Mailcow Nightly, external idp, keycloak, ldap

deisler

Hi.
I tried to configure authorization using this instruction via external ip keycloak and using active directory.
https://mailcow.email/posts/2023/mailcow-idp

The created test user in keycloak is authorized and logged in to mailcom, a mailbox is created.

I also made all the settings regarding the Automatic User Provisioning section.
But after logging in to keycloak, the user is transferred to the main page of mail cow, there is no login, the mailbox is not created.

My user federation settings:
Users DN: ou=office,dc=infra,dc=server,dc=com
Username LDAP attribute: userPrincipalName
KW LDAP attribute: ct
UUID LDAP attribute: objectGUID
User object classes: user, person, userPrincipalName
User LDAP filter: empty

I must have set up something wrong here, please tell me.

esackbauer

What do the logs say?

deisler

esackbauer
mailcow after redirect say: invalid username or password

nginx:
[10/Oct/2023:15:05:23 +0300] “GET /?state=12db0891cd68b12f5151566d065d4edf&session_state=d6c69eff-3c30-4662-80af-4a4c12a23177&code=f6055e8b-b00e-4f0a-a292-0652cbba5628.d6c69eff-3c30-4662-80af-4a4c12a23177.8d8ed13f-6f63-454c-bebf-28bbdf6c61f3 HTTP/2.0” 200 14066 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0”
[10/Oct/2023:15:05:24 +0300] “GET /cache/58e94ec433ae659ece16a1cb645d75ca925785d2.css HTTP/2.0” 200 175916 “https://mail.server.com/” “Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0”
[10/Oct/2023:15:05:24 +0300] “GET /api/v1/get/passwordpolicy/html HTTP/2.0” 200 20 “https://mail.server.com/” “Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0”

phpfpm:
10/Oct/2023:15:05:21 +0300 “HEAD /settings.php” 304
10/Oct/2023:15:05:18 +0300 “GET /index.php” 200
10/Oct/2023:15:05:23 +0300 “GET /resource.php” 200
10/Oct/2023:15:05:24 +0300 “GET /json_api.php” 200
`