Unable to get LDAP working in Dex

Hello,

I have OOD working using basic auth + PAM, but am in the process of migrating to Dex. When I try to login to the OOD portal with Dex, I get the following error:

Internal Server Error
Login error: ldap: entry “uid=XXX,ou=people,dc=engr,dc=oregonstate,dc=edu” missing following required attribute(s): [“mail”]

There isn’t a “mail” attribute, so I removed that entry and now I get this error:
Login error: ldap: entry “uid=XXX,ou=people,dc=engr,dc=oregonstate,dc=edu” missing following required attribute(s): [""]

Here is the dex portion of my ood_portal.yml:

dex:
connectors:
- type: ldap
id: ldap
name: LDAP
config:
host: XXX:636
insecureSkipVerify: false
bindDN: cn=XXX,dc=engr,dc=oregonstate,dc=edu
userSearch:
baseDN: ou=people,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixAccount)”
username: uid
idAttr: uid
#emailAttr: mail
nameAttr: gecos
preferredUsernameAttr: uid
groupSearch:
baseDN: ou=group,dc=engr,dc=oregonstate,dc=edu
filter: “(objectClass=posixGroup)”
userMatchers:
- userAttr: DN
groupAttr: member
nameAttr: cn

Any ideas what could be wrong here?

Thanks,

Rob

Hi @robyelle and welcome!

Looking at what you have, I don’t see an entry for bindPW which you may have left out on purpose but I wanted to make sure that was actually set in the config.

You probably already have seen this but for reference:
https://osc.github.io/ood-documentation/latest/authentication/dex.html?highlight=dex

I believe you need some sort of email attribute. Whether it’s mail or email (or some 3rd one) in your LDAP - I believe dex relys on this.

Thank you for your responses. The problem turned out to be the email attribute, just setting it to “uid” resolved the issue.