Skip to content

Critical LDAP Authentication Issue in LinShare 6.5.0 with Active Directory UPN Bind #365

New issue
New issue
Open
Open
Critical LDAP Authentication Issue in LinShare 6.5.0 with Active Directory UPN Bind#365
@ceitcon

Description

@ceitcon
ceitcon
opened on Oct 29, 2025

Dear LinShare Support Team,
I have followed the below link for installation

https://github.com/linagora/linshare/blob/master/documentation/EN/installation/linshare-install-debian.md

We are experiencing a critical authentication failure with our $\text{LDAP}$ User Provider using LinShare version 6.5.0 and Active Directory.
The core problem is that user authentication fails with "Invalid credentials" in the LinShare $\text{GUI}$, even though we have proven the credentials work.

  1. Environment Details
    • LinShare Version: 6.5.0
    • LDAP Server: Active Directory
    • Login Format: User Principal Name ($\text{UPN}$) (e.g., test@abc.com)
    • Issue: Authentication fails due to incorrect $\text{LDAP}$ bind format.
  2. Confirmed Findings (Troubleshooting)
    We have isolated the issue to the final $\text{LDAP}$ bind step:
    • Filter/Search: The authentication filter is correct and successfully finds the user (e.g., test@abc.com is found and group membership is confirmed).
    • Credentials: Direct $\text{LDAP}$ testing confirms the password works when binding with the $\text{UPN}$:
    $$\text{ldapsearch -D "test@abc.com" -W ...} \quad \rightarrow \quad \text{SUCCESS}$$
    • Configuration Missing: We have determined that the required configuration property to set the $\text{LDAP}$ bind identity to the $\text{UPN}$ (%userPrincipalName%) is missing from the $\text{GUI}$ and the standard database tables:
    o The security_principal column is absent from the user_provider table.
    o The "User Bind Pattern" field is absent from the $\text{GUI}$ for the $\text{LDAP}$ Connection and User Provider.
  3. Request for Assistance
    Since the $\text{GUI}$ and database do not expose the setting, we believe the bind identity is hardcoded to the user's $\text{Distinguished Name (DN)}$, which $\text{AD}$ rejects for direct $\text{UPN}$ logins.
    Could you please provide the exact file name and property key for setting the $\text{LDAP}$ user bind principal to $\text{userPrincipalName}$ in LinShare version 6.5.0?
    • Example property needed: ldap.authentication.attribute=userPrincipalName or similar.

Also there is no option to test the LDAP Connectivity from the GUI.

Thank you for your prompt assistance in resolving this critical $\text{AD}$ compatibility issue.

Note: also there is not option for create internal user we have manage user but no button for create user internal user

Image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions