LDAP Outpost Constantly Restarting

[FirbyKirby]

Describe the bug
The LDAP outpost is stuck in a restart loop indefinitely.

To Reproduce
Steps to reproduce the behavior:

1. Set up an application that uses 2 providers such that the back channel is LDAP (for my issue, primary was OIDC.)
2. Deploy the LDAP outpost (if it's not already.)
3. Observe the log to see a loop of events stating "added outpost instance to cache," an API call to the outpost, and then "removed outpost instance from cache."
4. Observe the outpost container being removed and then added repeatedly.

Expected behavior
The LDAP outpost should remain deployed when an application has an LDAP provider configured for back channel.

Screenshots

Logs
Here is one example of the loop (this is all messages from this second of time in the authentik log.) This repeats periodically. I've stripped down the JSON to just the event, but can provide the full log on request.

06/03/2023 9:58:19 PM

    event=/api/v3/outposts/instances/ 

06/03/2023 9:58:19 PM

    event=/api/v3/root/config/ 

06/03/2023 9:58:19 PM

    event=/ws/outpost/ceaa76fe-50f4-446c-8ad8-70422d9a3e97/ 

06/03/2023 9:58:19 PM

    event=added outpost instance to cache 

06/03/2023 9:58:19 PM

    event=/api/v3/outposts/ldap/ 

06/03/2023 9:58:19 PM

    event=removed outpost instance from cache 

Version and Deployment (please complete the following information):

• authentik version: [e.g. 2023.5.3]
• Deployment: Unraid via docker (not docker-compose)

Additional context
When I edit the application to include just a single LDAP provider (removed the primary provider and "moved up" the LDAP back channel provider,) the issue resolves. The outpost deploys and stays deployed. LDAP authentication works, and the log entries stop.

Note that this issue seemed to begin after I upgraded to 2023.5.3. I was quick to pull that revision down because I was experiencing the issue detailed in Issue #5810, and resolved by PR #5812.

This issue was first opened in the Authentik discord and additional information can be found there.

Workaround
Set up two duplicate applications. One for each provider, and both with the same group permissions. Not ideal since duplicate applications on Authentik's user interface leads to confusion by users, but it's better then nothing.

[FirbyKirby]

After about a week of smooth LDAP outpost operation, I tried to set it as a back channel again last night with an OID provider as the primary provider. It worked great for hours, but when I returned to it this evening, the constant restarting (added and removed from cache as shown in the log) was back again. Could this have anything to do with the order things are started after a shutdown and restart? my server goes through a shutdown every night for a backup operation. The fact that it seemed to work well for hours, and then failed when I returned in the morning suggests the restart might have something to do with it?

In any case, I would love to get any feedback or advice on how to resolve this or troubleshoot it. It's currently got me stopped on my OID implementation.

[FirbyKirby]

OK, got a bit more info. Finally got a look at the restarting LDAP outpost container's logs. This is the reoccouring sequence of log entries.

06/10/2023 10:22:35 PM

    event=Loaded config from environment  level=debug  timestamp=2023-06-11T03:22:35Z 

06/10/2023 10:22:35 PM

    event=not enabling debug server, set `AUTHENTIK_DEBUG` to `true` to enable it.  level=info  logger=authentik.go_debugger  timestamp=2023-06-11T03:22:35Z 

06/10/2023 10:22:39 PM

    error=no ldap provider defined  event=Failed to run server  level=panic  timestamp=2023-06-11T03:22:39Z 

06/10/2023 10:22:39 PM

    event=finished shutdown  level=info  logger=authentik.outpost.ak-api-controller  timestamp=2023-06-11T03:22:39Z 

06/10/2023 10:22:39 PM
panic: (*logrus.Entry) 0xc00049e0e0
06/10/2023 10:22:39 PM
06/10/2023 10:22:39 PM
goroutine 1 [running]:
06/10/2023 10:22:39 PM
github.com/sirupsen/logrus.(*Entry).log(0xc00049e070, 0x0, {0xc0000ca120, 0x14})
06/10/2023 10:22:39 PM
	/go/pkg/mod/github.com/sirupsen/logrus@v1.9.2/entry.go:260 +0x4d6
06/10/2023 10:22:39 PM
github.com/sirupsen/logrus.(*Entry).Log(0xc00049e070, 0x0, {0xc000527c28?, 0x1029b20?, 0xc0002e60d0?})
06/10/2023 10:22:39 PM
	/go/pkg/mod/github.com/sirupsen/logrus@v1.9.2/entry.go:304 +0x4f
06/10/2023 10:22:39 PM
github.com/sirupsen/logrus.(*Entry).Panic(...)
06/10/2023 10:22:39 PM
	/go/pkg/mod/github.com/sirupsen/logrus@v1.9.2/entry.go:342
06/10/2023 10:22:39 PM
main.glob..func2(0x1aa53e0?, {0x11ad74a?, 0x0?, 0x0?})
06/10/2023 10:22:39 PM
	/go/src/goauthentik.io/cmd/ldap/main.go:79 +0x479
06/10/2023 10:22:39 PM
github.com/spf13/cobra.(*Command).execute(0x1aa53e0, {0xc00009e200, 0x0, 0x0})
06/10/2023 10:22:39 PM
	/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:944 +0x847
06/10/2023 10:22:39 PM
github.com/spf13/cobra.(*Command).ExecuteC(0x1aa53e0)
06/10/2023 10:22:39 PM
	/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:1068 +0x3bd
06/10/2023 10:22:39 PM
github.com/spf13/cobra.(*Command).Execute(...)
06/10/2023 10:22:39 PM
	/go/pkg/mod/github.com/spf13/cobra@v1.7.0/command.go:992
06/10/2023 10:22:39 PM
main.main()
06/10/2023 10:22:39 PM
	/go/src/goauthentik.io/cmd/ldap/main.go:90 +0x51

Seems to me that the operative error is "no ldap provider defined." Which is odd because there is most definitely an LDAP provider defined. One that works great when it's not a back channel. Any ideas?