missing entity alias attribute value with #26171
Comments
|
Hi @trutled3 - thanks for this report! Is this on 1.16.0 GA or one of the RCs? It'll help our investigation. Thanks much! :) |
|
Hi there! This was v1.16.0 GA that was released today. |
Thank you so much! I'll pass this along. Edit: I misspoke on the state of the version. |
|
Oh, okay. Thanks! |
|
I have the exact same issue. Upgraded just minutes ago. |
|
Are you using Active Directory ? I have the same issue |
|
@Joffrey54 - I am using active directory, yes! I did not include that information in my original issue post. I updated to include that information as well. |
@Joffrey54 - Same here, using Active Directory. |
|
Perhaps the bug come from the "user attribute" that is forced in lowercase: In Windows, this attribute is "sAMAccountName" But, as I said, this option solved the error for me: |
|
Thank you @Joffrey54! Checking the Username as alias box also worked for me. |
|
I can confirm checking the username as alias box resolves the error for me as well. |
|
Thanks everyone, we are working on a fix for this now. The workaround mentioned above should be used with caution since the user attribute is customizable. |
heatherezell
added
the
reproduced
This fixes 2 ldap auth login errors
* Missing entity alias attribute value
* Vault relies on case insensitive user attribute keys for mapping user
attributes to entity alias metadata. This sets the appropriate
configs in the cap library.
* ldap group search anonymous bind regression
* Anonymous group searches can be rejected by some LDAP servers if
they contain a userDN. This sets the configs in the cap library to
specify unauthenticated binds for anonymous group searches should
exclude a DN.
Closes #26171
Closes #26183
* auth/ldap: fix login errors
This fixes 2 ldap auth login errors
* Missing entity alias attribute value
* Vault relies on case insensitive user attribute keys for mapping user
attributes to entity alias metadata. This sets the appropriate
configs in the cap library.
* ldap group search anonymous bind regression
* Anonymous group searches can be rejected by some LDAP servers if
they contain a userDN. This sets the configs in the cap library to
specify unauthenticated binds for anonymous group searches should
exclude a DN.
Closes #26171
Closes #26183
* changelog
* go mod tidy
* go get cap/ldap@latest and go mod tidy
* auth/ldap: fix login errors
This fixes 2 ldap auth login errors
* Missing entity alias attribute value
* Vault relies on case insensitive user attribute keys for mapping user
attributes to entity alias metadata. This sets the appropriate
configs in the cap library.
* ldap group search anonymous bind regression
* Anonymous group searches can be rejected by some LDAP servers if
they contain a userDN. This sets the configs in the cap library to
specify unauthenticated binds for anonymous group searches should
exclude a DN.
Closes #26171
Closes #26183
* changelog
* go mod tidy
* go get cap/ldap@latest and go mod tidy
* auth/ldap: fix login errors
This fixes 2 ldap auth login errors
* Missing entity alias attribute value
* Vault relies on case insensitive user attribute keys for mapping user
attributes to entity alias metadata. This sets the appropriate
configs in the cap library.
* ldap group search anonymous bind regression
* Anonymous group searches can be rejected by some LDAP servers if
they contain a userDN. This sets the configs in the cap library to
specify unauthenticated binds for anonymous group searches should
exclude a DN.
Closes #26171
Closes #26183
* changelog
* go mod tidy
* go get cap/ldap@latest and go mod tidy
Describe the bug
A clear and concise description of what the bug is.
After upgrading Vault to v1.16.0 from v1.15.1 we are seeing an error when signing in through the ldap auth method stating,
Authentication failed: missing entity alias attribute value. I am using active directory.To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected behavior is for ldap auth method behavior to remain the same between v1.15.1 and v1.16.0 with no changes to ldap auth method configuration.
Environment:
vault status): 1.16.0vault version): N/AVault server configuration file(s):
The text was updated successfully, but these errors were encountered: