sources/ldap: align group membership mapping with memberUid by using 'uid'

[william-code87]

Details

Replaced LDAP_UNIQUENESS with 'uid' as membership_mapping_attribute in authentik/sources/ldap/sync/membership.py to ensure correct resolution of group memberships when syncing from LDAP directories using memberUid (e.g., OpenLDAP).

---

🔍 Rationale

• memberUid in Group objects typically refers to uid in User objects.
• The current implementation only supports cn or entryUUID, which causes group membership resolution to fail.
• By explicitly using 'uid', this PR ensures proper synchronization of group memberships without requiring schema modifications or workarounds.

---

✅ Impact

• Fixes group sync issues in OpenLDAP-based environments.
• Improves compatibility with a wider range of LDAP setups (OpenLDAP, FreeIPA, Active Directory).
• Reduces administrative overhead and avoids attribute duplication.

---

Closes #13206

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	b64512b
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/680f75cd9b8ec2000871b084
😎 Deploy Preview	https://deploy-preview-14162--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	b64512b
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/680f75cd3df0e30008fa77d9
😎 Deploy Preview	https://deploy-preview-14162--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[codecov]

Codecov Report

Attention: Patch coverage is 16.66667% with 10 lines in your changes missing coverage. Please review.

Project coverage is 86.30%. Comparing base (bedf548) to head (c1a2ead).
Report is 74 commits behind head on main.

Files with missing lines	Patch %	Lines
authentik/sources/ldap/sync/membership.py	16.66%	10 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (bedf548) and HEAD (c1a2ead). Click for more details.

HEAD has 2 uploads less than BASE

Flag	BASE (bedf548)	HEAD (c1a2ead)
unit	10	8

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #14162      +/-   ##
==========================================
- Coverage   92.74%   86.30%   -6.45%     
==========================================
  Files         799      809      +10     
  Lines       41232    41543     +311     
==========================================
- Hits        38241    35853    -2388     
- Misses       2991     5690    +2699     

Flag	Coverage Δ
e2e	47.79% <16.66%> (+0.09%)	⬆️
integration	24.38% <0.00%> (+0.28%)	⬆️
unit	83.69% <0.00%> (-6.92%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[rissson]

why is uv.lock changing? why is some code in web/tools/ changing?

[william-code87]

I believe the unrelated code changes were caused by running black . during development. I’ll go ahead and revert those to keep the PR focused. Thanks for pointing that out!

[william-code87]

Hi maintainers, 👋

I've updated the LDAP group membership sync logic to correctly handle memberUid -> uid mapping.
All local LDAP-related tests (authentik/sources/ldap/) have passed successfully. ✅

Requesting approval to continue with full CI test runs.

Thank you for your time and feedback!

[william-code87]

Hi, sorry for the earlier issue — I realized I missed updating one line in membership.py before pushing to GitHub.
Specifically, I mistakenly left a users.count() call which caused a TypeError during the test_sync_groups_openldap_posix_group test, as it should have been len(users) since users is a list, not a QuerySet.
I've corrected it to len(users), re-ran the affected tests locally, and confirmed that they now pass.
Appreciate your review — this should resolve the failing test cases. 🙏