goauthentik/authentik

Nested user attributes not exposed as valid LDAP attributes in LDAP Outpost

Open

#16,954 创建于 2025年9月23日

在 GitHub 查看
 (2 评论) (0 反应) (0 负责人)Python (4,050 star) (319 fork)batch import
bugbug/confirmedgood first issue

描述

Describe the bug When exposing custom attributes via the LDAP outpost, nested attributes are not returned as individual LDAP attributes. Instead, they appear in a serialized map format that does not seem to comply with LDAP.

To Reproduce Steps to reproduce the behavior:

  1. Configure a user in Authentik with a custom attribute containing nested values, e.g. settings.locale = en.
  2. Query the user via the LDAP outpost using ldapsearch.
  3. Inspect the LDAP response.

See that the attribute is returned as a serialized map string rather than as a proper multi-valued LDAP attribute.

Expected behavior I would expect the LDAP outpost to flatten or map the nested attribute into standard LDAP attributes, for example:

settingsLocale: en

or

settings.locale: en

instead of:

settings: map[locale:en]

Version and Deployment (please complete the following information):

  • authentik version: 2025.8.3
  • Deployment: Docker

Additional context Add any other context about the problem here.

贡献者指南

技术栈
pythondocker
领域
backendauthentication
议题类型
bug
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
1-3 hours
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
fresh
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
LDAP attribute structurePython basicsAuthentik outpost configuration
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
70
研究方向
Examine the LDAP outpost code in the 'authentik/outposts/ldap/' directory, specifically the attribute serialization functions. Identify how custom attributes are currently converted to LDAP attributes. Consider implementing a recursive flattening of nested maps into dot separated keys or similar.