After LDAP auth in the Dashboard dosn't see username

Configuration Frontend
1

Hello everyone,
i have set up the LDAP authentication as follows:
configuration.yaml

homeassistant:
  auth_providers:
  - type: command_line
    command: /config/ldap-auth.py
    meta: true

ldap-auth.py

#!/usr/bin/env python3

import os
from ldap3 import Server, Connection, ALL, core

SERVER = "ldaps://192.168.20.20"
USERDN = "uid={},ou=users,dc=example,dc=com"
BASEDN = USERDN
FILTER = "(objectClass=person)"
NAME_ATTR="uid"
ATTRS=[NAME_ATTR]

if 'username' not in os.environ and 'password' not in os.environ:
    print("Need username and password environment variables!")
    exit()

USERDN = USERDN.format(os.environ['username'])
BASEDN = BASEDN.format(os.environ['username'])

server = Server(SERVER, get_info=ALL)
try:
    conn = Connection(server, USERDN, password=os.environ['password'], auto_bind=True)
    #print("whoami: {}".format(conn.extend.standard.who_am_i()))
    search = conn.search(BASEDN, FILTER, attributes=ATTRS)
    if search:
        #print("Search success: {}".format(conn.entries))
        print(f"name=%s"%(conn.entries[0][NAME_ATTR]))
        exit(0)
    else:
        print("LDAP bind succeded, but search yielded empty result")
        exit(1)
except core.exceptions.LDAPBindError as e:
    print(e)
    exit(1)

Why do I only see a question mark at the bottom left of the dashboard? When I click on this I see the following text at the top: “You are currently logged in as”. The username is not passed. But I don’t know why?
Greetings from Stefan Harbich

2

Do I need to include this information in my script?
When meta: true is set in the auth provider’s configuration, your command can write some variables to standard output to populate the user account created in Home Assistant with additional data. These variables have to be printed in the form:

name = John Doe
group = system-users
local_only = true

Leading and trailing whitespace, as well as lines starting with # are ignored. The following variables are supported. More may be added in the future.

  • name: The real name of the user to be displayed in their profile.
  • group: The user group uses the value system-admin for administrator (this is the default) or system-users for regular users.
  • local_only: The user can only log in from the local network if you set the value to true. If you do not define this variable, the user can log in from anywhere.

Stderr is not read at all and just passed through to that of the Home Assistant process, hence you can use it for status messages or suchlike."

3

There was an error in the script. The letter “f” was wrong.

--- print(f"name=%s"%(conn.entries[0][NAME_ATTR]))
+++ print("name=%s"%(conn.entries[0][NAME_ATTR]))