Hi all,
I have installed and configured peertube-plugin-auth-ldap with an Active Directory backend.
When I try to log in with a domain user, I see the following in the logs:
info: Login success with auth method ldap of plugin peertube-plugin-auth-ldap for myuser
info: Bypassing oauth login by plugin peertube-plugin-auth-ldap
warn: Login error {
"err": {
"stack": "invalid_grant: Invalid grant: user credentials are invalid\n at handlePasswordGrant (file:///app/dist/core/lib/auth/oauth.js:112:15)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n
at async handleToken (file:///app/dist/core/controllers/api/users/token.js:32:23)",
"message": "Invalid grant: user credentials are invalid",
"statusCode": 400,
"status": 400,
"code": 400,
"name": "invalid_grant"
}
}
info: (...) "POST /api/v1/users/token HTTP/1.0" 400 271 "https://my.domain.tld/login" "Chrome"
error: Client log: Backend returned code 400, errorMessage is Invalid grant: user credentials are invalid {
"userAgent": "(...)",
"meta": "(...)",
"url": "https://my.domain.tld/login"
}
To me it looks like the user is correctly authenticated by Active Directory, but something goes wrong with the handling of authentication tokens, leading to a login error.
Does anyone have an idea about what the issue might be?
Additional info:
- I’m using Global Catalog on port 3269
- Search filter: (&(objectClass=user)(sAMAccountName={{username}}))
- Username property: sAMAccountName
- PeerTube is running in an airgapped Kubernetes cluster based on the supplied docker-compose file and container images