github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-22 14:13:08 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

LDAP conflict to already exist users #2647

New Issue
Closed
opened 2025-11-11 15:11:17 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-11 15:11:17 -06:00
Owner
Copy Link

Originally created by @lpb1 on GitHub (Nov 14, 2024).

Bug Report

Installation Method

  1. Reproduce the production environment
    docker run -d
    -p 8082:8080
    -e “OPENAI_API_BASE_URLS=http://xxxx;https://xxxx”
    -e “OPENAI_API_KEYS=sk-test;sk-test”
    -e OLLAMA_BASE_URL=http://xxxx:11434
    -v /open-webui/data:/app/backend/data
    --name open-webui
    --restart always
    ghcr.io/open-webui/open-webui:v0.3.34
  2. Upgrade to the version that includes LDAP
    docker compose.yaml:
    version: '3'
    services:
    openwebui:
    image: ghcr.io/open-webui/open-webui:git-f5f2215
    container_name: open-webui
    ports:
    • "3000:8080"
      volumes:
    • /open-webui/data:/app/backend/data
      environment:
    • 'GLOBAL_LOG_LEVEL=DEBUG'
    • 'OLLAMA_BASE_URL=http://xxxx:11434'
    • 'OPENAI_API_BASE_URLS=http://xxxx;https://xxxx'
    • "OPENAI_API_KEYS=sk-test;sk-test"
    • 'ENABLE_LDAP=True'
    • 'LDAP_SERVER_HOST=xxxx'
    • 'LDAP_SERVER_PORT=xxxx'
    • "LDAP_APP_PASSWORD=$LDAP_APP_PASSWORD"
    • 'LDAP_USE_TLS=False'
    • 'LDAP_APP_DN=cn=LDAP User,cn=Users,dc=xxxx,dc=xxxx'
    • 'LDAP_SEARCH_BASE=dc=xxxx,dc=xxxx'
    • 'LDAP_SEARCH_FILTERS=(mail=%s)'
    • 'LDAP_ATTRIBUTE_FOR_USERNAME=mail'

Environment

  • Open WebUI Version: [git-f5f2215]

  • Operating System: [Ubuntu 22.04]

Confirmation:

  • I have read and followed all the instructions provided in the README.md.
  • I am on the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below.

Expected Behavior:

If the email is not registered before LDAP integrated, LDAP user can login directly, if the setting of default user role is USER

If the email is registered before LDAP integrated, LDAP account should be a new user or inherit from already exist local account.

Actual Behavior:

The email is not registered before LDAP integrated:
LDAP user can not login directly, the status is pending, even the setting of default user role is USER.

The email is registered before LDAP integrated:
LDAP user login failed both with domain password and already registered password, already registered local user login successful with data

Description

Bug Summary:
already exist same name local account conflict to ldap accounts

Reproduction Details

Steps to Reproduce:
[Outline the steps to reproduce the bug. Be as detailed as possible.]

Logs and Screenshots

Browser Console Logs:
Failed to load resource: the server responded with a status of 400 (Bad Request)
index.ts:132 Objectdetail: "400: The email or password provided is incorrect. Please check for typos and try logging in again."Prototype: Objectconstructor: ƒ Object()hasOwnProperty: ƒ hasOwnProperty()isPrototypeOf: ƒ isPrototypeOf()propertyIsEnumerable: ƒ propertyIsEnumerable()toLocaleString: ƒ toLocaleString()toString: ƒ toString()valueOf: ƒ valueOf()defineGetter: ƒ defineGetter()defineSetter: ƒ defineSetter()lookupGetter: ƒ lookupGetter()lookupSetter: ƒ lookupSetter()proto: (...)get proto: ƒ proto()set proto: ƒ proto()
api/v1/auths/ldap:1

Docker Container Logs:
INFO [open_webui.apps.webui.models.auths] authenticate_user: pblv@xxxx.com
DEBUG [open_webui.main] Commit session after request
INFO: xxxx:61395 - "POST /api/v1/auths/ldap HTTP/1.1" 400 Bad Request

Screenshots/Screen Recordings (if applicable):
image

Originally created by @lpb1 on GitHub (Nov 14, 2024). # Bug Report ## Installation Method 1. Reproduce the production environment docker run -d \ -p 8082:8080 \ -e “OPENAI_API_BASE_URLS=http://xxxx;https://xxxx” \ -e “OPENAI_API_KEYS=sk-test;sk-test” \ -e OLLAMA_BASE_URL=http://xxxx:11434 \ -v /open-webui/data:/app/backend/data \ --name open-webui \ --restart always \ ghcr.io/open-webui/open-webui:v0.3.34 2. Upgrade to the version that includes LDAP docker compose.yaml: version: '3' services: openwebui: image: ghcr.io/open-webui/open-webui:git-f5f2215 container_name: open-webui ports: - "3000:8080" volumes: - /open-webui/data:/app/backend/data environment: - 'GLOBAL_LOG_LEVEL=DEBUG' - 'OLLAMA_BASE_URL=http://xxxx:11434' - 'OPENAI_API_BASE_URLS=http://xxxx;https://xxxx' - "OPENAI_API_KEYS=sk-test;sk-test" - 'ENABLE_LDAP=True' - 'LDAP_SERVER_HOST=xxxx' - 'LDAP_SERVER_PORT=xxxx' - "LDAP_APP_PASSWORD=$LDAP_APP_PASSWORD" - 'LDAP_USE_TLS=False' - 'LDAP_APP_DN=cn=LDAP User,cn=Users,dc=xxxx,dc=xxxx' - 'LDAP_SEARCH_BASE=dc=xxxx,dc=xxxx' - 'LDAP_SEARCH_FILTERS=(mail=%s)' - 'LDAP_ATTRIBUTE_FOR_USERNAME=mail' ## Environment - **Open WebUI Version:** [git-f5f2215] - **Operating System:** [Ubuntu 22.04] **Confirmation:** - [x] I have read and followed all the instructions provided in the README.md. - [x] I am on the latest version of both Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have provided the exact steps to reproduce the bug in the "Steps to Reproduce" section below. ## Expected Behavior: If the email is not registered before LDAP integrated, LDAP user can login directly, if the setting of default user role is USER If the email is registered before LDAP integrated, LDAP account should be a new user or inherit from already exist local account. ## Actual Behavior: The email is not registered before LDAP integrated: LDAP user can not login directly, the status is pending, even the setting of default user role is USER. The email is registered before LDAP integrated: LDAP user login failed both with domain password and already registered password, already registered local user login successful with data ## Description **Bug Summary:** already exist same name local account conflict to ldap accounts ## Reproduction Details **Steps to Reproduce:** [Outline the steps to reproduce the bug. Be as detailed as possible.] ## Logs and Screenshots **Browser Console Logs:** Failed to load resource: the server responded with a status of 400 (Bad Request) index.ts:132 Objectdetail: "400: The email or password provided is incorrect. Please check for typos and try logging in again."[[Prototype]]: Objectconstructor: ƒ Object()hasOwnProperty: ƒ hasOwnProperty()isPrototypeOf: ƒ isPrototypeOf()propertyIsEnumerable: ƒ propertyIsEnumerable()toLocaleString: ƒ toLocaleString()toString: ƒ toString()valueOf: ƒ valueOf()__defineGetter__: ƒ __defineGetter__()__defineSetter__: ƒ __defineSetter__()__lookupGetter__: ƒ __lookupGetter__()__lookupSetter__: ƒ __lookupSetter__()__proto__: (...)get __proto__: ƒ __proto__()set __proto__: ƒ __proto__() api/v1/auths/ldap:1 **Docker Container Logs:** INFO [open_webui.apps.webui.models.auths] authenticate_user: pblv@xxxx.com DEBUG [open_webui.main] Commit session after request INFO: xxxx:61395 - "POST /api/v1/auths/ldap HTTP/1.1" 400 Bad Request **Screenshots/Screen Recordings (if applicable):** <img width="626" alt="image" src="https://github.com/user-attachments/assets/262026ed-ff8f-4a3f-8bac-d82328f18e69">
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#2647
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?