Nested user attributes not exposed as valid LDAP attributes in LDAP Outpost
#16,954 opened on Sep 23, 2025
Repository metrics
- Stars
- (4,050 stars)
- PR merge metrics
- (Avg merge 3d 11h) (437 merged PRs in 30d)
Description
Describe the bug When exposing custom attributes via the LDAP outpost, nested attributes are not returned as individual LDAP attributes. Instead, they appear in a serialized map format that does not seem to comply with LDAP.
To Reproduce Steps to reproduce the behavior:
- Configure a user in Authentik with a custom attribute containing nested values, e.g. settings.locale = en.
- Query the user via the LDAP outpost using ldapsearch.
- Inspect the LDAP response.
See that the attribute is returned as a serialized map string rather than as a proper multi-valued LDAP attribute.
Expected behavior I would expect the LDAP outpost to flatten or map the nested attribute into standard LDAP attributes, for example:
settingsLocale: en
or
settings.locale: en
instead of:
settings: map[locale:en]
Version and Deployment (please complete the following information):
- authentik version: 2025.8.3
- Deployment: Docker
Additional context Add any other context about the problem here.