Configuring TrueNAS with LLDAP

message has been deleted

I've used this LLDAP in a portainer stack for a few months, works great. The actual LLDAP is working, but when I try use the web panel to edit uses I get "Could not Log in". Haven't used the web panel in a month of so, unsure what happened. If I put in the wrong password it says "Invalid username or password", and when I use the right password it says this in the log:

INFO     ｉ [info]: OPAQUE login attempt for "jacob"
INFO     ｉ [info]: OPAQUE login successful for "jacob"

https://cdn.discordapp.com/attachments/1384712140308480130/1384712148441108681/image.png?ex=68536d2e&is=68521bae&hm=1dff1b71a3ed382b52c9db6573ae25b13f5d30ffe336b6dcbdea68dd4e660cce& https://cdn.discordapp.com/attachments/1384712140308480130/1384712148684509388/image.png?ex=68536d2e&is=68521bae&hm=6a81c17a740834b051ea6e0be4c29ca9836aaeef289dffd7d95a6b67aa039771&

I'm setting up a new environment, a separate computing cluster, and I'll have about six machines and about that many users. I chose LLDAP because we need a simple, small scale authentication system. I downloaded the sources and built LLDAP per the guide. I created a service for my lldap binary, and when I started it, I get a message about the JWT string must be initialized in the lldap_config.toml file. I'm not sure where the template for that file exists, or where the file should be located. I'm running Rocky Linux 9.5. Thank you for you assistance. I didn't see detailed instructions on the github page, and I'm not experienced with LDAP.

Another "Can't login" issue... This is really frustrating at the moment, as I followed exactly the docs and expected to be able to login out of the box, but nothing works. I created LLDAP via the compose.yaml from the github page, chmod the volume to 777, changed the configuration to reset admin password always - and still, nothing. All I get is a 'OPAQUE login attempt for "admin"' and the web form says "Invalid username or password". I use "admin" as user and "adminPas$word" as password. Can anyone point me in a direction for more proper troubleshooting? Am I missing something, is the compose.yaml only a "maybe" and I take it too literally?

Anyone successfully using LLDAP with Jellyfin? I cannot for the life of me get it to work

[16:14:36] [WRN] [44] Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin: Ldap Test Failed to Connect or Bind to server
2025-06-25 16:14:36.887558+00:00LdapException: Unable to connect to server lldap:3890 (91) Connect Error
2025-06-25 16:14:36.887585+00:00System.Net.Sockets.SocketException (111): Connection refused
2025-06-25 16:14:36.887604+00:00at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap(Task task, Int32 timeout)
2025-06-25 16:14:36.887687+00:00at Novell.Directory.Ldap.Connection.Connect(String host, Int32 port, Int32 semaphoreId)

This is the error I get when running "Save and Test LDAP Server Settings" in Jellyfin. To me its not a container network issue because I can ping the lldap container from the jellyfin container... What's weird is the exact same connection details I'm trying to use with Jellyfin work just fine with Open WebUI...

I am running into the following error:

Could not initiate password reset[500 ]: Internal server error: `Could not send email: Error sending email: permanent error (535): 5.7.8 Username and Password not accepted. For more information, go to5.7.8 https://support.google.com/mail/?p=BadCredentials 6a1803df08f44-6fd772fa9c9sm11203576d6.82 - gsmtp`

though I ran this through a smtp tester and it worked with the same setup. I do have my server using the SMTP email with a different application though I don't think that would matter. This is what I have atm :

LDAP_SMTP_OPTIONS__FROM: LLDAP Admin <${SMTP_USER}>
LLDAP_SMTP_OPTIONS__PASSWORD: ${SMTP_PASSWORD}
LLDAP_SMTP_OPTIONS__PORT: 587
LLDAP_SMTP_OPTIONS__REPLY_TO: Do not reply <${SMTP_USER}>
LLDAP_SMTP_OPTIONS__SERVER: smtp.gmail.com
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: STARTTLS
LLDAP_SMTP_OPTIONS__USER: ${SMTP_USER}
LLDAP_VERBOSE: true

Hey! Thank you for the great work. I just want to let you know that

lldap:2025-07-06-debian

breaks this config for Radicale: https://github.com/lldap/lldap/blob/main/example_configs/radicale.md Namely, I get an error

[ERROR] An exception occurred during PROPFIND request on '/': invalid attribute uid

when using

lldap:2025-07-06-debian

but

lldap/lldap:2025-05-19-debian

works perfectly fine.

Hey all, I'm having some trouble getting my jellyfin to connected up to my LLDAP deployment. I saw [this thread](https://discord.com/channels/898492935446876200/1387468315424722976) from a few days ago but was unable make it work with an ip. If anyone can help it would be much appreciated.

hey guys, I managed to use LLDAP with authelia but now I needed to learn how to use it for auth with jellyfin because I can't seem to connect to my server on my tv while using authelia, is there a guide I can follow so I can try to avoid making stupid questions here?

Hey everyone, I'm trying to add a user attribute but I always get a "Check the form for errors" message regardless of which type I choose. I also get the same error when trying to create a group attribute. The verbose logs don't even register me clicking submit and I've tried Safari, Firefox, and Chrome and it still doesn't work. I can't even get it to work on a fresh install. I'd really appreciate it if someone could help out. https://cdn.discordapp.com/attachments/992916353847668756/1399590139243790496/image.png?ex=68898d64&is=68883be4&hm=f47e6bce3152628d05e68ef4173891fe1a4e6e340d30e16a6ac9445e503f63e6&

Hi, quick question, in my lldap logs I keep seeing

Login attempt for "admin"

24/7, like all the time 😅 Is it just how LDAP works or is it some brute-force attack against my server that has been going for for months now 😰 Here is an example (and these are not even all requests for login for admin in this second).

Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:24.918622810+00:00  INFO     LDAP request [ 102ms | 100.00% ] session_id: 4026c56a>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:24.919170504+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.022399957+00:00  INFO     LDAP request [ 1.12ms | 100.00% ] session_id: 4026c56>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.024430048+00:00  INFO     ｉ [info]: LDAP session end: 4026c56a-f260-4e0d-af03->
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.044638621+00:00  INFO     ｉ [info]: LDAP session start: 10c52a8d-1f8a-4ba2-b72>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.045095012+00:00  INFO     LDAP request [ 104ms | 100.00% ] session_id: 10c52a8d>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.046514465+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.150205959+00:00  INFO     LDAP request [ 911µs | 100.00% ] session_id: 10c52a8d>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.152408718+00:00  INFO     ｉ [info]: LDAP session end: 10c52a8d-1f8a-4ba2-b723->

Any ideas?

Authentik LLDAP configuration

Very happy to have found LLDAP! However I just ran in to a strange issue.. I configured the lldap service in my NixOS config and was able to log in to the web UI with admin and the password I set. However, once I changed the password, the User Attributes and Group Attributes links vanished from the top nav bar! Trying to go to the URL directly just redirected back to the main page. I also noticed that adding an account to the

ldap_admin

group doesn't make these links appear for that user... any idea where to start figuring this out?

My Nextcloud log is full of pages upon pages of

user_ldap Attempt for Paging? 1

errors. I've set everything up as instructed in the doc. How do I figure out why this is happening?

hey, I'm trying to query

(&(uid={})(memberOf={}))'˙

(its python,

{}

does g et fileld up) and I get

ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf˙

its been working before, any ideas? filter seems alright

Hello friends, I am setting up LLDAP to authenticate Linux users via SSSD. So far I've had some great success with my testing. However I've been using password authentication within the SSSD config and was trying to get cert based auth working without as much luck. Is this something that I can do? Worst case I can setup a system account for this.

Greetings. We're setting up Jitsi Meet to use LLDAP through prosody. Our LLDAP policy is to use email addresses as usernames, e.g.

user1@domain.com

as both email and username. However, prosody does not work with usernames containing

@

. The filter

ldap_filter: (mail=%u*)

allows the part before the

@

to be used as the username and authentication successfully takes place (i.e. the user

user1@domain.com

logs in with just

user1

), but how can we modify this filter to use the full username without the

@

for authentication (i.e.

user1@domain.com

would enter

user1domain.com

)?

Having an issue with LLDAP at the moment. When I try to login, I get the message: Could not log in (invalid response to login start)" on the webpage. In the docker logs, I get

ERROR    🚨 [error]:  | error: Database error: Failed to acquire connection from pool: Connection pool timed out

Is there a way to restrict users from updating their info on the built-in fields like display name?

Hello, been trying to setup nextcloud's ldap backend for the past few days and having no luck, experience has been extremely weird. Anyone have an idea what's going wrong?

you found ? cause i got it syncing but not the groups members

I think you meant to reply in the thread

Hello, I’m new to LDAP and need a bit of help. I installed lldap in Docker and got the basic settings configured, but I need some context on how to properly create new accounts and how to secure the server. Does using an Nginx reverse proxy with a Let’s Encrypt certificate help for securing it? I also tried to create an account with: uid=testuser,ou=people,dc=aclab,dc=lan but I get this error:

Error: Error getting user details: Errors: [user:2:3: Entity not found: uid=testuser,ou=people,dc=aclab,dc=lan]

I’d appreciate some help since I can’t find useful information on the internet.

Heya, I'm running into trouble with lldap in a docker container. The frontend is not loading anymore, it was definitely working some time ago (I have the container running for quite some time), but now the webinterface is not loading at all. nmap doesnt see an open port as well. docker-compose.yaml:

version: "3"

services:
  lldap:
    image: lldap/lldap:stable
    container_name: lldap
    hostname: lldap
    ports:
      # For LDAP, not recommended to expose, see Usage section.
      #- "3890:3890"
      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
      #- "6360:6360"
      # For the web front-end
      - "17170:17170"
    volumes:
      - "./data:/data"
    networks:
      - ldap
    environment:
      - TZ="Europe/Berlin"
      - LLDAP_JWT_SECRET=redacted;
      - LLDAP_KEY_SEED=redacted;
      - LLDAP_LDAP_BASE_DN=dc=redacted,dc=redacted

networks:
  ldap:
    name: ldap
    external: true

relevant part of data/lldap_config.toml:

# verbose=false
ldap_host = "0.0.0.0"
ldap_port = 3890
http_host = "0.0.0.0"
http_port = 17170
http_url = "http://oops"

logs show no errors i'm positive it's a big me-problem but i can't seem to wrap my head around it

Hey, I was following the documentation for deploying lldap with podman quadlets, everything was fine until I needed to uncomment those line in the

lldap.container

for bootstraping

Secret=lldap-ldap-user-pass,type=env,target=LLDAP_ADMIN_PASSWORD
Environment=LLDAP_URL=http://localhost:17170
Environment=LLDAP_ADMIN_USERNAME=charlotte
Environment=LLDAP_ADMIN_PASSWORD_FILE=/run/secrets/lldap-ldap-user-pass
Volume=%h/containers/lldap:/bootstrap:ro,Z

The journalctl log isn't very verbose

Oct 07 12:10:41 ambassador lldap[1353508]: Error: statfs /root/containers/lldap: no such file or directory
Oct 07 12:10:41 ambassador podman[1353508]: 2025-10-07 12:10:41.126308099 +0200 CEST m=+0.077645171 image pull ef027edd800aa3e441c957f8bd39fa8dd472a1021e74c235e43b7c0b28d119be docker.io/lldap/lldap:stable-debian
Oct 07 12:10:41 ambassador systemd[1]: lldap.service: Main process exited, code=exited, status=125/n/a

Do you have a solution,

Howdy, I have an older install of lldap that has been running just swell. I have recently started to migrate this to a more modern version, and from docker to kubernetes. My issue seems to be that when I originally stood up lldap [v0.4.3-alpine:252132430cdbf22f3c8e549e1826f9c68ae0e6ae] I just let it generate a seed key file, and from searching around, it appears that a key string is preferred, but it is impossible to convert my current database of users from keyfile to keystring? Has anyone come up with a good way around this? I think plan A is to just somehow mount this keyfile secret I have to any pods lldap needs in the new setup. Plan B is to start a new DB, migrate all the users, and make them all reset their passwords. Looking for any thoughts or opinions or documentation on how to tackle this?

I'm having issues with dockermailserver and lldap: I can log into the mail account, but whenever I try to send email or someone tries to send me an email it fails. When sending the error says Sender address rejected: not owned by user When receiving the error is "550 5.1.1 : Recipient address rejected: User unknown in virtual mailbox table" Docker Mailserver Logs:

mailserver  | 2025-10-11T20:45:35.057632+02:00 mx postfix/submissions/smtpd[1969]: Anonymous TLS connection established from abcdefg.abcdefg.host.net[123.123.123.123]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature ECDSA (prime256v1) server-digest SHA256
mailserver  | 2025-10-11T20:45:35.689348+02:00 mx postfix/submissions/smtpd[1969]: NOQUEUE: reject: RCPT from p5ddba50c.dip0.t-ipconnect.de[123.123.123.123]: 553 5.7.1 <sender@example.com>: Sender address rejected: not owned by user sender@example.com; from=<sender@example.com> to=<recpient@gmail.com> proto=ESMTP helo=<[192.123.123.123]>
mailserver  | 2025-10-11T20:45:35.709144+02:00 mx postfix/submissions/smtpd[1969]: lost connection after RCPT from abcdefg.abcdefg.host.net[123.123.123.123]

lldap verbose logs: ``` ``` https://cdn.discordapp.com/attachments/1426647038682075136/1426647039034523708/message.txt?ex=68ebfc17&is=68eaaa97&hm=af7cf1a8fd1b57b322af3547b0e2576af531832cd6587677abd5095902358266&

I'm having trouble getting Nextcloud to fetch users from LLDAP. I'm not sure where exactly the issue lies. Nextcloud sees the groups, it validates users, says there are 47 entries, but when I ask it to validate settings and count users, it keeps saying 0 users found. The Nextcloud Log repeatedly says:

{
  "reqId": "qcZvHNxnOSoRPZ4HZ9t4",
  "level": 2,
  "time": "2025-10-21T15:37:47+02:00",
  "remoteAddr": "192.168.2.3",
  "user": "admin",
  "app": "PHP",
  "method": "POST",
  "url": "/apps/user_ldap/ajax/wizard.php",
  "message": "ldap_search(): Search: Bad search filter at /var/www/html/apps/user_ldap/lib/LDAP.php#285",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0",
  "version": "31.0.10.0",
  "data": {
    "app": "PHP"
  },
  "id": "68f78d057edc3"
}

and

{
  "reqId": "qcZvHNxnOSoRPZ4HZ9t4",
  "level": 3,
  "time": "2025-10-21T15:37:47+02:00",
  "remoteAddr": "192.168.2.3",
  "user": "admin",
  "app": "user_ldap",
  "method": "POST",
  "url": "/apps/user_ldap/ajax/wizard.php",
  "message": "Attempt for Paging?  1",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0",
  "version": "31.0.10.0",
  "data": {
    "app": "user_ldap"
  },
  "id": "68f78d057edb9"
}

https://cdn.discordapp.com/attachments/1430187786337648651/1430187786748821608/image.png?ex=68f8ddab&is=68f78c2b&hm=e7922a1f8638c02e53523c192542b61790459b9aeaf8a659bea0c22d1c67d47c& https://cdn.discordapp.com/attachments/1430187786337648651/1430187787226845244/image.png?ex=68f8ddac&is=68f78c2c&hm=1faa2477f34aeead6e08ed6a4542c3190ff54cc78657f7c9809465bb35ac89a9& https://cdn.discordapp.com/attachments/1430187786337648651/1430187787667374151/image.png?ex=68f8ddac&is=68f78c2c&hm=ff0172b69de70ce996849f0293d1a8b8738b866f5f623de47ceb515e15600d70& https://cdn.discordapp.com/attachments/1430187786337648651/1430187788082348112/image.png?ex=68f8ddac&is=68f78c2c&hm=6c9e34b202c5b6fcc100ee44fa79e672609f14e8d15c12636e24d5a6d8ccadb2& https://cdn.discordapp.com/attachments/1430187786337648651/1430187788489326722/image.png?ex=68f8ddac&is=68f78c2c&hm=be99c285d838013703bf00552e67ade68a6636ee301e0904448c531a58208206&

Hello, is there a way to have lldap bind to both IPv4 and IPv6 interfaces at the same time? I am running a dual-stack network at home and I would like lldap to be accessible both over IPv4 and IPv6. I tried setting "::" as the bind address as per the note in the config file, but this binds only to IPv6. Is there a way to get both? I am currently running lldap in a FreeBSD VM if that helps.