🐛 Bug Report: LDAP Admin Group Name not working #80

New Issue

Closed

opened 2025-10-07 00:00:57 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2025-10-07 00:00:57 +03:00

Owner

Copy Link

Originally created by @CorentinGrard on GitHub.

Originally assigned to: @kmendell on GitHub.

Reproduction steps

I'm trying in use LLDAP with PocketID. I'm new to LDAP so it's possible I've made a mistake.
Prerequire LLDAP.

In LLDAP

• Create an admin group
• Create an admin user and add it in the admin group
• On pocket id fill the LDAP info as such
  
• Save and sync. After sync you should see the user being added in pocket id but without the admin rights only as a normal user

Expected behavior

When adding a group name in Admin Group Name, it should make the users in the group admin in pocket id

Actual Behavior

When configuring LDAP on PocketID after entering all the values you will find bellow, I managed to sync my LDAP with PocketID, but I cannot make work the Admin Group Name field.
On LLDAP I have a group called admin with a user in it. I have added admin in the field Admin Group Name

Pocket ID LDAP config:

LLDAP User Attributes:

LLDAP Group Attributes:

PocketID User:

LLDAP admin User:

Version and Environment

v1.7

Log Output

No response

Originally created by @CorentinGrard on GitHub. Originally assigned to: @kmendell on GitHub. ### Reproduction steps I'm trying in use LLDAP with PocketID. I'm new to LDAP so it's possible I've made a mistake. Prerequire LLDAP. In LLDAP - Create an admin group - Create an admin user and add it in the admin group - On pocket id fill the LDAP info as such <img width="1302" height="987" alt="Image" src="https://github.com/user-attachments/assets/21aa0f57-0cbc-4c53-85ad-167d52327118" /> - Save and sync. After sync you should see the user being added in pocket id but without the admin rights only as a normal user ### Expected behavior When adding a group name in Admin Group Name, it should make the users in the group admin in pocket id ### Actual Behavior When configuring LDAP on PocketID after entering all the values you will find bellow, I managed to sync my LDAP with PocketID, but I cannot make work the Admin Group Name field. On LLDAP I have a group called `admin` with a user in it. I have added `admin` in the field `Admin Group Name` Pocket ID LDAP config: <img width="1339" height="633" alt="Image" src="https://github.com/user-attachments/assets/6e0b4e60-0702-4906-abb5-f0ff3c50da7e" /> LLDAP User Attributes: <img width="1087" height="631" alt="Image" src="https://github.com/user-attachments/assets/47975159-0ab6-4dbd-b8b6-bfdcd6116346" /> LLDAP Group Attributes: <img width="1076" height="453" alt="Image" src="https://github.com/user-attachments/assets/e3221427-82e6-44e5-8af7-b7fabf9595bf" /> PocketID User: <img width="1270" height="91" alt="Image" src="https://github.com/user-attachments/assets/1580ca1d-5e9d-4d98-98a6-3b0689408d00" /> LLDAP admin User: <img width="990" height="898" alt="Image" src="https://github.com/user-attachments/assets/0d52b3ab-af6d-4b33-bedc-e48f31b1ad81" /> ### Version and Environment v1.7 ### Log Output _No response_

OVERLORD closed this issue 2025-10-07 00:00:59 +03:00

OVERLORD commented 2025-10-07 00:01:01 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

Change the Group Name Attribute to cn that should fix it for now. Ill try to look into a fix, but i think its a missconception with lldaps schema to be honest.

@kmendell commented on GitHub: Change the Group Name Attribute to `cn` that should fix it for now. Ill try to look into a fix, but i think its a missconception with lldaps schema to be honest.

OVERLORD commented 2025-10-07 00:01:02 +03:00

Author

Owner

Copy Link

@kmendell commented on GitHub:

So its not a bug, moreover a misnaming of variables and the fields.

What LLDAP returns in memberOf on users:
memberOf: cn=admin,ou=groups,dc=pocket-id,dc=org

What the admin group object looks like:

dn: cn=admin,ou=groups,dc=pocket-id,dc=org
cn: admin
display_name: Administrators

What PocketID’s current code does

For each memberOf DN, it extracts the configured “Group Name Attribute” from the DN and compares it to “Admin Group Name”.

So how we get this info is:

getDNProperty("display_name", "admin") // just an example

The distinguishedName ends up being display_name=admin,ou=groups,dc=pocket-id,dc=org

Which is not valid ldap syntax for a DN. The display name in lldap is a attribute not part of the distinguisedName. So this may be a misnamed thing on pocket-ids part as well.

Most likley the easiest fix here is to rename the field. Which i opened a PR for, but well want to rename the actual variable as well.

@kmendell commented on GitHub: So its not a bug, moreover a misnaming of variables and the fields. What LLDAP returns in memberOf on users: memberOf: cn=admin,ou=groups,dc=pocket-id,dc=org What the admin group object looks like: ``` dn: cn=admin,ou=groups,dc=pocket-id,dc=org cn: admin display_name: Administrators ``` What PocketID’s current code does For each memberOf DN, it extracts the configured “Group Name Attribute” from the DN and compares it to “Admin Group Name”. So how we get this info is: ``` getDNProperty("display_name", "admin") // just an example ``` The distinguishedName ends up being `display_name=admin,ou=groups,dc=pocket-id,dc=org` Which is not valid ldap [syntax](https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ldap/distinguished-names) for a DN. The display name in lldap is a attribute not part of the distinguisedName. So this may be a misnamed thing on pocket-ids part as well. Most likley the easiest fix here is to rename the field. Which i opened a PR for, but well want to rename the actual variable as well.

OVERLORD commented 2025-10-07 00:01:02 +03:00

Author

Owner

Copy Link

@CorentinGrard commented on GitHub:

Yes that did the trick, thanks @kmendell

@CorentinGrard commented on GitHub: Yes that did the trick, thanks @kmendell

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#80