Skip to content

[Bug]: API user modification is not persisted with LDAP authentication #2168

New issue
New issue
Open
Open
[Bug]: API user modification is not persisted with LDAP authentication#2168
Labels
bugSomething isn't working
@bmagnier

Description

@bmagnier
bmagnier
opened on Jan 29, 2026

⚠️ This issue respects the following points: ⚠️

  • This is a bug, not a question or a configuration issue.
  • This issue is not already reported on Github (I've searched it).

Bug description

Hello,

I have configured external authentication using LDAP. I have only configured authentication, and no group management as I plan to programmatically create groups via REST API calls.
I also modify LDAP-authentified users via API in order to add them to these groups.

My problem is : after a successful LDAP authentication, the user is modified and lose his groups affiliations.

This bug seems located in the REST API only, as I can use the webadmin UI to modify the very same user to add him to the very same group. I have used the API to check for differences in the two modifications and the only one was the web_client property added by the UI. I tried to add it in my API call but the behaviour did not change.

Note : I have read #1203 but the fact that the webadmin UI can modify and not be overridden by the login tends to indicate a bug

Best regards,
Bertrand

Steps to reproduce

  1. Configure LDAP authentication, no group sync
  2. Create a group, be it by webadmin or rest API
  3. Use rest API endpoint to modify a LDAP user and add the group as secondary :
{
  "id": <userid>,
  "permissions": {
      "/": [             
        "*"            
      ]                                   
  },       
  "status": 1,
 "groups": [
    {    
      "name": "<groupname>",
      "type": 2
    }                       
  ]                           
}
  1. Authenticate user via webclient. The group affiliation is gone.

Expected behavior

External login does not modify the user group affiliations.

SFTPGo version

2.7.0

Data provider

sqlite

Installation method

Community Docker image

Configuration

API is enabled :

"httpd": {
    "bindings": [
      {
  "enable_rest_api": true,
[...]

LDAP config :

"plugins": [
    {
      "cmd": "/usr/local/bin/sftpgo-plugin-auth",
      "type": "auth",
      "auth_options": {
        "scope": 1
      },
      "args": [
        "serve",
        "--ldap-url=<redacted>",
        "--ldap-base-dn=<redacted>",
        "--ldap-bind-dn=<redacted>",
        "--ldap-password=<redacted>",
        "--ldap-search-query=(&(objectClass=inetOrgPerson)(uid=%username%))"
      ],
      "auto_mtls": true
    }
  ]

Relevant log output



What are you using SFTPGo for?


Medium business


Additional info


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    bugSomething isn't working
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions