Some users in Lenses with LDAP are unable to login ("Invalid LDAP regex" error)

Some users are able to connect while others aren’t, and the following error message keeps appearing:

WARN [i.l.s.l.LdapMemberOfUserGroupPlugin] [] Invalid LDAP regex ‘(?i)cn=([-\w]+),(?:ou=Kafka_company,)?ou=groups_company,dc=ldap,dc=lenses,dc=local$’. Could not match:cn=groupWrite,ou=groups,dc=ldap,dc=lenses,dc=local
2024-01-31 14:31:31,199 ERROR [a.a.ActorSystemImpl] [] Exception when handling request by: [login] POST /api /login {body as application/json (UTF-8)} → status code - possible codes (Map()) {body as text/plain (UTF-8)}/{body as text/plain (UTF-8)} User [user_company] groups do not match any ones defined in Lenses. When using LDAP, this means there is no group registered in Lenses which matches the groups the user is linked to in LDAP. As a result the login is rejected
at flatMap @
2024-01-31 14:31:31,219 INFO [a.a.ActorSystemImpl] [] Request: POST->http:// localhost:9991/api/login returned 500 Internal Server Error in 457ms

How can I solve this?

Hello Edward_k,

The issue according to this error message is your regex used to extract the groups. You need to ensure that the groups that exist on the LDAP server are the same as those that will be extracted by the regex. The error message portion:

“Invalid LDAP regex '(?i)cn=([-\w]+),(?:ou=Kafka_company,) ou=groups_company,dc=ldap,dc=lenses,dc=local$'. Could not match:cn=groupRead,ou=groups,dc=ldap,dc=lenses,dc=local”

shows that the “ou=groups_company” configured in Lenses is not the same as what is received from the LDAP server “ou=groups”. You need to modify the regex in the Lenses configuration to extract the same “ou” configured on the LDAP server. Additionally, it’s possible to identify that this happened with the user “userW” by looking at the error message a bit further: User [userW] groups do not match any ones defined in Lenses”.

The documentation provides more detailed information on LDAP configuration in Lenses: Lenses LDAP authentication | Documentation.