🐛 Bug Report: LDAP user uuid not matching PocketID user sub . #117

New Issue

Closed

opened 2025-10-07 00:02:16 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2025-10-07 00:02:16 +03:00

Owner

Copy Link

Originally created by @hqo998 on GitHub.

Reproduction steps

I have a user that exists in LLDAP with a uuid of
e27fea52-10ad-3430-b465-67bb43a02280 when I sync the users to PocketID, the sub token has changed to
66791b7d-035a-47b4-947e-48e595291368. I've tried changing the variable for the User Unique Identifier Attribute to different attributes but had no luck in getting them to match.

Not sure if this is even intended behaviour, quite new to SSO systems.

Expected behavior

I would expect the UUID to match the sub token.

Actual Behavior

Pocket ID sub doesn't match LDAP uuid.

Version and Environment

Pocket ID 1.6.2

Log Output

2025-07-20 11:19:14.657270+00:002025/07/20 21:19:14 github.com/pocket-id/pocket-id/backend/internal/service/user_service.go:247 duplicated key not allowed
2025-07-20 11:19:14.657283+00:00[0.062ms] [rows:0] INSERT INTO `users` (`id`,`created_at`,`username`,`email`,`first_name`,`last_name`,`is_admin`,`locale`,`ldap_id`,`disabled`) VALUES (?,?,?,?,?,?,?,?,?,?)
2025-07-20 11:19:14.657283+00:002025/07/20 21:19:14 Skipping creating LDAP user 'charles': username is already in use
2025-07-20 11:19:14.707367+00:00[GIN] 2025/07/20 - 21:19:14 | 204 |  235.871352ms |  162.158.39.219 | POST     "/api/application-configuration/sync-ldap"
2025-07-20 11:19:15.021211+00:002025-07-20T11:19:15.021211213Z
2025-07-20 11:19:15.021274+00:002025/07/20 21:19:15 github.com/pocket-id/pocket-id/backend/internal/service/user_service.go:247 duplicated key not allowed
2025-07-20 11:19:15.021295+00:00[0.067ms] [rows:0] INSERT INTO `users` (`id`,`created_at`,`username`,`email`,`first_name`,`last_name`,`is_admin`,`locale`,`ldap_id`,`disabled`) VALUES (?,?,?,?,?,?,?,?,?,?)
2025-07-20 11:19:15.021309+00:002025/07/20 21:19:15 Skipping creating LDAP user 'charles': username is already in use
2025-07-20 11:19:15.066622+00:00[GIN] 2025/07/20 - 21:19:15 | 204 |  166.988347ms |  162.158.39.219 | POST     "/api/application-configuration/sync-ldap"

Pocket ID has pre-existing local user Charles that conflicts with LDAP, believed to be unrelated but that user as you see in the logs doesn't get updated to match LDAP

Originally created by @hqo998 on GitHub. ### Reproduction steps I have a user that exists in LLDAP with a uuid of e27fea52-10ad-3430-b465-67bb43a02280 when I sync the users to PocketID, the sub token has changed to 66791b7d-035a-47b4-947e-48e595291368. I've tried changing the variable for the User Unique Identifier Attribute to different attributes but had no luck in getting them to match. Not sure if this is even intended behaviour, quite new to SSO systems. <img width="938" height="1076" alt="Image" src="https://github.com/user-attachments/assets/282a5e1a-5bab-4260-80b1-fddd2e27bf99" /> <img width="1122" height="692" alt="Image" src="https://github.com/user-attachments/assets/c7ef572a-ec41-4bd3-83de-05cb4ce41b2a" /> <img width="964" height="1104" alt="Image" src="https://github.com/user-attachments/assets/57685a1e-7c56-4d46-9c7a-5a56ea5d148a" /> ### Expected behavior I would expect the UUID to match the sub token. ### Actual Behavior Pocket ID sub doesn't match LDAP uuid. ### Version and Environment Pocket ID 1.6.2 ### Log Output ``` 2025-07-20 11:19:14.657270+00:002025/07/20 21:19:14 github.com/pocket-id/pocket-id/backend/internal/service/user_service.go:247 duplicated key not allowed 2025-07-20 11:19:14.657283+00:00[0.062ms] [rows:0] INSERT INTO `users` (`id`,`created_at`,`username`,`email`,`first_name`,`last_name`,`is_admin`,`locale`,`ldap_id`,`disabled`) VALUES (?,?,?,?,?,?,?,?,?,?) 2025-07-20 11:19:14.657283+00:002025/07/20 21:19:14 Skipping creating LDAP user 'charles': username is already in use 2025-07-20 11:19:14.707367+00:00[GIN] 2025/07/20 - 21:19:14 | 204 | 235.871352ms | 162.158.39.219 | POST "/api/application-configuration/sync-ldap" 2025-07-20 11:19:15.021211+00:002025-07-20T11:19:15.021211213Z 2025-07-20 11:19:15.021274+00:002025/07/20 21:19:15 github.com/pocket-id/pocket-id/backend/internal/service/user_service.go:247 duplicated key not allowed 2025-07-20 11:19:15.021295+00:00[0.067ms] [rows:0] INSERT INTO `users` (`id`,`created_at`,`username`,`email`,`first_name`,`last_name`,`is_admin`,`locale`,`ldap_id`,`disabled`) VALUES (?,?,?,?,?,?,?,?,?,?) 2025-07-20 11:19:15.021309+00:002025/07/20 21:19:15 Skipping creating LDAP user 'charles': username is already in use 2025-07-20 11:19:15.066622+00:00[GIN] 2025/07/20 - 21:19:15 | 204 | 166.988347ms | 162.158.39.219 | POST "/api/application-configuration/sync-ldap" ``` Pocket ID has pre-existing local user Charles that conflicts with LDAP, believed to be unrelated but that user as you see in the logs doesn't get updated to match LDAP

OVERLORD added the bug label 2025-10-07 00:02:16 +03:00

OVERLORD closed this issue 2025-10-07 00:02:17 +03:00

OVERLORD commented 2025-10-07 00:02:20 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Yes, this behavior is intended. The ID returned by Pocket ID gets generated by Pocket ID and doesn't get imported from LDAP.

@stonith404 commented on GitHub: Yes, this behavior is intended. The ID returned by Pocket ID gets generated by Pocket ID and doesn't get imported from LDAP.

OVERLORD commented 2025-10-07 00:02:20 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

This is most likley because it uses the Pocket ID Id attribute vs the ldapID attribute. The ldapId one is what is used to identify the user from ldap in pocket id. Otherwise the ID generated by pocket id is used for the authentication.

@kmendell commented on GitHub: This is most likley because it uses the Pocket ID `Id` attribute vs the `ldapID` attribute. The ldapId one is what is used to identify the user from ldap in pocket id. Otherwise the ID generated by pocket id is used for the authentication.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#117