starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:53:00 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🐛 Bug Report: LDAP Users in the PocketID Admin Group are not given Admin Permissions #184

New Issue
Closed
opened 2025-10-07 23:56:38 +03:00 by OVERLORD · 4 comments
OVERLORD commented 2025-10-07 23:56:38 +03:00
Owner
Copy Link

Originally created by @AkshayRao27 on GitHub.

Originally assigned to: @kmendell on GitHub.

Reproduction steps

  • Set up an LLDAP backend with a group that's supposed to be for PocketID Admins, e.g. pocketid_admin.
    Image
  • Set up a User for PocketID in the LLDAP backend and add it to the PocketID Admin Group
    Image
  • Set up LDAP sync in PocketID & sync successfully over LDAPS
    Image
  • Ensure the group for PocketID Admins has succesfully synced
    Image

Expected behavior

The user pocketid in the group pocketid_admin should have the role Admin and have admin permissions inside PocketID.

Actual Behavior

  • The PocketID user and it's group membership are both correctly synced over LDAPS, but PocketID does not give the user Admin permissions
    Image
  • This user cannot be given Admin Permissions in the PocketID UI either
    Image
    Whether or not the user set up for PocketID has configured Passkeys does not make a difference

Version and Environment

Environment: Proxmox 8.3.2

Log Output

pocketid.log

lldap.log

Originally created by @AkshayRao27 on GitHub. Originally assigned to: @kmendell on GitHub. ### Reproduction steps - Set up an LLDAP backend with a group that's supposed to be for PocketID Admins, e.g. `pocketid_admin`. ![Image](https://github.com/user-attachments/assets/b046ef3f-834a-43e0-86aa-dc510f4f0157) - Set up a User for PocketID in the LLDAP backend and add it to the PocketID Admin Group ![Image](https://github.com/user-attachments/assets/e4c383ac-a87d-4106-8afe-1c6824175bae) - Set up LDAP sync in PocketID & sync successfully over LDAPS ![Image](https://github.com/user-attachments/assets/59d1b319-d1c4-4b94-9fdb-47e8ed6ac1a8) - Ensure the group for PocketID Admins has succesfully synced ![Image](https://github.com/user-attachments/assets/52f71f08-db3c-45b2-83d0-56b8dbcfbab9) ### Expected behavior The user `pocketid` in the group `pocketid_admin` should have the role `Admin` and have admin permissions inside PocketID. ### Actual Behavior - The PocketID user and it's group membership are both correctly synced over LDAPS, but PocketID does not give the user Admin permissions ![Image](https://github.com/user-attachments/assets/3c168429-3a12-4aa9-a155-e3debdc0cb24) - This user cannot be given Admin Permissions in the PocketID UI either ![Image](https://github.com/user-attachments/assets/51212a5f-a2a5-4ddb-b3f4-b0551dc5c0c3) _Whether or not the user set up for PocketID has configured Passkeys does not make a difference_ ### Version and Environment Environment: Proxmox 8.3.2 - PocketID 1.2.0 (Debian LXC Container, deployed via [Proxmox VE Helper Scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=pocketid)) - Reverse Proxy: NPMplus 2.12.3+640668a (AlpineLXC Container, deployed via [Proxmox VE Helper Scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=npmplus)) - LDAP Backend: LLDAP 0.6.1 (Debian LXC Container, deployed via [Proxmox VE Helper Scripts](https://community-scripts.github.io/ProxmoxVE/scripts?id=lldap)) ### Log Output [pocketid.log](https://github.com/user-attachments/files/20588888/pocketid.log) [lldap.log](https://github.com/user-attachments/files/20588889/lldap.log)
OVERLORD added the bug label 2025-10-07 23:56:38 +03:00
OVERLORD commented 2025-10-07 23:56:41 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

Change the group_name attribute to cn and see if that fixes it. I'll look into seeing if i can figure out a better way to handle the groups but thats the fix i know of for now.

@kmendell commented on GitHub: Change the `group_name` attribute to `cn` and see if that fixes it. I'll look into seeing if i can figure out a better way to handle the groups but thats the fix i know of for now.
OVERLORD commented 2025-10-07 23:56:42 +03:00
Author
Owner
Copy Link

@AkshayRao27 commented on GitHub:

hey @AkshayRao27, did you get pocketid to work with NPMPlus? If you got the time, can you explain how you did? Thanks

Hey, no I didn't try to use PocketID to log into NPMplus, if that's what you mean. I also don't use it anymore - I switched to Keycloak :)

@AkshayRao27 commented on GitHub: > hey [@AkshayRao27](https://github.com/AkshayRao27), did you get pocketid to work with NPMPlus? If you got the time, can you explain how you did? Thanks Hey, no I didn't try to use PocketID to log into NPMplus, if that's what you mean. I also don't use it anymore - I switched to Keycloak :)
OVERLORD commented 2025-10-07 23:56:43 +03:00
Author
Owner
Copy Link

@DJKatastrof commented on GitHub:

hey @AkshayRao27, did you get pocketid to work with NPMPlus?
If you got the time, can you explain how you did? Thanks

@DJKatastrof commented on GitHub: hey @AkshayRao27, did you get pocketid to work with NPMPlus? If you got the time, can you explain how you did? Thanks
OVERLORD commented 2025-10-07 23:56:43 +03:00
Author
Owner
Copy Link

@AkshayRao27 commented on GitHub:

That did indeed fix it!

Seems it was user error all along!

@AkshayRao27 commented on GitHub: That did indeed fix it! Seems it was user error all along!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#184
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?