Hello Xiao,
the provided LDAP authentication connector is not able to read
attributes from LDAP - it just makes a bind to check the password.
There is a suitable module avail in the enterprise version, as an
alternative you can use an external authentication proxy like Authelia
and use it to feed the attributes via the environment.
Oliver
On 11/27/25 07:48, HAN Xiao wrote:
Hello Oliver,
Thank you for your reply.
I am very sorry about the AI-generated configuration in my previous email. That
was my mistake, and I fully understand your concern. I will no longer use any
AI-generated config when asking questions on the mailing list.
Regarding my issue: I have been reading the documentation on
https://openxpki.readthedocs.io/en/master/
but I may have overlooked the relevant part. What I am trying to understand is:
How to correctly map LDAP attributes (e.g. firstName, lastName, email) to
OpenXPKI user attributes such as userinfo.* for TestAccounts, and how these
mapped values can be used in profile presets.
If this is already described somewhere in the documentation, could you please
let me know where to find it? I would really appreciate even a small pointer,
and I apologize again if the information is already there and I simply missed
it.
Thank you very much for your time, and sorry again for the trouble caused.
Best regards,
Xiao Han
-----Original Messages-----
From: "Oliver Welter" <[email protected]>
Send time: Thursday, 11/27/2025 14:11:59
To: [email protected]
Subject: Re: [OpenXPKI-users] How to use attributes in LDAP as OpenXPKI user
attributes
Hello,
please read the extensive documntation and stop spamming the ML with AI
generated config.
best regards
Oliver
On 11/26/25 17:41, HAN Xiao wrote:
Dear Developer,
I encountered an issue while configuring OpenXPKI:
I’m unable to use user attributes from LDAP as user properties in presets or in
other parts of the workflow.
In detail, my LDAP connection is working and I can log in normally. The
configuration is as follows:
--stack.yaml--
LDAPAuth:
label: LDAP Auth
description: Login with LDAP
handler: LDAPAuth
type: passwd
--handler.yaml--
LDAPAuth:
type: Connector
label: LDAP Login for Users
role: User
source@: connector:auth.connector.userLDAP
attributes:
userinfo.email@: "param:email"
userinfo.gname@: "param:firstName"
userinfo.name@: "param:lastName"
--connector.yaml--
userLDAP:
class: Connector::Builtin::Authentication::LDAP
LOCATION: ldap://xxx.xxx.xx.xx
base: ou=users,dc=xxxx,dc=xx,dc=xx
binddn: cn=xxxx,ou=users,dc=xxxx,dc=xx,dc=xx
password: xxxx
debug: 1
verify: none
filter: "(email=[% LOGIN %])"
attrs:
- email
- firstName
- lastName
The LDAP contains the following information that I need:
email: [email protected]
lastName: Han
firstName: Xiao
sex: male
sn: hanx14
afs: hanx
But I don't know how to use it in realm/realm_name/profile/template/
I just do some simple test, like
--requestor_gname.yaml--
id: requestor_gname
label: I18N_OPENXPKI_UI_PROFILE_REQUESTOR_REALNAME
description: I18N_OPENXPKI_UI_PROFILE_REQUESTOR_REALNAME_DESC
type: static
width: 40
placeholder: John Doe
preset: userinfo.gname
required: 0
However, in the web UI it shows as <not set>.
Additionally, there are a large number of errors in
/var/log/openxpki-server/catchall.log and openxpki.log:
2025/11/27 00:09:01 FATAL OpenXPKI::Service::Default->init() failed:
I18N_OPENXPKI_TRANSPORT_SIMPLE_CLIENT_READ_CLOSED_CONNECTION [pid=370|sid=OHJK]
2025/11/27 00:09:01 openxpki.system.FATAL OpenXPKI::Service::Default->init()
failed: I18N_OPENXPKI_TRANSPORT_SIMPLE_CLIENT_READ_CLOSED_CONNECTION
[pid=370|sid=OHJK]
I’m not sure if these are related to the issue.
I look forward to your help. Thank you!
Best regards,
Xiao HAN
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
