From b0df982f0f965452a6dc38d1b6e56c7570244466 Mon Sep 17 00:00:00 2001 From: Hannah Cooper Date: Wed, 18 Feb 2026 19:51:52 +0000 Subject: [PATCH] GITBOOK-71: OpenLDAP FAQ addition --- SUMMARY.md | 1 + ...are-not-auto-populating-portainer-teams.md | 21 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 faqs/troubleshooting/access-and-authentication/ldap-groups-are-not-auto-populating-portainer-teams.md diff --git a/SUMMARY.md b/SUMMARY.md index 59a58c72..9ec4de85 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -352,6 +352,7 @@ * [Client sent an HTTP request to an HTTPS server](faqs/troubleshooting/access-and-authentication/client-sent-an-http-request-to-an-https-server.md) * [Unable to Authenticate After Portainer Update](faqs/troubleshooting/access-and-authentication/unable-to-authenticate-after-portainer-update.md) * [Unable to Login via LDAP in Portainer](faqs/troubleshooting/access-and-authentication/unable-to-login-via-ldap-in-portainer.md) + * [LDAP Groups are not auto-populating Portainer teams](faqs/troubleshooting/access-and-authentication/ldap-groups-are-not-auto-populating-portainer-teams.md) * [Agents and environment management](faqs/troubleshooting/agents-and-environment-management/README.md) * [How can I move existing Edge Agent deployments to a new Portainer Server instance?](faqs/troubleshooting/agents-and-environment-management/how-can-i-move-existing-edge-agent-deployments-to-a-new-portainer-server-instance.md) * [Why can't my agents communicate with Portainer on Swarm?](faqs/troubleshooting/agents-and-environment-management/why-cant-my-agents-communicate-with-portainer-on-swarm.md) diff --git a/faqs/troubleshooting/access-and-authentication/ldap-groups-are-not-auto-populating-portainer-teams.md b/faqs/troubleshooting/access-and-authentication/ldap-groups-are-not-auto-populating-portainer-teams.md new file mode 100644 index 00000000..2adf8c03 --- /dev/null +++ b/faqs/troubleshooting/access-and-authentication/ldap-groups-are-not-auto-populating-portainer-teams.md @@ -0,0 +1,21 @@ +# LDAP Groups are not auto-populating Portainer teams + +**Issue:** + +Users find that LDAP authentication succeeds and **Display User/Group matching** correctly shows group membership, but the user is not automatically added to the corresponding Portainer team on login. + +**Cause:** + +Portainer team synchronization requires distinguished name (DN)-based group membership. + +* `posixGroup` + `memberUid` → Group detection works, but Team sync does not assign users +* `groupOfNames` + `member` → Fully supported for Team auto-assignment + +**Resolution:** + +To resolve this issue, update the LDAP group configuration to use DN-based membership. + +``` +objectClass: groupOfNames +member: +```