OIDC and LDAP user mapping

xpillons · October 3, 2025, 3:04pm

Our Open OnDemand machine is setup to use Open ID Connect to authenticate with EntraID, and has SSSD configured to use LDAP Auth. While we have got the EntraID auth correct when accessing the Open OnDemand main page, it failed on the user mapping. The error being this one

Error – failed to map user (foo)

When we SSH on the OOD machine we can logon with user foo .

id foo and su - foo succeeded.

I’m looking for advice on where to look for detailed errors and if so how to increase the log vebocity ?

I don’t see anything in the apache2 logs.

Thank you for your help

Xavier

bsingleton · October 3, 2025, 4:45pm

Hi Xavier,

What version of OOD are you running? Could you provide your /etc/ood/config/ood_portal.yml? This is the source of a lot of user mapping issues, specifically with the user_map_match.

For more verbosity in the error logs, you should set the lua log level to debug in ood-portal.yml. That should write an explicit log for user mapping that looks something like this

Mapped ‘foo’ => ‘foo’. If it shows it mapping to an empty string, that would point to the user_map being the problem.

xpillons · October 3, 2025, 4:47pm

thanks for the reply. This is on OOD 4.0.7. I don’t have the ood_portal.yml handy, but I will check this next monday.

xpillons · October 6, 2025, 2:18pm

thank you for your advice. the domain mapping was the issue, we tried to map with a domain while there were no domain.

All works now.

Thanks,

Xavier

Topic		Replies	Views
Error - failed to map user Get Help question	18	2342	May 26, 2022
Error -- failed to map user , OOD and Shibboleth authentication Get Help question	14	1118	May 26, 2022
Problem with user mapping Get Help	13	1053	August 27, 2023
Error -- failed to map user (ood) Get Help ondemand2	7	407	December 24, 2022
Error -- failed to map user Get Help	10	1064	May 26, 2022

OIDC and LDAP user mapping

Related topics