Unable to get LDAP working in Dex

Hello,

I have OOD working using basic auth + PAM, but am in the process of migrating to Dex. When I try to login to the OOD portal with Dex, I get the following error:

Internal Server Error
Login error: ldap: entry “uid=XXX,ou=people,dc=engr,dc=oregonstate,dc=edu” missing following required attribute(s): [“mail”]

There isn’t a “mail” attribute, so I removed that entry and now I get this error:
Login error: ldap: entry “uid=XXX,ou=people,dc=engr,dc=oregonstate,dc=edu” missing following required attribute(s): [""]

Here is the dex portion of my ood_portal.yml:

dex:
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: XXX:636
insecureSkipVerify: false
bindDN: cn=XXX,dc=engr,dc=oregonstate,dc=edu
userSearch:
baseDN: ou=people,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixAccount)”
username: uid
idAttr: uid
#emailAttr: mail
nameAttr: gecos
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=group,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixGroup)”
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn

Any ideas what could be wrong here?

Thanks,

Rob

Hi @robyelle and welcome!

Looking at what you have, I don’t see an entry for bindPW which you may have left out on purpose but I wanted to make sure that was actually set in the config.

You probably already have seen this but for reference:
https://osc.github.io/ood-documentation/latest/authentication/dex.html?highlight=dex

I believe you need some sort of email attribute. Whether it’s mail or email (or some 3rd one) in your LDAP - I believe dex relys on this.

Thank you for your responses. The problem turned out to be the email attribute, just setting it to “uid” resolved the issue.

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.