I didn’t get it working, here is the message. Not sure if it is ldap issue, AD issue or binding issue.

t=2022-05-10T15:15:05+0800 lvl=eror msg=“Cannot bind user cn=jungunkim,dc=nk,dc=acme,dc=com with LDAP” logger=ldap error=“invalid username or password”
t=2022-05-10T15:15:05+0800 lvl=eror msg=“Invalid username or password” logger=context userId=0 orgId=0 uname= error=“invalid username or password” remote_addr=10.0.0.1

Here is the configuration in ldap.toml
[[servers]]

host = “ldaps.nk.acme.com”
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
bind_dn = “cn=%s,dc=nk,dc=acme,dc=com”

search_filter = “(sAMAccountName=%s)”
search_base_dns = [“dc=nk,dc=acme,dc=com”]
group_search_base_dns = [“dc=nk,dc=acme,dc=com”]

[servers.attributes]
username = “sAMAccountName”
member_of = “memberOf”
email = “mail”
name = “displayName”

Have you tried search_filter = “(cn=%s)” instead of search_filter = “(sAMAccountName=%s)”?

Hi,

for AD you have to set bind_dn as below:
bind_dn = “yourdomain\%s”

in your example it will be “nk\%s” i think.
its not easy to find in Documentation but i found it on some Group and it helps for me.

search_filter = “(sAMAccountName=%s)” is ok,
group_search_base_dns i didn’t use.

Best regards!