Awx: LDAP authentication settings don't persist when "LDAP Group Type" equals "ActiveDirectoryGroupType".

Is there any error in your web console?

I've suffered this issue, too. And successfully configured LDAP with correctly filling in required fields(related Riccardo1976's comment ) and left the LDAP GROUP TYPE PARAMETERS field blank or {}, not sure about this now , because I returned back to 1.0.5 ...

Looks like I get a 400 status with the following response from the api.

{AUTH_LDAP_GROUP_TYPE_PARAMS: ["Invalid key(s): "member_attr"."]}

Same here. Fresh install. Lost the entire page of settings despite saving a dozen times.
Turns out it quietly whines about

AUTH_LDAP_GROUP_TYPE_PARAMS: ["Invalid key(s): "member_attr"."]

in the background.

Unsuccessful attempts to save should trigger a very obvious error message.
And the default input of fields should not be invalid.

I can confirm that @zhangtiny123's workaround with changing the field LDAP GROUP TYPE PARAMETERS to {} works in 1.0.6.7

So I just built 1.0.6.8 and was getting invalid credentials being reported for my bind account. Setting the LDAP Group Parameters to {} fixed this as well.

@KyleTheAutomator @zhangtiny123 @mprasil we've just released 1.0.7, which we believe resolves the underlying issue here. You can try it out here: https://github.com/ansible/awx/releases/tag/1.0.7

Let us know if you're still seeing this issue after installing the latest awx - thanks!

I am using "AWX 1.0.7.2". I get the same error when I have:

{
 "member_attr": "member",
 "name_attr": "cn"
}

in LDAP GROUP TYPE PARAMETERS. After I remove "member_attr": "member", save works as expected.

1.0.7.2 also, and also get the same error : Invalid key(s): "member_attr".

If i remove the entry : "member_attr": "member" i can save the configuration, but ldap is not working

I get this in the logs when the "member_attr": "member", line is added:

2018-09-29 08:52:25,658 WARNING  awx.api.generics status 400 received by user user1 attempting to access /api/v2/settings/all/ from 172.17.0.1

@jmnguye your 'LDAP not working' issue is probably unrelated. Try look at the logs with: docker logs -f awx_web

@theodotos yeah, you were write, this was due to the fact that i made an export/import with tower-cli for the users, it does import your account object, but it doesn't keep the binding to ldap, so it's like having an "unknown" account, after deleting my account and reconnecting, it went ok.

Regarding the error message you get, i also get the same one :
2018-10-02 15:42:26,539 WARNING awx.api.generics status 400 received by user jmnguye attempting to access /api/v2/settings/all/ from 192.168.12.64

The only way for me to add it, was by updating the DB, i had a field where i was able to add it on my sandbox environment. But for some unexpected reason, in another environement in 1.0.7.2 i didn't had the field....

I have still this issue with awx 3.0.1.0. I can not save LDAP settings if I fill the member_attr field of AUTH_LDAP_GROUP_TYPE_PARAMS.
The only messages that appear in logs are:

2019-03-14 17:11:11,141 WARNING awx.api.generics status 400 received by user admin attempting to access /api/v2/settings/all/ from 172.x.x.x
[pid: 136|app: 0|req: 29/313] 172.x.x.x () {54 vars in 2460 bytes} [Thu Mar 14 17:11:10 2019] PATCH /api/v2/settings/all/ => generated 68 bytes in 211 msecs (HTTP/1.1 400) 10 headers in 410 bytes (1 switches on core 0)
172.x.x.x - - [14/Mar/2019:17:11:11 +0000] "PATCH /api/v2/settings/all/ HTTP/1.1" 400 68 "http://172.x.x.x:8080/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "-"

I think that this issue should be reopened.

Still exists in 4.0.0

Still exist in 4

Still exists in 6.0.0:
2019-07-09 10:48:13,718 WARNING awx.conf.settings The current value "{'name_attr': 'cn', 'member_attr': 'member'}" for setting "AUTH_LDAP_GROUP_TYPE_PARAMS" is invalid.
Traceback (most recent call last):
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/awx/conf/settings.py", line 423, in _get_local
return field.run_validation(value)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/rest_framework/fields.py", line 535, in run_validation
value = self.to_internal_value(data)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/awx/sso/fields.py", line 504, in to_internal_value
self.fail('invalid_keys', invalid_keys=keys_display)
File "/opt/rh/rh-python36/root/usr/lib/python3.6/site-packages/rest_framework/fields.py", line 597, in fail
raise ValidationError(message_string, code=key)
rest_framework.exceptions.ValidationError: [ErrorDetail(string='Invalid key(s): "member_attr".', code='invalid_keys')]
2019-07-09 10:48:13,767 DEBUG awx.main.dispatch publish awx.main.tasks.handle_setting_changes(e8fa7410-7a1a-4c7a-abc4-b99817a9bc59, queue=tower_broadcast_all)

Still exists in 7.0.0. Why is this closed?

Just an update: Still present in 8.0.0

can confirm.
To be clear if I can get LDAp to wrk with a different group type then it will save in the database (aka back up and restore of PGDB will save settings?

i'm facing for the same issue, someone have a workaround or a expected fix?

i'm facing for the same issue, someone have a workaround or a expected fix?

now solved, changing "AUTH_LDAP_GROUP_TYPE": "GroupOfNamesType", to "MemberDNGroupType"

If you check django documentation here https://django-auth-ldap.readthedocs.io/en/latest/reference.html

You ll see the possible parameters for GroupOfNamesType and MemberDNGroupType, then is not possible to use "member_attr" on "GroupOfNamesType"

I tried this bellow and worked for my ldap use

"AUTH_LDAP_GROUP_TYPE": "MemberDNGroupType",
"AUTH_LDAP_GROUP_TYPE_PARAMS": {
    "member_attr": "uniqueMember",
    "name_attr": "cn"
},