectclass")): "objectclass", AttributeName(CaseInsensitiveString("uid")): "uid", AttributeName(CaseInsensitiveString("uniquemember")): "uniquemember"}
lldap-1  | 2025-05-12T08:05:33.424296311+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=family,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["family"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["9ddaa79b-7787-39ad-980b-604c5b1e6a9c"] }, LdapPartialAttribute { atype: "member", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["family"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }] })
lldap-1  | 2025-05-12T08:05:33.424327763+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=friends,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["friends"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["7777176d-4620-3de3-9350-db8026bcc42b"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["friends"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] })
lldap-1  | 2025-05-12T08:05:33.424345055+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=lldap_admin,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["lldap_admin"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["f165b561-ae85-335f-abc2-ca9001c6940e"] }, LdapPartialAttribute { atype: "member", vals: ["uid=admin,ou=people,dc=raft-server,dc=local", "uid=fchib,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["lldap_admin"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=admin,ou=people,dc=raft-server,dc=local", "uid=fchib,ou=people,dc=raft-server,dc=local"] }] })
lldap-1  | 2025-05-12T08:05:33.424361119+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=lldap_password_manager,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["lldap_password_manager"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["6ad2f118-2a81-3de4-9b8f-365519fdfe2b"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["lldap_password_manager"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] })
lldap-1  | 2025-05-12T08:05:33.424377214+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=lldap_strict_readonly,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["lldap_strict_readonly"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["7d66a129-4359-340d-9eea-51becec6461c"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["lldap_strict_readonly"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] })
lldap-1  | 2025-05-12T08:05:33.424392709+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=nextcloud_users,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["nextcloud_users"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["c9f596a8-5e51-3c94-9dc6-23076625b974"] }, LdapPartialAttribute { atype: "member", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["nextcloud_users"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }] })
lldap-1  | 2025-05-12T08:05:33.424408210+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=peertube_mods,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["peertube_mods"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["df2e7458-8917-308b-8056-d2de426d6fdf"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["peertube_mods"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] })
lldap-1  | 2025-05-12T08:05:33.424424184+00:00  DEBUG    ┝━ 🐛 [debug]:  | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=peertube_users,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["peertube_users"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["b717a0a5-2e01-3f16-9956-b85e90b633db"] }, LdapPartialAttribute { atype: "member", vals: ["uid=test,ou=people,dc=raft-server,dc=local", "uid=peertube_bind,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["peertube_users"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=test,ou=people,dc=raft-server,dc=local", "uid=peertube_bind,ou=people,dc=raft-server,dc=local"] }] })
lldap-1  | 2025-05-12T08:05:33.424436174+00:00  DEBUG    ┕━ 🐛 [debug]:  | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] })
lldap-1  | 2025-05-12T08:05:33.425113193+00:00  INFO     LDAP request [ 3.88µs | 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c
lldap-1  | 2025-05-12T08:05:33.425115869+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 4, op: UnbindRequest, ctrl: [] }
lldap-1  | 2025-05-12T08:05:33.425117166+00:00  DEBUG    ┕━ 🐛 [debug]: Unbind request for admin
lldap-1  | 2025-05-12T08:05:33.425123996+00:00  INFO     ｉ [info]: LDAP session end: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c
lldap-1  | 2025-05-12T08:05:33.426199441+00:00  INFO     LDAP request [ 2.66µs | 100.00% ] session_id: 1da101af-4135-489f-86bc-f9606829a69e
lldap-1  | 2025-05-12T08:05:33.426201287+00:00  DEBUG    ┝━ 🐛 [debug]:  | msg: LdapMsg { msgid: 2, op: UnbindRequest, ctrl: [] }
lldap-1  | 2025-05-12T08:05:33.426202181+00:00  DEBUG    ┕━ 🐛 [debug]: Unbind request for fchib
lldap-1  | 2025-05-12T08:05:33.426208288+00:00  INFO     ｉ [info]: LDAP session end: 1da101af-4135-489f-86bc-f9606829a69e

@ChibyX commented on GitHub (May 12, 2025): Well, I set **Search filter** to (|(mail={{username}})(uid={{username}})), as it was by plugin's default. I also had to bind groups for admin, moderator and user role because it turned to be mandatory (`info[12.05.2025, 10:49:34] Do not login user fchib because admin did not configure LDAP Groups.`) After that I finally managed to log in. But now Peertube cannot recognize LDAP groups I belong to: without **No group matched login** set to true it doesn't let me in (`warn[12.05.2025, 10:52:10] User fchib does not have any allowed LDAP groups.`). And with this settings it doesn't give me admin role despite I belong to `lldap-admin` group. Here's my entire group config: - **Group base:** ou=groups,dc=raft-server,dc=local - **Group filter:** objectclass=groupOfUniqueNames - **Administrator group DN:** (memberOf=cn=lldap_admin,ou=groups,dc=raft-server,dc=local) - **Moderator group DN:** (memberOf=cn=peertube_mods,ou=groups,dc=raft-server,dc=local) - **User group DN:** (memberOf=cn=peertube_users,ou=groups,dc=raft-server,dc=local) - **No group matched login:** true Here's also LLDAP log entry on succesful login: ``` lldap-1 | 2025-05-12T08:05:33.284367004+00:00 INFO ｉ [info]: LDAP session start: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c lldap-1 | 2025-05-12T08:05:33.284577404+00:00 INFO ｉ [info]: LDAP session start: 1da101af-4135-489f-86bc-f9606829a69e lldap-1 | 2025-05-12T08:05:33.285387260+00:00 INFO LDAP request [ 41.4ms | 0.16% / 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c lldap-1 | 2025-05-12T08:05:33.285409818+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=admin,ou=people,dc=raft-server,dc=local", cred: LdapBindCred::Simple }), ctrl: [] } lldap-1 | 2025-05-12T08:05:33.285415786+00:00 DEBUG ┝━ do_bind [ 41.3ms | 0.00% / 99.84% ] dn: uid=admin,ou=people,dc=raft-server,dc=local lldap-1 | 2025-05-12T08:05:33.285437246+00:00 DEBUG │ ┝━ bind [ 41.0ms | 0.00% / 99.05% ] lldap-1 | 2025-05-12T08:05:33.285443351+00:00 DEBUG │ │ ┝━ get_password_file_for_user [ 215µs | 0.52% ] user_id: "admin" lldap-1 | 2025-05-12T08:05:33.285782733+00:00 INFO │ │ ┝━ ｉ [info]: Login attempt for "admin" lldap-1 | 2025-05-12T08:05:33.285785871+00:00 DEBUG │ │ ┕━ passwords_match [ 40.8ms | 98.53% ] username: admin lldap-1 | 2025-05-12T08:05:33.326583028+00:00 DEBUG │ ┝━ get_user_groups [ 328µs | 0.79% ] user_id: "admin" lldap-1 | 2025-05-12T08:05:33.327805668+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: {GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }} lldap-1 | 2025-05-12T08:05:33.327818469+00:00 DEBUG │ ┕━ 🐛 [debug]: Success! lldap-1 | 2025-05-12T08:05:33.327825521+00:00 DEBUG ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None }) lldap-1 | 2025-05-12T08:05:33.328861342+00:00 INFO LDAP request [ 334µs | 4.00% / 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c lldap-1 | 2025-05-12T08:05:33.328869874+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 2, op: SearchRequest(LdapSearchRequest { base: "ou=people,dc=raft-server,dc=local", scope: Subtree, aliases: Never, sizelimit: 0, timelimit: 10, typesonly: false, filter: Or([Equality("mail", "fchib"), Equality("uid", "fchib")]), attrs: [] }), ctrl: [] } lldap-1 | 2025-05-12T08:05:33.328870970+00:00 DEBUG ┝━ do_search [ 320µs | 48.53% / 96.00% ] lldap-1 | 2025-05-12T08:05:33.329088467+00:00 DEBUG │ ┝━ 🐛 [debug]: | request.base: "ou=people,dc=raft-server,dc=local" | scope: Users lldap-1 | 2025-05-12T08:05:33.329089613+00:00 DEBUG │ ┝━ get_user_list [ 151µs | 1.42% / 45.13% ] lldap-1 | 2025-05-12T08:05:33.329094084+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | filters: Or([Equality(LowercaseEmail, "fchib"), UserId("fchib")]) lldap-1 | 2025-05-12T08:05:33.329096880+00:00 DEBUG │ │ ┕━ list_users [ 146µs | 43.71% ] filters: Some(Or([Equality(LowercaseEmail, "fchib"), UserId("fchib")])) | _get_groups: false lldap-1 | 2025-05-12T08:05:33.329453032+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: [UserAndGroups { user: User { user_id: "fchib", email: "fchib@yandex.ru", display_name: Some("ChibyX"), creation_date: 2025-05-09T11:12:58.997015051, uuid: "5dd70f52-cc8b-3f85-9609-0bd716b39d24", attributes: [AttributeValue { name: AttributeName(CaseInsensitiveString("first_name")), value: Serialized("Фёдор") }, AttributeValue { name: AttributeName(CaseInsensitiveString("last_name")), value: Serialized("Чибисов") }] }, groups: Some([GroupDetails { group_id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", attributes: [] }, GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", attributes: [] }]) }] lldap-1 | 2025-05-12T08:05:33.329457052+00:00 DEBUG │ ┕━ expand_attribute_wildcards [ 7.81µs | 2.34% ] ldap_attributes: [] lldap-1 | 2025-05-12T08:05:33.329464878+00:00 DEBUG │ ┕━ 🐛 [debug]: | attributes_out: {AttributeName(CaseInsensitiveString("cn")): "cn", AttributeName(CaseInsensitiveString("createtimestamp")): "createtimestamp", AttributeName(CaseInsensitiveString("entryuuid")): "entryuuid", AttributeName(CaseInsensitiveString("givenname")): "givenname", AttributeName(CaseInsensitiveString("jpegphoto")): "jpegPhoto", AttributeName(CaseInsensitiveString("mail")): "mail", AttributeName(CaseInsensitiveString("objectclass")): "objectclass", AttributeName(CaseInsensitiveString("sn")): "sn", AttributeName(CaseInsensitiveString("uid")): "uid"} lldap-1 | 2025-05-12T08:05:33.329495706+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "uid=fchib,ou=people,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["ChibyX"] }, LdapPartialAttribute { atype: "createtimestamp", vals: ["2025-05-09T11:12:58.997015051+00:00"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["5dd70f52-cc8b-3f85-9609-0bd716b39d24"] }, LdapPartialAttribute { atype: "first_name", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "givenname", vals: ["Фёдор"] }, LdapPartialAttribute { atype: "last_name", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "mail", vals: ["fchib@yandex.ru"] }, LdapPartialAttribute { atype: "objectclass", vals: ["inetOrgPerson", "posixAccount", "mailAccount", "person"] }, LdapPartialAttribute { atype: "sn", vals: ["Чибисов"] }, LdapPartialAttribute { atype: "uid", vals: ["fchib"] }] }) lldap-1 | 2025-05-12T08:05:33.329520907+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap-1 | 2025-05-12T08:05:33.374805291+00:00 INFO LDAP request [ 46.9ms | 0.16% / 100.00% ] session_id: 1da101af-4135-489f-86bc-f9606829a69e lldap-1 | 2025-05-12T08:05:33.374826578+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 1, op: BindRequest(LdapBindRequest { dn: "uid=fchib,ou=people,dc=raft-server,dc=local", cred: LdapBindCred::Simple }), ctrl: [] } lldap-1 | 2025-05-12T08:05:33.374831313+00:00 DEBUG ┝━ do_bind [ 46.8ms | 0.00% / 99.84% ] dn: uid=fchib,ou=people,dc=raft-server,dc=local lldap-1 | 2025-05-12T08:05:33.374853912+00:00 DEBUG │ ┝━ bind [ 46.6ms | 0.02% / 99.46% ] lldap-1 | 2025-05-12T08:05:33.374859200+00:00 DEBUG │ │ ┝━ get_password_file_for_user [ 160µs | 0.34% ] user_id: "fchib" lldap-1 | 2025-05-12T08:05:33.375545042+00:00 INFO │ │ ┝━ ｉ [info]: Login attempt for "fchib" lldap-1 | 2025-05-12T08:05:33.375550480+00:00 DEBUG │ │ ┕━ passwords_match [ 46.5ms | 99.09% ] username: fchib lldap-1 | 2025-05-12T08:05:33.422039151+00:00 DEBUG │ ┝━ get_user_groups [ 178µs | 0.38% ] user_id: "fchib" lldap-1 | 2025-05-12T08:05:33.422778744+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: {GroupDetails { group_id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", attributes: [] }, GroupDetails { group_id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", attributes: [] }, GroupDetails { group_id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", attributes: [] }} lldap-1 | 2025-05-12T08:05:33.422782666+00:00 DEBUG │ ┕━ 🐛 [debug]: Success! lldap-1 | 2025-05-12T08:05:33.422787913+00:00 DEBUG ┕━ 🐛 [debug]: | response: BindResponse(LdapBindResponse { res: LdapResult { code: Success, matcheddn: "", message: "", referral: [] }, saslcreds: None }) lldap-1 | 2025-05-12T08:05:33.423584083+00:00 INFO LDAP request [ 519µs | 29.62% / 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c lldap-1 | 2025-05-12T08:05:33.423592110+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 3, op: SearchRequest(LdapSearchRequest { base: "ou=groups,dc=raft-server,dc=local", scope: Subtree, aliases: Never, sizelimit: 0, timelimit: 10, typesonly: false, filter: Equality("objectclass", "groupOfUniqueNames"), attrs: [] }), ctrl: [] } lldap-1 | 2025-05-12T08:05:33.423593095+00:00 DEBUG ┝━ do_search [ 366µs | 5.40% / 70.38% ] lldap-1 | 2025-05-12T08:05:33.423744787+00:00 DEBUG │ ┝━ 🐛 [debug]: | request.base: "ou=groups,dc=raft-server,dc=local" | scope: Groups lldap-1 | 2025-05-12T08:05:33.423745821+00:00 DEBUG │ ┝━ get_groups_list [ 331µs | 0.00% / 63.67% ] lldap-1 | 2025-05-12T08:05:33.423747996+00:00 DEBUG │ │ ┝━ 🐛 [debug]: | filters: And([]) lldap-1 | 2025-05-12T08:05:33.423749738+00:00 DEBUG │ │ ┕━ list_groups [ 331µs | 63.67% ] filters: Some(And([])) lldap-1 | 2025-05-12T08:05:33.424251544+00:00 DEBUG │ │ ┕━ 🐛 [debug]: | return: [Group { id: 4, display_name: "family", creation_date: 2025-05-09T10:45:22.201776643, uuid: "9ddaa79b-7787-39ad-980b-604c5b1e6a9c", users: ["fchib", "chibocit"], attributes: [] }, Group { id: 6, display_name: "friends", creation_date: 2025-05-09T10:45:38.681324581, uuid: "7777176d-4620-3de3-9350-db8026bcc42b", users: [], attributes: [] }, Group { id: 1, display_name: "lldap_admin", creation_date: 2025-05-09T10:43:54.750016655, uuid: "f165b561-ae85-335f-abc2-ca9001c6940e", users: ["admin", "fchib"], attributes: [] }, Group { id: 2, display_name: "lldap_password_manager", creation_date: 2025-05-09T10:43:54.755264733, uuid: "6ad2f118-2a81-3de4-9b8f-365519fdfe2b", users: [], attributes: [] }, Group { id: 3, display_name: "lldap_strict_readonly", creation_date: 2025-05-09T10:43:54.760307590, uuid: "7d66a129-4359-340d-9eea-51becec6461c", users: [], attributes: [] }, Group { id: 5, display_name: "nextcloud_users", creation_date: 2025-05-09T10:45:32.595693060, uuid: "c9f596a8-5e51-3c94-9dc6-23076625b974", users: ["fchib", "chibocit"], attributes: [] }, Group { id: 9, display_name: "peertube_mods", creation_date: 2025-05-12T07:50:50.767324407, uuid: "df2e7458-8917-308b-8056-d2de426d6fdf", users: [], attributes: [] }, Group { id: 8, display_name: "peertube_users", creation_date: 2025-05-09T16:48:40.809656270, uuid: "b717a0a5-2e01-3f16-9956-b85e90b633db", users: ["test", "peertube_bind"], attributes: [] }] lldap-1 | 2025-05-12T08:05:33.424255649+00:00 DEBUG │ ┕━ expand_attribute_wildcards [ 6.82µs | 1.31% ] ldap_attributes: [] lldap-1 | 2025-05-12T08:05:33.424262544+00:00 DEBUG │ ┕━ 🐛 [debug]: | attributes_out: {AttributeName(CaseInsensitiveString("cn")): "cn", AttributeName(CaseInsensitiveString("entryuuid")): "entryuuid", AttributeName(CaseInsensitiveString("member")): "member", AttributeName(CaseInsensitiveString("objectclass")): "objectclass", AttributeName(CaseInsensitiveString("uid")): "uid", AttributeName(CaseInsensitiveString("uniquemember")): "uniquemember"} lldap-1 | 2025-05-12T08:05:33.424296311+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=family,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["family"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["9ddaa79b-7787-39ad-980b-604c5b1e6a9c"] }, LdapPartialAttribute { atype: "member", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["family"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }] }) lldap-1 | 2025-05-12T08:05:33.424327763+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=friends,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["friends"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["7777176d-4620-3de3-9350-db8026bcc42b"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["friends"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] }) lldap-1 | 2025-05-12T08:05:33.424345055+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=lldap_admin,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["lldap_admin"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["f165b561-ae85-335f-abc2-ca9001c6940e"] }, LdapPartialAttribute { atype: "member", vals: ["uid=admin,ou=people,dc=raft-server,dc=local", "uid=fchib,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["lldap_admin"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=admin,ou=people,dc=raft-server,dc=local", "uid=fchib,ou=people,dc=raft-server,dc=local"] }] }) lldap-1 | 2025-05-12T08:05:33.424361119+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=lldap_password_manager,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["lldap_password_manager"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["6ad2f118-2a81-3de4-9b8f-365519fdfe2b"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["lldap_password_manager"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] }) lldap-1 | 2025-05-12T08:05:33.424377214+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=lldap_strict_readonly,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["lldap_strict_readonly"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["7d66a129-4359-340d-9eea-51becec6461c"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["lldap_strict_readonly"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] }) lldap-1 | 2025-05-12T08:05:33.424392709+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=nextcloud_users,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["nextcloud_users"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["c9f596a8-5e51-3c94-9dc6-23076625b974"] }, LdapPartialAttribute { atype: "member", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["nextcloud_users"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=fchib,ou=people,dc=raft-server,dc=local", "uid=chibocit,ou=people,dc=raft-server,dc=local"] }] }) lldap-1 | 2025-05-12T08:05:33.424408210+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=peertube_mods,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["peertube_mods"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["df2e7458-8917-308b-8056-d2de426d6fdf"] }, LdapPartialAttribute { atype: "member", vals: [] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["peertube_mods"] }, LdapPartialAttribute { atype: "uniquemember", vals: [] }] }) lldap-1 | 2025-05-12T08:05:33.424424184+00:00 DEBUG ┝━ 🐛 [debug]: | response: SearchResultEntry(LdapSearchResultEntry { dn: "cn=peertube_users,ou=groups,dc=raft-server,dc=local", attributes: [LdapPartialAttribute { atype: "cn", vals: ["peertube_users"] }, LdapPartialAttribute { atype: "entryuuid", vals: ["b717a0a5-2e01-3f16-9956-b85e90b633db"] }, LdapPartialAttribute { atype: "member", vals: ["uid=test,ou=people,dc=raft-server,dc=local", "uid=peertube_bind,ou=people,dc=raft-server,dc=local"] }, LdapPartialAttribute { atype: "objectclass", vals: ["groupOfUniqueNames"] }, LdapPartialAttribute { atype: "uid", vals: ["peertube_users"] }, LdapPartialAttribute { atype: "uniquemember", vals: ["uid=test,ou=people,dc=raft-server,dc=local", "uid=peertube_bind,ou=people,dc=raft-server,dc=local"] }] }) lldap-1 | 2025-05-12T08:05:33.424436174+00:00 DEBUG ┕━ 🐛 [debug]: | response: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }) lldap-1 | 2025-05-12T08:05:33.425113193+00:00 INFO LDAP request [ 3.88µs | 100.00% ] session_id: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c lldap-1 | 2025-05-12T08:05:33.425115869+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 4, op: UnbindRequest, ctrl: [] } lldap-1 | 2025-05-12T08:05:33.425117166+00:00 DEBUG ┕━ 🐛 [debug]: Unbind request for admin lldap-1 | 2025-05-12T08:05:33.425123996+00:00 INFO ｉ [info]: LDAP session end: 62d5051f-0cd9-4d5b-af48-8c98a28a7c3c lldap-1 | 2025-05-12T08:05:33.426199441+00:00 INFO LDAP request [ 2.66µs | 100.00% ] session_id: 1da101af-4135-489f-86bc-f9606829a69e lldap-1 | 2025-05-12T08:05:33.426201287+00:00 DEBUG ┝━ 🐛 [debug]: | msg: LdapMsg { msgid: 2, op: UnbindRequest, ctrl: [] } lldap-1 | 2025-05-12T08:05:33.426202181+00:00 DEBUG ┕━ 🐛 [debug]: Unbind request for fchib lldap-1 | 2025-05-12T08:05:33.426208288+00:00 INFO ｉ [info]: LDAP session end: 1da101af-4135-489f-86bc-f9606829a69e ```

kerem commented

2026-02-27 08:17:12 +03:00

Author

Owner

@nitnelave commented on GitHub (May 12, 2025):

For the "user group DN" (and the other ones) you put a search filter instead of a DN. A DN is just "uid=...,ou=..."

@nitnelave commented on GitHub (May 12, 2025): For the "user group DN" (and the other ones) you put a search filter instead of a DN. A DN is just "uid=...,ou=..."

kerem commented

2026-02-27 08:17:12 +03:00

Author

Owner

@ChibyX commented on GitHub (May 12, 2025):

Thanks! Now it works as expected, except for users who are members of peertube_mods get administrator role instead of moderator. Anyways, for my instance it's not a big deal. I'll add example config to this repo soon.

@ChibyX commented on GitHub (May 12, 2025): Thanks! Now it works as expected, except for users who are members of `peertube_mods` get administrator role instead of moderator. Anyways, for my instance it's not a big deal. I'll add example config to this repo soon.

kerem referenced this issue

2026-02-27 09:09:31 +03:00

[PR #418] [MERGED] Improve support for MySQL/Postgres #728