LDAP Group Sync stopped working: Scans 0 users / 0 groups (all tests pass)

Troubleshooting
1

Summary
LDAP Group/Attribute Sync stopped working — every sync ends as Canceled with “Scanned 0 LDAP users and 0 groups,” even though all LDAP Wizard tests pass and there are no errors in pod logs.

Steps to reproduce

  1. Mattermost environment:

    • Versions tested: 10.9.1 → 10.10.1 → 10.11.1 (issue in all)

    • Deployment: Kubernetes

    • Database: PostgreSQL 15.8

    • LDAP provider: authentik

    • Auth method: SAML SSO (LDAP used only for sync; no direct LDAP logins)

  2. Configure LDAP Group Sync (valid BaseDN, user filters, attributes, group attributes — all pass tests in LDAP Wizard).

  3. Run Synchronize Now from System Console → LDAP Synchronization.

Expected behavior
Sync should find and process users and groups according to LDAP filters, updating group memberships and attributes in Mattermost.

Observed behavior

  • Sync immediately finishes as Canceled.

  • Details: Scanned 0 LDAP users and 0 groups.

  • All LDAP Wizard tests are successful:

    • Test Connection :white_check_mark:

    • Test Filters :white_check_mark:

    • Test Attributes :white_check_mark:

    • Test Group Attributes :white_check_mark:

  • ldapsearch with same filters returns expected users and groups.

  • RemoteId values for groups in DB match those returned by LDAP.

  • No errors in pod logs during sync.

2

Have you tried setting the log level to “debug” right before triggering a new scan? Are there any hints?