github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #20240] LDAP Authentication Failed (HTTP 400) despite valid config & successful ldap3 connection test #57802

New Issue
Closed
opened 2026-05-05 21:39:07 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-05-05 21:39:07 -05:00
Owner
Copy Link

Originally created by @AgatheBauer on GitHub (Dec 29, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/20240

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

main / latest (ghcr.io/open-webui/open-webui:main)

Ollama Version (if applicable)

N/A

Operating System

Linux (Docker environment)

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

Successful LDAP authentication and login.

Actual Behavior

LDAP authentication consistently fails with "LDAP authentication failed" (HTTP 400) in the Containerized version, even when the exact same credentials and parameters work successfully using a Python ldap3 script running inside the same container. This behavior is reproduced on both Samba Active Directory and standard Windows Server Active Directory.

  • UI shows "

Steps to Reproduce

  1. Clean install of OpenWebUI.
    1. Configure LDAP via Admin Panel (or Env Vars).
    1. Server Port: 636, TLS: ON, Ignore Certificate Errors: ON.
    1. Filter: (sAMAccountName=%s) or (&(objectCategory=person)(objectClass=user)(sAMAccountName=%s)).
    1. Email Attribute: userPrincipalName (required if mail is empty in AD).
    1. Save and attempt login.

Logs & Screenshots

Reproduction evidence:
I executed this script inside the container and it works perfectly:

import ldap3
server = ldap3.Server('ldaps://<host>:636', use_ssl=True)
conn = ldap3.Connection(server, user='<bind_dn>', password='<password>', auto_bind=True)
# Search works
conn.search('<base>', '(&(sAMAccountName=<test_user>))', attributes=['distinguishedName'])
user_dn = conn.entries[0].distinguishedName.value
# Bind as User works
conn_user = ldap3.Connection(server, user=user_dn, password='<user_pw>', auto_bind=True)
print("Login Successful!")
Originally created by @AgatheBauer on GitHub (Dec 29, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/20240 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version main / latest (ghcr.io/open-webui/open-webui:main) ### Ollama Version (if applicable) N/A ### Operating System Linux (Docker environment) ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior Successful LDAP authentication and login. ### Actual Behavior LDAP authentication consistently fails with "LDAP authentication failed" (HTTP 400) in the Containerized version, even when the exact same credentials and parameters work successfully using a Python ldap3 script running *inside* the same container. This behavior is reproduced on both Samba Active Directory and standard Windows Server Active Directory. - UI shows " ### Steps to Reproduce 1. Clean install of OpenWebUI. 2. 2. Configure LDAP via Admin Panel (or Env Vars). 3. 3. Server Port: 636, TLS: ON, Ignore Certificate Errors: ON. 4. 4. Filter: (sAMAccountName=%s) or (&(objectCategory=person)(objectClass=user)(sAMAccountName=%s)). 5. 5. Email Attribute: userPrincipalName (required if mail is empty in AD). 6. 6. Save and attempt login. ### Logs & Screenshots Reproduction evidence: I executed this script inside the container and it works perfectly: ```python import ldap3 server = ldap3.Server('ldaps://<host>:636', use_ssl=True) conn = ldap3.Connection(server, user='<bind_dn>', password='<password>', auto_bind=True) # Search works conn.search('<base>', '(&(sAMAccountName=<test_user>))', attributes=['distinguishedName']) user_dn = conn.entries[0].distinguishedName.value # Bind as User works conn_user = ldap3.Connection(server, user=user_dn, password='<user_pw>', auto_bind=True) print("Login Successful!")
GiteaMirror added the bug label 2026-05-05 21:39:07 -05:00
GiteaMirror commented 2026-05-05 21:39:10 -05:00
Author
Owner
Copy Link

@owui-terminator[bot] commented on GitHub (Dec 29, 2025):

🔍 Similar Issues Found

I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:

  1. #19878 issue: LDAP authentication error for users with multiple LDAP uid's
    by Mikikrus • Dec 11, 2025 • bug

  2. #19792 issue: OAuth Login redirects to https://openwebui.domain.org/oauth/oidc/openwebui.domain.org after succesful login
    by StNiosem • Dec 06, 2025 • bug

  3. #19813 issue: Failed to connect to MCP server, while the connection test works fine
    by spi-dlp • Dec 08, 2025 • bug

  4. #14721 issue: Cannot login when enable LDAP and disable TLS
    by xiajianlin • Jun 06, 2025 • bug

  5. #15971 issue: 0.6.18 username/password authentication failing
    by GanizaniSitara • Jul 23, 2025 • bug

Show 5 more related issues

  1. #16172 issue: Unable to login to Open WebUI using Authentik (OIDC)
    by navilg • Jul 31, 2025 • bug

  2. #15082 issue: Authentication issue with openwebui and Keycloak
    by infra823 • Jun 17, 2025 • bug

  3. #12371 issue: Web UI hangs when trying to authenticate via LDAP
    by andresmorago • Apr 03, 2025 • bug

  4. #17786 issue: LDAP connections are not closed
    by NegaScout • Sep 26, 2025 • bug

  5. #14613 422: Open WebUI: Server Connection Error
    by Hekas1 • Jun 02, 2025 • bug

💡 Tips:

  • If this is a duplicate, please consider closing this issue and adding any additional details to the existing one
  • If you found a solution in any of these issues, please share it here to help others

This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

<!-- gh-comment-id:3696276182 --> @owui-terminator[bot] commented on GitHub (Dec 29, 2025): 🔍 **Similar Issues Found** I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions: 1. [#19878](https://github.com/open-webui/open-webui/issues/19878) **issue: LDAP authentication error for users with multiple LDAP uid's** *by Mikikrus • Dec 11, 2025 • `bug`* 2. [#19792](https://github.com/open-webui/open-webui/issues/19792) **issue: OAuth Login redirects to https://openwebui.domain.org/oauth/oidc/openwebui.domain.org after succesful login** *by StNiosem • Dec 06, 2025 • `bug`* 3. [#19813](https://github.com/open-webui/open-webui/issues/19813) **issue: Failed to connect to MCP server, while the connection test works fine** *by spi-dlp • Dec 08, 2025 • `bug`* 4. [#14721](https://github.com/open-webui/open-webui/issues/14721) **issue: Cannot login when enable LDAP and disable TLS** *by xiajianlin • Jun 06, 2025 • `bug`* 5. [#15971](https://github.com/open-webui/open-webui/issues/15971) **issue: 0.6.18 username/password authentication failing** *by GanizaniSitara • Jul 23, 2025 • `bug`* <details> <summary>Show 5 more related issues</summary> 6. [#16172](https://github.com/open-webui/open-webui/issues/16172) **issue: Unable to login to Open WebUI using Authentik (OIDC)** *by navilg • Jul 31, 2025 • `bug`* 7. [#15082](https://github.com/open-webui/open-webui/issues/15082) **issue: Authentication issue with openwebui and Keycloak** *by infra823 • Jun 17, 2025 • `bug`* 8. [#12371](https://github.com/open-webui/open-webui/issues/12371) **issue: Web UI hangs when trying to authenticate via LDAP** *by andresmorago • Apr 03, 2025 • `bug`* 9. [#17786](https://github.com/open-webui/open-webui/issues/17786) **issue: LDAP connections are not closed** *by NegaScout • Sep 26, 2025 • `bug`* 10. [#14613](https://github.com/open-webui/open-webui/issues/14613) **422: Open WebUI: Server Connection Error** *by Hekas1 • Jun 02, 2025 • `bug`* </details> --- 💡 **Tips:** - If this is a duplicate, please consider closing this issue and adding any additional details to the existing one - If you found a solution in any of these issues, please share it here to help others *This comment was generated automatically by a bot.* Please react with a 👍 if this comment was helpful, or a 👎 if it was not.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#57802
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?