Dex LDAP error when email does not match UID

Hi,

I’m running into an issue with dex authentication against LDAP.

dex:
  connectors:
    - type: ldap
      id: ldap
      name: LDAP
      config:
        host: ldap.rcc.fsu.edu
        insecureSkipVerify: true
        bindDN: ******
        bindPW: ******
        userSearch:
          baseDN: ou=people,dc=rcc,dc=fsu,dc=edu
          filter: "(objectClass=posixAccount)"
          username: uid
          idAttr: uid
          emailAttr: mail
          nameAttr: uid
          preferredUsernameAttr: uid
        groupSearch:
          baseDN: dc=rcc,dc=fsu,dc=edu
          filter: "(objectClass=posixGroup)"
          userMatchers:
            - userAttr: DN
              groupAttr: cn

My uid is cam02h, but my email address is cmclaughlin@fsu.edu. When I try to login with this configuration, I get the following message:

Error -- can't find user for cmclaughlin
Run 'nginx_stage --help' to see a full list of available command line options.

It appears that the user mapping is based off everything before the “@” in the email address.

When I change my email address to match my uid (cam02h@fsu.edu), I can successfully login and see the dashboard.

Is there any way to allow dex logins where the email doesn’t match the uid?

Nevermind; I just needed to restart the httpd service: # systemctl restart httpd

What’s your oidc_remote_user_claim set to in the ood_portal.yml. Looks like the default is preferred_username which should be your uid given preferredUsernameAttr: uid setting in Dex.

Lol! just saw your comment, thanks for the update. I’ll leave mine here too just in case other folks come in and want to see/know more.