Hello, is the user of LLDAP is admin or something else?

Hello, this is a question regarding the

lldap_password_manager

group and authelia. Even after adding the authelia user to that group I still get an

Insufficient Access Rights

error when resetting or changing the password. I have searched multiple discussion, but I haven't found this exact problem before. I have attached both the verbose LLDAP log and trace level authelia logs to cross reference the requests being made. Both logs are redacted using

example.com

as the placeholder.

Hey, I'm fiddling around with postfix and added a few attributes:

# lldap-cli schema attribute user list
Name           Type        Is list  Is visible  Is editable
----           ----        -------  ----------  -----------
avatar         JPEG_PHOTO  false    true        true
creation_date  DATE_TIME   false    true        false
display_name   STRING      false    true        true
email_address  STRING      false    true        false
email_aliases  STRING      true     true        false
email_quota    STRING      false    true        false
first_name     STRING      false    true        true
last_name      STRING      false    true        true
mail           STRING      false    true        true
user_id        STRING      false    true        false
uuid           STRING      false    true        false

If I try to query any of my custom attributes, I get

dict_ldap_lookup: Search error -7: Bad search filter

. Doesn't matter if the attribute is String or List. The same config that queries "mail" works.

Hi I’m currently setting up LLDAP for my nifi authentication. I am having issues because I am unable to talk to the secure ldap port 6360. Is there an external way to test the port? Both are running in docker containers with a network setup for them and a subnet specified due to nifi configurations

Hi all - I am struggling to get my docker mailserver to authenticate against lldap. Below is an excerpt from the docker mailserver logs and my compose.yaml file. Any help hugely appreciated!!! environment: # Core LDAP Configuration - ACCOUNT_PROVISIONER=LDAP - LDAP_SERVER_HOST=ldap://lldap:3890 - LDAP_SEARCH_BASE=ou=people,dc=recognition-circular,dc=org - LDAP_BIND_DN=cn=admin,ou=people,dc=recognition-circular,dc=org - LDAP_BIND_PW=Rec0gnition123 - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))) - LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward))) # Dovecot-Specific LDAP Mapping - DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u))) - DOVECOT_USER_ATTRS=uid=5000,gid=5000,home=/var/mail/%Ln,mail=maildir:~/Maildir - DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u))(userPassword={SHA1}%w)) - DOVECOT_AUTH_BIND=yes # SASL Configuration - ENABLE_SASLAUTHD=1 - SASLAUTHD_MECHANISMS=ldap - SASLAUTHD_LDAP_SERVER=ldap://lldap:3890 - SASLAUTHD_LDAP_BIND_DN=cn=admin,ou=people,dc=recognition-circular,dc=org - SASLAUTHD_LDAP_PASSWORD=Rec0gnition123 - SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=recognition-circular,dc=org - SASLAUTHD_LDAP_FILTER=(&(objectClass=PostfixBookMailAccount)(mail=%U))

Hello, I doubt that this is an lldap specific issue, but am posting here in case someone has experience/seen a similar issue. I am using Docker Mailserver. Users authenticate with LLDAP. Everything was working fine until I setup an email account to send email from Nextcloud and integrated Nextcloud with LLDAP. I got nextcloud to send a test email - this appears to have removed my mailboxes and stopped them from receiving email from any source other than Nextcloud. This is the error message from my logs:

Recipient address rejected: User unknown in virtual mailbox table; from=<prvs=52072ff83d=david@xyz.com> to=<xxxx@recognition-circular.org> proto=ESMTP helo=<mx07-0060ad01.pphosted.com>

If I do a

./setup.sh email list

, all the accounts now look like this: Fatal: Unknown command 'quota', but plugin quota exists. Try to set mail_plugins=quota 2025-04-22 15:03:32+02:00 ERROR listmailuser: Supplied non-number argument '' to '_bytes_to_human_readable_size()' 2025-04-22 15:03:32+02:00 ERROR listmailuser: Aborting 2025-04-22 15:03:32+02:00 ERROR listmailuser: Supplied non-number argument '' to '_bytes_to_human_readable_size()' 2025-04-22 15:03:32+02:00 ERROR listmailuser: Aborting *

cloud@recognition-circular.org

( / ) [%] Apart from the Nextcloud integration nothing has changed with my mailserver config or my lldap config. Maybe a longshot, but has anyone experienced something similar?

Hello, I noticed a weird behaviour on one of my LLDAP docker deployments. After a few days of uptime, LLDAP became unresponsive, front is not loading and LLDAP does not respond to requests. After restart, it works again for a few days and becomes unresponsive. Has anyone else had the same issue?

message has been deleted

Can't login first install?

i'm trying to get lldap working with stalwart, but it says "incorrect username or password". more details in the thread

Configuring TrueNAS with LLDAP

message has been deleted

I've used this LLDAP in a portainer stack for a few months, works great. The actual LLDAP is working, but when I try use the web panel to edit uses I get "Could not Log in". Haven't used the web panel in a month of so, unsure what happened. If I put in the wrong password it says "Invalid username or password", and when I use the right password it says this in the log:

INFO     ｉ [info]: OPAQUE login attempt for "jacob"
INFO     ｉ [info]: OPAQUE login successful for "jacob"

https://cdn.discordapp.com/attachments/1384712140308480130/1384712148441108681/image.png?ex=68536d2e&is=68521bae&hm=1dff1b71a3ed382b52c9db6573ae25b13f5d30ffe336b6dcbdea68dd4e660cce& https://cdn.discordapp.com/attachments/1384712140308480130/1384712148684509388/image.png?ex=68536d2e&is=68521bae&hm=6a81c17a740834b051ea6e0be4c29ca9836aaeef289dffd7d95a6b67aa039771&

I'm setting up a new environment, a separate computing cluster, and I'll have about six machines and about that many users. I chose LLDAP because we need a simple, small scale authentication system. I downloaded the sources and built LLDAP per the guide. I created a service for my lldap binary, and when I started it, I get a message about the JWT string must be initialized in the lldap_config.toml file. I'm not sure where the template for that file exists, or where the file should be located. I'm running Rocky Linux 9.5. Thank you for you assistance. I didn't see detailed instructions on the github page, and I'm not experienced with LDAP.

Another "Can't login" issue... This is really frustrating at the moment, as I followed exactly the docs and expected to be able to login out of the box, but nothing works. I created LLDAP via the compose.yaml from the github page, chmod the volume to 777, changed the configuration to reset admin password always - and still, nothing. All I get is a 'OPAQUE login attempt for "admin"' and the web form says "Invalid username or password". I use "admin" as user and "adminPas$word" as password. Can anyone point me in a direction for more proper troubleshooting? Am I missing something, is the compose.yaml only a "maybe" and I take it too literally?

Anyone successfully using LLDAP with Jellyfin? I cannot for the life of me get it to work

[16:14:36] [WRN] [44] Jellyfin.Plugin.LDAP_Auth.LdapAuthenticationProviderPlugin: Ldap Test Failed to Connect or Bind to server
2025-06-25 16:14:36.887558+00:00LdapException: Unable to connect to server lldap:3890 (91) Connect Error
2025-06-25 16:14:36.887585+00:00System.Net.Sockets.SocketException (111): Connection refused
2025-06-25 16:14:36.887604+00:00at Novell.Directory.Ldap.AsyncExtensions.WaitAndUnwrap(Task task, Int32 timeout)
2025-06-25 16:14:36.887687+00:00at Novell.Directory.Ldap.Connection.Connect(String host, Int32 port, Int32 semaphoreId)

This is the error I get when running "Save and Test LDAP Server Settings" in Jellyfin. To me its not a container network issue because I can ping the lldap container from the jellyfin container... What's weird is the exact same connection details I'm trying to use with Jellyfin work just fine with Open WebUI...

I am running into the following error:

Could not initiate password reset[500 ]: Internal server error: `Could not send email: Error sending email: permanent error (535): 5.7.8 Username and Password not accepted. For more information, go to5.7.8 https://support.google.com/mail/?p=BadCredentials 6a1803df08f44-6fd772fa9c9sm11203576d6.82 - gsmtp`

though I ran this through a smtp tester and it worked with the same setup. I do have my server using the SMTP email with a different application though I don't think that would matter. This is what I have atm :

LDAP_SMTP_OPTIONS__FROM: LLDAP Admin <${SMTP_USER}>
LLDAP_SMTP_OPTIONS__PASSWORD: ${SMTP_PASSWORD}
LLDAP_SMTP_OPTIONS__PORT: 587
LLDAP_SMTP_OPTIONS__REPLY_TO: Do not reply <${SMTP_USER}>
LLDAP_SMTP_OPTIONS__SERVER: smtp.gmail.com
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: STARTTLS
LLDAP_SMTP_OPTIONS__USER: ${SMTP_USER}
LLDAP_VERBOSE: true

Hey! Thank you for the great work. I just want to let you know that

lldap:2025-07-06-debian

breaks this config for Radicale: https://github.com/lldap/lldap/blob/main/example_configs/radicale.md Namely, I get an error

[ERROR] An exception occurred during PROPFIND request on '/': invalid attribute uid

when using

lldap:2025-07-06-debian

but

lldap/lldap:2025-05-19-debian

works perfectly fine.

Hey all, I'm having some trouble getting my jellyfin to connected up to my LLDAP deployment. I saw [this thread](https://discord.com/channels/898492935446876200/1387468315424722976) from a few days ago but was unable make it work with an ip. If anyone can help it would be much appreciated.

hey guys, I managed to use LLDAP with authelia but now I needed to learn how to use it for auth with jellyfin because I can't seem to connect to my server on my tv while using authelia, is there a guide I can follow so I can try to avoid making stupid questions here?

Hey everyone, I'm trying to add a user attribute but I always get a "Check the form for errors" message regardless of which type I choose. I also get the same error when trying to create a group attribute. The verbose logs don't even register me clicking submit and I've tried Safari, Firefox, and Chrome and it still doesn't work. I can't even get it to work on a fresh install. I'd really appreciate it if someone could help out. https://cdn.discordapp.com/attachments/992916353847668756/1399590139243790496/image.png?ex=68898d64&is=68883be4&hm=f47e6bce3152628d05e68ef4173891fe1a4e6e340d30e16a6ac9445e503f63e6&

Hi, quick question, in my lldap logs I keep seeing

Login attempt for "admin"

24/7, like all the time 😅 Is it just how LDAP works or is it some brute-force attack against my server that has been going for for months now 😰 Here is an example (and these are not even all requests for login for admin in this second).

Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:24.918622810+00:00  INFO     LDAP request [ 102ms | 100.00% ] session_id: 4026c56a>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:24.919170504+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.022399957+00:00  INFO     LDAP request [ 1.12ms | 100.00% ] session_id: 4026c56>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.024430048+00:00  INFO     ｉ [info]: LDAP session end: 4026c56a-f260-4e0d-af03->
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.044638621+00:00  INFO     ｉ [info]: LDAP session start: 10c52a8d-1f8a-4ba2-b72>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.045095012+00:00  INFO     LDAP request [ 104ms | 100.00% ] session_id: 10c52a8d>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.046514465+00:00  INFO     ┕━ ｉ [info]: Login attempt for "admin"
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.150205959+00:00  INFO     LDAP request [ 911µs | 100.00% ] session_id: 10c52a8d>
Jul 30 05:36:25 brutus lldap[5734]: 2025-07-30T03:36:25.152408718+00:00  INFO     ｉ [info]: LDAP session end: 10c52a8d-1f8a-4ba2-b723->

Any ideas?

Authentik LLDAP configuration

Very happy to have found LLDAP! However I just ran in to a strange issue.. I configured the lldap service in my NixOS config and was able to log in to the web UI with admin and the password I set. However, once I changed the password, the User Attributes and Group Attributes links vanished from the top nav bar! Trying to go to the URL directly just redirected back to the main page. I also noticed that adding an account to the

ldap_admin

group doesn't make these links appear for that user... any idea where to start figuring this out?

My Nextcloud log is full of pages upon pages of

user_ldap Attempt for Paging? 1

errors. I've set everything up as instructed in the doc. How do I figure out why this is happening?

hey, I'm trying to query

(&(uid={})(memberOf={}))'˙

(its python,

{}

does g et fileld up) and I get

ldap3.core.exceptions.LDAPAttributeError: invalid attribute memberOf˙

its been working before, any ideas? filter seems alright

Hello friends, I am setting up LLDAP to authenticate Linux users via SSSD. So far I've had some great success with my testing. However I've been using password authentication within the SSSD config and was trying to get cert based auth working without as much luck. Is this something that I can do? Worst case I can setup a system account for this.

Greetings. We're setting up Jitsi Meet to use LLDAP through prosody. Our LLDAP policy is to use email addresses as usernames, e.g.

user1@domain.com

as both email and username. However, prosody does not work with usernames containing

@

. The filter

ldap_filter: (mail=%u*)

allows the part before the

@

to be used as the username and authentication successfully takes place (i.e. the user

user1@domain.com

logs in with just

user1

), but how can we modify this filter to use the full username without the

@

for authentication (i.e.

user1@domain.com

would enter

user1domain.com

)?

Having an issue with LLDAP at the moment. When I try to login, I get the message: Could not log in (invalid response to login start)" on the webpage. In the docker logs, I get

ERROR    🚨 [error]:  | error: Database error: Failed to acquire connection from pool: Connection pool timed out

Is there a way to restrict users from updating their info on the built-in fields like display name?