[1.17.0-rc1] Update from 1.16.x with LDAP-AUTH issue

[gd197]

Description

I've performed an upgrade from 1.16.5 to 1.17.0-rc1 with LDAP authentication through active directory.
This configuration has already supported several upgrades since 1.13.x
Following the upgrade, the authentication was not working anymore with the log message
[62b5b74b] Failed authentication attempt for xxxxx from 152.30.x.xx:0: user does not exist [uid: 0, name: xxxxx, keyid: 0]
I've solved the issue by changing the BINDDN form from
cn=svc-search,dc=domain,dc=com
to
svc-search@domain.com
The "cn=" form was working for me since several upgrades and nothing prevent me to perform the update of configuration before migrating

Gitea Version

1.17.0-rc1

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

2.9.3

Operating System

RHEL 7.9

How are you running Gitea?

Used amd64 build from github release

Database

MySQL

[zeripath]

I am unaware of any changes to the authentication code that would cause this between 1.16 and 1.17. Hmm... What username are you logging in with? Is it an email address, or does it contain nonalphanumeric characters?

To investigate further we'd need at least debug level logging in fact likely trace logging with EXPRESSION=ldap

A single line of logging stating a failed authentication attempt is inadequate to further investigate.

[gd197]

I was logging in usually with my sAMAccountName no special characters in but I also tried with emails an it was working also in previous version. It really looks like the search operation performed by the BIND DN account has failed when upgrading ad changing to the email form solved it (that is the only operation I performed). I can reproduce the problem, just need to understand how to configure the logger properly in my few spare time.