LDAP search looks for empty attribute causing it to fail

I’ve been trying to tryout Gitea for the past 3 hours but been stuck on getting LDAP to work. LDAP integration with 4 other services works just fine, but not with Gitea.

When attempting to login, an error message is shown ‘Username or password is incorrect’. The password is correct.

Looking at the server logs with traces enabled, I noticed that it’s looking for empty attributes causing an error ‘(LDAP Result Code 32 “No Such Object”: )’

2022/03/23 16:42:05 ...dap/source_search.go:138:bindUser() [T] Binding with userDN: uid=X1,ou=X2,ou=X3,dc=X4,dc=X5
2022/03/23 16:42:05 ...dap/source_search.go:144:bindUser() [T] Bound successfully with userDN: uid=X1,ou=X2,ou=X3,dc=X4,dc=X5
2022/03/23 16:42:05 ...dap/source_search.go:284:SearchEntry() [T] Fetching attributes 'uid', 'givenName', 'sn', 'mail', '', '', '' with filter '(&(objectClass=posixAccount)(uid=X1))' and base 'uid=X1,ou=X2,ou=X3,dc=X4,dc=X5'
2022/03/23 16:42:05 ...dap/source_search.go:291:SearchEntry() [E] LDAP Search failed unexpectedly! (LDAP Result Code 32 "No Such Object": )
2022/03/23 16:42:05 ...vices/auth/signin.go:108:UserSignIn() [D] Failed to login 'X1' via 'XXX': user does not exist [uid: 0, name: X1, keyid: 0]

This seems like a bug. Has anyone else experienced this?

Found how I can prevent this issue:

  • Enable “fetch attributes in bind dn context” which is disabled by default

There should be some kind of documentation on this on the authentication doc page.