-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
missing entity alias attribute value with #26171
Comments
Hi @trutled3 - thanks for this report! Is this on 1.16.0 GA or one of the RCs? It'll help our investigation. Thanks much! :) |
Hi there! This was v1.16.0 GA that was released today. |
Thank you so much! I'll pass this along. Edit: I misspoke on the state of the version. |
Oh, okay. Thanks! |
I have the exact same issue. Upgraded just minutes ago. |
Are you using Active Directory ? I have the same issue |
@Joffrey54 - I am using active directory, yes! I did not include that information in my original issue post. I updated to include that information as well. |
@Joffrey54 - Same here, using Active Directory. |
Thank you @Joffrey54! Checking the Username as alias box also worked for me. |
I can confirm checking the username as alias box resolves the error for me as well. |
Thanks everyone, we are working on a fix for this now. The workaround mentioned above should be used with caution since the user attribute is customizable. |
This fixes 2 ldap auth login errors * Missing entity alias attribute value * Vault relies on case insensitive user attribute keys for mapping user attributes to entity alias metadata. This sets the appropriate configs in the cap library. * ldap group search anonymous bind regression * Anonymous group searches can be rejected by some LDAP servers if they contain a userDN. This sets the configs in the cap library to specify unauthenticated binds for anonymous group searches should exclude a DN. Closes #26171 Closes #26183
* auth/ldap: fix login errors This fixes 2 ldap auth login errors * Missing entity alias attribute value * Vault relies on case insensitive user attribute keys for mapping user attributes to entity alias metadata. This sets the appropriate configs in the cap library. * ldap group search anonymous bind regression * Anonymous group searches can be rejected by some LDAP servers if they contain a userDN. This sets the configs in the cap library to specify unauthenticated binds for anonymous group searches should exclude a DN. Closes #26171 Closes #26183 * changelog * go mod tidy * go get cap/ldap@latest and go mod tidy
* auth/ldap: fix login errors This fixes 2 ldap auth login errors * Missing entity alias attribute value * Vault relies on case insensitive user attribute keys for mapping user attributes to entity alias metadata. This sets the appropriate configs in the cap library. * ldap group search anonymous bind regression * Anonymous group searches can be rejected by some LDAP servers if they contain a userDN. This sets the configs in the cap library to specify unauthenticated binds for anonymous group searches should exclude a DN. Closes #26171 Closes #26183 * changelog * go mod tidy * go get cap/ldap@latest and go mod tidy
* auth/ldap: fix login errors This fixes 2 ldap auth login errors * Missing entity alias attribute value * Vault relies on case insensitive user attribute keys for mapping user attributes to entity alias metadata. This sets the appropriate configs in the cap library. * ldap group search anonymous bind regression * Anonymous group searches can be rejected by some LDAP servers if they contain a userDN. This sets the configs in the cap library to specify unauthenticated binds for anonymous group searches should exclude a DN. Closes #26171 Closes #26183 * changelog * go mod tidy * go get cap/ldap@latest and go mod tidy
Describe the bug
A clear and concise description of what the bug is.
After upgrading Vault to v1.16.0 from v1.15.1 we are seeing an error when signing in through the ldap auth method stating,
Authentication failed: missing entity alias attribute value
. I am using active directory.To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected behavior is for ldap auth method behavior to remain the same between v1.15.1 and v1.16.0 with no changes to ldap auth method configuration.
Environment:
vault status
): 1.16.0vault version
): N/AVault server configuration file(s):
The text was updated successfully, but these errors were encountered: