🐛 Bug Report: LDAP pocket-id admin group doesn't work with LLDAP #11

New Issue

AtHeartEngineer · 2025-07-08T08:37:31-04:00

AtHeartEngineer commented

2025-07-08 08:37:31 -04:00

Originally created by @rtozer on 7/5/2025

Reproduction steps

Thanks for a great project.

I've been trying to switch to using LLDAP to manage users.
I've got it hooked up, users and groups are syncing correctly. The pocket_id_admins group I created is synced and the group members are correctly reflected in pocket-id as expected, and I've set that group name in the "Admin Group Name" field in the config, but my user is not being made an admin in pocket-id.

to reproduce:

create a group in LLDAP
assign users you want to be admin in pocket-id to that group
set your config Admin Group Name field to the group name
sync ldap

Expected behavior

members of the group in LLDAP specified in the 'Admin Group Name' in Pocket-ID config should be granted admin privileges in Pocket-ID

Actual Behavior

no users are made admins

Version and Environment

Version: 1.5.0
Env: Docker

I'm not a GO dev, or familiar with the inner workings of LDAP, but I did spot a hard-coded attribute name in the code that checks for admins.
ldap_service.go:332

		isAdmin := false
		for _, group := range value.GetAttributeValues("memberOf") {
			if getDNProperty(dbConfig.LdapAttributeGroupName.Value, group) == dbConfig.LdapAttributeAdminGroup.Value {
				isAdmin = true
				break
			}
		}

Should that 'memberOf' be the 'Group Members Attribute' defined in the config (or env: LDAP_ATTRIBUTE_GROUP_MEMBER)?
For LLDAP it is 'member' which would explain why my admin access is not being granted.

Log Output

No response

*Originally created by @rtozer on 7/5/2025* ### Reproduction steps Thanks for a great project. I've been trying to switch to using LLDAP to manage users. I've got it hooked up, users and groups are syncing correctly. The pocket_id_admins group I created is synced and the group members are correctly reflected in pocket-id as expected, and I've set that group name in the "Admin Group Name" field in the config, but my user is not being made an admin in pocket-id. to reproduce: 1. create a group in LLDAP 2. assign users you want to be admin in pocket-id to that group 3. set your config Admin Group Name field to the group name 4. sync ldap ### Expected behavior members of the group in LLDAP specified in the 'Admin Group Name' in Pocket-ID config should be granted admin privileges in Pocket-ID ### Actual Behavior no users are made admins ### Version and Environment Version: 1.5.0 Env: Docker I'm not a GO dev, or familiar with the inner workings of LDAP, but I did spot a hard-coded attribute name in the code that checks for admins. ldap_service.go:332 ``` isAdmin := false for _, group := range value.GetAttributeValues("memberOf") { if getDNProperty(dbConfig.LdapAttributeGroupName.Value, group) == dbConfig.LdapAttributeAdminGroup.Value { isAdmin = true break } } ``` Should that 'memberOf' be the 'Group Members Attribute' defined in the config (or env: LDAP_ATTRIBUTE_GROUP_MEMBER)? For LLDAP it is 'member' which would explain why my admin access is not being granted. ### Log Output _No response_

AtHeartEngineer closed this issue

2025-07-08 08:37:31 -04:00

AtHeartEngineer added the bug bug labels 2025-07-08 08:37:33 -04:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/pocket-id#11