Dex LDAP error when email does not match UID


I’m running into an issue with dex authentication against LDAP.

    - type: ldap
      id: ldap
      name: LDAP
        insecureSkipVerify: true
        bindDN: ******
        bindPW: ******
          baseDN: ou=people,dc=rcc,dc=fsu,dc=edu
          filter: "(objectClass=posixAccount)"
          username: uid
          idAttr: uid
          emailAttr: mail
          nameAttr: uid
          preferredUsernameAttr: uid
          baseDN: dc=rcc,dc=fsu,dc=edu
          filter: "(objectClass=posixGroup)"
            - userAttr: DN
              groupAttr: cn

My uid is cam02h, but my email address is When I try to login with this configuration, I get the following message:

Error -- can't find user for cmclaughlin
Run 'nginx_stage --help' to see a full list of available command line options.

It appears that the user mapping is based off everything before the “@” in the email address.

When I change my email address to match my uid (, I can successfully login and see the dashboard.

Is there any way to allow dex logins where the email doesn’t match the uid?

Nevermind; I just needed to restart the httpd service: # systemctl restart httpd

What’s your oidc_remote_user_claim set to in the ood_portal.yml. Looks like the default is preferred_username which should be your uid given preferredUsernameAttr: uid setting in Dex.

Lol! just saw your comment, thanks for the update. I’ll leave mine here too just in case other folks come in and want to see/know more.

1 Like