I am running into the following error:

Could not initiate password reset[500 ]: Internal server error: `Could not send email: Error sending email: permanent error (535): 5.7.8 Username and Password not accepted. For more information, go to5.7.8 https://support.google.com/mail/?p=BadCredentials 6a1803df08f44-6fd772fa9c9sm11203576d6.82 - gsmtp`

though I ran this through a smtp tester and it worked with the same setup. I do have my server using the SMTP email with a different application though I don't think that would matter. This is what I have atm :

LDAP_SMTP_OPTIONS__FROM: LLDAP Admin <${SMTP_USER}>
LLDAP_SMTP_OPTIONS__PASSWORD: ${SMTP_PASSWORD}
LLDAP_SMTP_OPTIONS__PORT: 587
LLDAP_SMTP_OPTIONS__REPLY_TO: Do not reply <${SMTP_USER}>
LLDAP_SMTP_OPTIONS__SERVER: smtp.gmail.com
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: STARTTLS
LLDAP_SMTP_OPTIONS__USER: ${SMTP_USER}
LLDAP_VERBOSE: true

Hey! Thank you for the great work. I just want to let you know that

lldap:2025-07-06-debian

breaks this config for Radicale: https://github.com/lldap/lldap/blob/main/example_configs/radicale.md Namely, I get an error

[ERROR] An exception occurred during PROPFIND request on '/': invalid attribute uid

when using

lldap:2025-07-06-debian

but

lldap/lldap:2025-05-19-debian

works perfectly fine.

Hey all, I'm having some trouble getting my jellyfin to connected up to my LLDAP deployment. I saw [this thread](https://discord.com/channels/898492935446876200/1387468315424722976) from a few days ago but was unable make it work with an ip. If anyone can help it would be much appreciated.

hey guys, I managed to use LLDAP with authelia but now I needed to learn how to use it for auth with jellyfin because I can't seem to connect to my server on my tv while using authelia, is there a guide I can follow so I can try to avoid making stupid questions here?

Hey everyone, I'm trying to add a user attribute but I always get a "Check the form for errors" message regardless of which type I choose. I also get the same error when trying to create a group attribute. The verbose logs don't even register me clicking submit and I've tried Safari, Firefox, and Chrome and it still doesn't work. I can't even get it to work on a fresh install. I'd really appreciate it if someone could help out. https://cdn.discordapp.com/attachments/992916353847668756/1399590139243790496/image.png?ex=68898d64&is=68883be4&hm=f47e6bce3152628d05e68ef4173891fe1a4e6e340d30e16a6ac9445e503f63e6&

Hi, quick question, in my lldap logs I keep seeing

Login attempt for "admin"

24/7, like all the time 😅 Is it just how LDAP works or is it some brute-force attack against my server that has been going for for months now 😰 Here is an example (and these are not even all requests for login for admin in this second).

Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:24.918622810+00:00  INFO     LDAP request [ 102ms | 100.00% ] session_id: 4026c56a>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:24.919170504+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.022399957+00:00  INFO     LDAP request [ 1.12ms | 100.00% ] session_id: 4026c56>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.024430048+00:00  INFO     ｉ [info]: LDAP session end: 4026c56a-f260-4e0d-af03->
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.044638621+00:00  INFO     ｉ [info]: LDAP session start: 10c52a8d-1f8a-4ba2-b72>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.045095012+00:00  INFO     LDAP request [ 104ms | 100.00% ] session_id: 10c52a8d>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.046514465+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.150205959+00:00  INFO     LDAP request [ 911µs | 100.00% ] session_id: 10c52a8d>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.152408718+00:00  INFO     ｉ [info]: LDAP session end: 10c52a8d-1f8a-4ba2-b723->

Any ideas?

Authentik LLDAP configuration

Very happy to have found LLDAP! However I just ran in to a strange issue.. I configured the lldap service in my NixOS config and was able to log in to the web UI with admin and the password I set. However, once I changed the password, the User Attributes and Group Attributes links vanished from the top nav bar! Trying to go to the URL directly just redirected back to the main page. I also noticed that adding an account to the

ldap_admin

group doesn't make these links appear for that user... any idea where to start figuring this out?

My Nextcloud log is full of pages upon pages of

user_ldap Attempt for Paging? 1

errors. I've set everything up as instructed in the doc. How do I figure out why this is happening?

hey, I'm trying to query

(&(uid={})(memberOf={}))'˙

(its python,

{}

does g et fileld up) and I get

ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf˙

its been working before, any ideas? filter seems alright

Hello friends, I am setting up LLDAP to authenticate Linux users via SSSD. So far I've had some great success with my testing. However I've been using password authentication within the SSSD config and was trying to get cert based auth working without as much luck. Is this something that I can do? Worst case I can setup a system account for this.

Greetings. We're setting up Jitsi Meet to use LLDAP through prosody. Our LLDAP policy is to use email addresses as usernames, e.g.

user1@domain.com

as both email and username. However, prosody does not work with usernames containing

@

. The filter

ldap_filter: (mail=%u*)

allows the part before the

@

to be used as the username and authentication successfully takes place (i.e. the user

user1@domain.com

logs in with just

user1

), but how can we modify this filter to use the full username without the

@

for authentication (i.e.

user1@domain.com

would enter

user1domain.com

)?

Having an issue with LLDAP at the moment. When I try to login, I get the message: Could not log in (invalid response to login start)" on the webpage. In the docker logs, I get

ERROR    🚨 [error]:  | error: Database error: Failed to acquire connection from pool: Connection pool timed out

Is there a way to restrict users from updating their info on the built-in fields like display name?

Hello, been trying to setup nextcloud's ldap backend for the past few days and having no luck, experience has been extremely weird. Anyone have an idea what's going wrong?

you found ? cause i got it syncing but not the groups members

I think you meant to reply in the thread

Hello, I’m new to LDAP and need a bit of help. I installed lldap in Docker and got the basic settings configured, but I need some context on how to properly create new accounts and how to secure the server. Does using an Nginx reverse proxy with a Let’s Encrypt certificate help for securing it? I also tried to create an account with: uid=testuser,ou=people,dc=aclab,dc=lan but I get this error:

Error: Error getting user details: Errors: [user:2:3: Entity not found: uid=testuser,ou=people,dc=aclab,dc=lan]

I’d appreciate some help since I can’t find useful information on the internet.

Heya, I'm running into trouble with lldap in a docker container. The frontend is not loading anymore, it was definitely working some time ago (I have the container running for quite some time), but now the webinterface is not loading at all. nmap doesnt see an open port as well. docker-compose.yaml:

version: "3"

services:
  lldap:
    image: lldap/lldap:stable
    container_name: lldap
    hostname: lldap
    ports:
      # For LDAP, not recommended to expose, see Usage section.
      #- "3890:3890"
      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
      #- "6360:6360"
      # For the web front-end
      - "17170:17170"
    volumes:
      - "./data:/data"
    networks:
      - ldap
    environment:
      - TZ="Europe/Berlin"
      - LLDAP_JWT_SECRET=redacted;
      - LLDAP_KEY_SEED=redacted;
      - LLDAP_LDAP_BASE_DN=dc=redacted,dc=redacted

networks:
  ldap:
    name: ldap
    external: true

relevant part of data/lldap_config.toml:

# verbose=false
ldap_host = "0.0.0.0"
ldap_port = 3890
http_host = "0.0.0.0"
http_port = 17170
http_url = "http://oops"

logs show no errors i'm positive it's a big me-problem but i can't seem to wrap my head around it

Hey, I was following the documentation for deploying lldap with podman quadlets, everything was fine until I needed to uncomment those line in the

lldap.container

for bootstraping

Secret=lldap-ldap-user-pass,type=env,target=LLDAP_ADMIN_PASSWORD
Environment=LLDAP_URL=http://localhost:17170
Environment=LLDAP_ADMIN_USERNAME=charlotte
Environment=LLDAP_ADMIN_PASSWORD_FILE=/run/secrets/lldap-ldap-user-pass
Volume=%h/containers/lldap:/bootstrap:ro,Z

The journalctl log isn't very verbose

Oct 07 12:10:41 ambassador lldap[1353508]: Error: statfs /root/containers/lldap: no such file or directory
Oct 07 12:10:41 ambassador podman[1353508]: 2025-10-07 12:10:41.126308099 +0200 CEST m=+0.077645171 image pull ef027edd800aa3e441c957f8bd39fa8dd472a1021e74c235e43b7c0b28d119be docker.io/lldap/lldap:stable-debian
Oct 07 12:10:41 ambassador systemd[1]: lldap.service: Main process exited, code=exited, status=125/n/a

Do you have a solution,

Howdy, I have an older install of lldap that has been running just swell. I have recently started to migrate this to a more modern version, and from docker to kubernetes. My issue seems to be that when I originally stood up lldap [v0.4.3-alpine:252132430cdbf22f3c8e549e1826f9c68ae0e6ae] I just let it generate a seed key file, and from searching around, it appears that a key string is preferred, but it is impossible to convert my current database of users from keyfile to keystring? Has anyone come up with a good way around this? I think plan A is to just somehow mount this keyfile secret I have to any pods lldap needs in the new setup. Plan B is to start a new DB, migrate all the users, and make them all reset their passwords. Looking for any thoughts or opinions or documentation on how to tackle this?

I'm having issues with dockermailserver and lldap: I can log into the mail account, but whenever I try to send email or someone tries to send me an email it fails. When sending the error says Sender address rejected: not owned by user When receiving the error is "550 5.1.1 : Recipient address rejected: User unknown in virtual mailbox table" Docker Mailserver Logs:

mailserver  | 2025-10-11T20:45:35.057632+02:00 mx postfix/submissions/smtpd[1969]: Anonymous TLS connection established from abcdefg.abcdefg.host.net[123.123.123.123]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature ECDSA (prime256v1) server-digest SHA256
mailserver  | 2025-10-11T20:45:35.689348+02:00 mx postfix/submissions/smtpd[1969]: NOQUEUE: reject: RCPT from p5ddba50c.dip0.t-ipconnect.de[123.123.123.123]: 553 5.7.1 <sender@example.com>: Sender address rejected: not owned by user sender@example.com; from=<sender@example.com> to=<recpient@gmail.com> proto=ESMTP helo=<[192.123.123.123]>
mailserver  | 2025-10-11T20:45:35.709144+02:00 mx postfix/submissions/smtpd[1969]: lost connection after RCPT from abcdefg.abcdefg.host.net[123.123.123.123]

lldap verbose logs: ``` ``` https://cdn.discordapp.com/attachments/1426647038682075136/1426647039034523708/message.txt?ex=68ebfc17&is=68eaaa97&hm=af7cf1a8fd1b57b322af3547b0e2576af531832cd6587677abd5095902358266&

I'm having trouble getting Nextcloud to fetch users from LLDAP. I'm not sure where exactly the issue lies. Nextcloud sees the groups, it validates users, says there are 47 entries, but when I ask it to validate settings and count users, it keeps saying 0 users found. The Nextcloud Log repeatedly says:

{
  "reqId": "qcZvHNxnOSoRPZ4HZ9t4",
  "level": 2,
  "time": "2025-10-21T15:37:47+02:00",
  "remoteAddr": "192.168.2.3",
  "user": "admin",
  "app": "PHP",
  "method": "POST",
  "url": "/apps/user_ldap/ajax/wizard.php",
  "message": "ldap_search(): Search: Bad search filter at /var/www/html/apps/user_ldap/lib/LDAP.php#285",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0",
  "version": "31.0.10.0",
  "data": {
    "app": "PHP"
  },
  "id": "68f78d057edc3"
}

and

{
  "reqId": "qcZvHNxnOSoRPZ4HZ9t4",
  "level": 3,
  "time": "2025-10-21T15:37:47+02:00",
  "remoteAddr": "192.168.2.3",
  "user": "admin",
  "app": "user_ldap",
  "method": "POST",
  "url": "/apps/user_ldap/ajax/wizard.php",
  "message": "Attempt for Paging?  1",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0",
  "version": "31.0.10.0",
  "data": {
    "app": "user_ldap"
  },
  "id": "68f78d057edb9"
}

https://cdn.discordapp.com/attachments/1430187786337648651/1430187786748821608/image.png?ex=68f8ddab&is=68f78c2b&hm=e7922a1f8638c02e53523c192542b61790459b9aeaf8a659bea0c22d1c67d47c& https://cdn.discordapp.com/attachments/1430187786337648651/1430187787226845244/image.png?ex=68f8ddac&is=68f78c2c&hm=1faa2477f34aeead6e08ed6a4542c3190ff54cc78657f7c9809465bb35ac89a9& https://cdn.discordapp.com/attachments/1430187786337648651/1430187787667374151/image.png?ex=68f8ddac&is=68f78c2c&hm=ff0172b69de70ce996849f0293d1a8b8738b866f5f623de47ceb515e15600d70& https://cdn.discordapp.com/attachments/1430187786337648651/1430187788082348112/image.png?ex=68f8ddac&is=68f78c2c&hm=6c9e34b202c5b6fcc100ee44fa79e672609f14e8d15c12636e24d5a6d8ccadb2& https://cdn.discordapp.com/attachments/1430187786337648651/1430187788489326722/image.png?ex=68f8ddac&is=68f78c2c&hm=be99c285d838013703bf00552e67ade68a6636ee301e0904448c531a58208206&

Hello, is there a way to have lldap bind to both IPv4 and IPv6 interfaces at the same time? I am running a dual-stack network at home and I would like lldap to be accessible both over IPv4 and IPv6. I tried setting "::" as the bind address as per the note in the config file, but this binds only to IPv6. Is there a way to get both? I am currently running lldap in a FreeBSD VM if that helps.

I'm running into an issue where functionality required by stalwart mail is not in the "stable" docker container (attribute for password modification time). It's in the "latest" container, but after upgrading to that I can no longer log into the admin gui. The gui indicates unable to log in, but the log shows a successful opaque login.

What am I doing wrong with this query? Initially I tried to fetch displayName, but that failed because of the deprecation.

json
            query {
              users {
                id
              }
            }

So I followed the guide at https://github.com/lldap/lldap/blob/main/docs/database_migration.md 1. Created all tables using

docker exec -it <LLDAP container name> /app/lldap create_schema -d <Target database url>

2. Dumped existing data from sqlite to a file

./sqlite_dump_commands.sh | sqlite3 /path/to/lldap/config/users.db > /path/to/dump.sql

3. Sanitized the data for postgres with

sed -i -r -e "s/X'([[:xdigit:]]+'[^'])/'\\\x\\1/g" \
-e ":a; s/(INSERT INTO (user_attribute_schema|jwt_storage)\(.*\) VALUES\(.*),1([^']*\);)$/\1,true\3/; s/(INSERT INTO (user_attribute_schema|jwt_storage)\(.*\) VALUES\(.*),0([^']*\);)$/\1,false\3/; ta" \
-e '1s/^/BEGIN;\n/' \
-e '$aSELECT setval(pg_get_serial_sequence('\''groups'\'', '\''group_id'\''), COALESCE((SELECT MAX(group_id) FROM groups), 1));' \
-e '$aCOMMIT;' /path/to/dump.sql

4. Point lldap container to postgres db using env variable

LLDAP_DATABASE_URL

This is when I encounter errors from the container. I believe lldap is trying to so some invalid migrations. Can someone give some pointers on how to solve this?

installed in a debian lxc via https://community-scripts.github.io/ProxmoxVE/scripts?id=lldap able to access lldap webgui can't for the life of me find where the config file is so I can change the port, domain name, and (someday) configure tailscale certificate use. Looking for assistance.

Hi, I am trying to setup lldap docker image. I was running it a while ago and forgot the admin password. could not retrive it so decided to purge all stull and start again. (docker compose down -v and backup the users.db file and delete it from /data location ) Now i did the whole process again and still can't login to default admin account. Can anyone please help me figure out what's wrong?

After migrating from docker to lxc i get the following error on the jellyfin side:

Dec 10 01:37:59 jellyfin jellyfin[88]: [01:37:59] [ERR] Error processing request. URL POST /Users/authenticatebyname.
Dec 10 01:37:59 jellyfin jellyfin[88]: System.ArgumentException: The new and old names must be different.

Im willing to provide everything needed. Need this fixed since my users cant login. At least some. Newly created work and my account also works fine