Active Directory Federation Group Membership Sync is not working. #17381
Description
Describe the bug
The groups and users are created in Authentik. However, group assignment does not work and the groups remain empty. I have already tested various settings. Unfortunately, none of them worked.
I can see the attributes via ldapsearch.
I also tried my own group mappings. Unfortunately, without success.
Expected behavior
Users are members from groups
Screenshots
current Settings:
Logs
example Logs:
{
"event": "Received message authentik.sources.ldap.tasks.ldap_sync_page(UUID('12005832-d59a-4d09-8135-77f6546459ad'), 'authentik.sources.ldap.sync.membership.MembershipLDAPSynchronizer', 'goauthentik.io/sources/ldap/page/ec4160bb-b6ab-4bdc-b0f3-e4f29fe5ab77') with id '6e654800-70bc-4a43-8b79-cfd0aea62c4b'.",
"level": "debug",
"logger": "dramatiq.worker.WorkerThread",
"timestamp": "2025-10-10T13:42:26.402065"
},
{
"event": "Received args=(UUID('12005832-d59a-4d09-8135-77f6546459ad'), 'authentik.sources.ldap.sync.membership.MembershipLDAPSynchronizer', 'goauthentik.io/sources/ldap/page/ec4160bb-b6ab-4bdc-b0f3-e4f29fe5ab77') kwargs={}.",
"level": "debug",
"logger": "authentik.sources.ldap.tasks.ldap_sync_page",
"timestamp": "2025-10-10T13:42:26.403395"
},
{
"domain_url": null,
"event": "Successfully updated group membership",
"level": "debug",
"logger": "authentik.sources.ldap.sync.base",
"pid": 51,
"schema_name": "public",
"source": "<LDAPSource: ad>",
"syncer": "MembershipLDAPSynchronizer",
"timestamp": "2025-10-10T13:42:26.444097"
}
Version and Deployment
- authentik version: 2025.8.4
- Deployment: helm over kubernetes