Enable ldap in our production environment getting error even though it is configured same as our test environment

rbooyer · February 2, 2026, 4:23pm

Please note i had to scrub some of this log output due to security concerns.

I enabled LDAP authentication with the same settings we are using in our test k8s cluster but there is some weird django errors and a mention that the transactions can’t complete until the end of the current ‘atomic block’

It looks like the ldap is authenticating fine but for some reason it errors out when it creates the organization and mapping groups.

I tried to manually create the organizations and the groups but it still won’t assign the users and get the same output.

If i remove the LDAP Organization map and LDAP Team map the user is allowed to login but for some reason when i add them back the error pops up.

LDAP Organization Map:
{
“removed organization”: {
“admins”: " removed info",
“remove_admins”: false,
“remove_users”: false,
“users”: false
}
}

LDAP Team Map:
{
“ADMINS”: {
“organization”: “removed organization”,
“remove”: true,
“users”: “removed Information”
}
}

Logs:

awx-prod-web 10.244.1.1 - - [02/Feb/2026:15:59:39 +0000] "GET /api/login/ HTTP/1.1" 200 5754 "<REMOVED INFORMATION>" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36" "128.206.119.195"
awx-prod-web [pid: 24|app: 0|req: 65/205] 10.244.1.1 () {62 vars in 1463 bytes} [Mon Feb  2 15:59:39 2026[] GET /api/login/ => generated 5754 bytes in 21 msecs (HTTP/1.1 200) 10 headers in 460 bytes (1 switches on core 0)
awx-prod-web 2026-02-02 15:59:39,980 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Binding as CN=<REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,102 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Invoking search_s('<REMOVED INFORMATION>', 2, '(CN=<REMOVE USERNAME>)')
awx-prod-web 2026-02-02 15:59:40,117 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap search_s('<REMOVED INFORMATION>', 2, '(CN=%(user)s)') returned 1 objects: cn=<REMOVE USERNAME>,<REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,117 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Binding as cn=<REMOVE USERNAME>,<REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,132 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Binding as CN=<REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,160 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap cn=<REMOVE USERNAME>,<REMOVED INFORMATION> is a member of <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,162 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Creating Django user <REMOVE USERNAME>
awx-prod-web 2026-02-02 15:59:40,162 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Populating Django user <REMOVE USERNAME>
awx-prod-web 2026-02-02 15:59:40,176 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap cn=<REMOVE USERNAME>,<REMOVED INFORMATION> is a member of <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,176 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap Invoking search_s('<REMOVED INFORMATION>', 2, '(&(objectClass=group)(member=cn=<REMOVE USERNAME>,<REMOVED INFORMATION>))')
awx-prod-web 2026-02-02 15:59:40,191 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap search_s('<REMOVED INFORMATION>', 2, '(&(objectClass=group)(member=cn=<REMOVE USERNAME>,<REMOVED INFORMATION>))') returned 1 objects: <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,196 INFO     [51ea4920039c41f59c3474c3dad951c1[] awx.sso.common LDAP adapter is creating org <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,334 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] awx.sso.common Created org <REMOVED INFORMATION> (id 59) from {'name': '<REMOVED INFORMATION>'}
awx-prod-web 2026-02-02 15:59:40,348 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] awx.sso.common Added default Ansible Galaxy credential to org
awx-prod-web 2026-02-02 15:59:40,351 INFO     [51ea4920039c41f59c3474c3dad951c1[] awx.sso.common LDAP adapter is creating team ADMINS in org <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,413 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap cn=<REMOVE USERNAME>,<REMOVED INFORMATION> is a member of <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,413 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] django_auth_ldap cn=<REMOVE USERNAME>,<REMOVED INFORMATION> is a member of <REMOVED INFORMATION>
awx-prod-web 2026-02-02 15:59:40,427 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] awx.sso.common LDAP adapter adding user <REMOVE USERNAME> to organization <REMOVED INFORMATION> as admin_role
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/core/handlers/exception.py", line 55, in inner
awx-prod-web     response = get_response(request)
awx-prod-web                ^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/core/handlers/base.py", line 197, in _get_response
awx-prod-web     response = wrapped_callback(request, *callback_args, **callback_kwargs)
awx-prod-web                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/usr/lib64/python3.11/contextlib.py", line 81, in inner
awx-prod-web     return func(*args, **kwds)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/views/generic/base.py", line 104, in view
awx-prod-web     return self.dispatch(request, *args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper
awx-prod-web     return bound_method(*args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/views/decorators/debug.py", line 92, in sensitive_post_parameters_wrapper
awx-prod-web     return view(request, *args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper
awx-prod-web     return bound_method(*args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/utils/decorators.py", line 134, in _wrapper_view
awx-prod-web     response = view_func(request, *args, **kwargs)
awx-prod-web                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/utils/decorators.py", line 46, in _wrapper
awx-prod-web     return bound_method(*args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/views/decorators/cache.py", line 62, in _wrapper_view_func
awx-prod-web     response = view_func(request, *args, **kwargs)
awx-prod-web                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/contrib/auth/views.py", line 90, in dispatch
awx-prod-web     return super().dispatch(request, *args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/views/generic/base.py", line 143, in dispatch
awx-prod-web     return handler(request, *args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/awx/api/generics.py", line 98, in post
awx-prod-web     ret = super(LoggedLoginView, self).post(request, *args, **kwargs)
awx-prod-web           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/views/generic/edit.py", line 152, in post
awx-prod-web     if form.is_valid():
awx-prod-web        ^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/forms/forms.py", line 201, in is_valid
awx-prod-web     return self.is_bound and not self.errors
awx-prod-web                                  ^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/forms/forms.py", line 196, in errors
awx-prod-web     self.full_clean()
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/forms/forms.py", line 434, in full_clean
awx-prod-web     self._clean_form()
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/forms/forms.py", line 455, in _clean_form
awx-prod-web     cleaned_data = self.clean()
awx-prod-web                    ^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/contrib/auth/forms.py", line 250, in clean
awx-prod-web     self.user_cache = authenticate(
awx-prod-web                       ^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/views/decorators/debug.py", line 42, in sensitive_variables_wrapper
awx-prod-web     return func(*func_args, **func_kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/contrib/auth/__init__.py", line 77, in authenticate
awx-prod-web     user = backend.authenticate(request, **credentials)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/awx/main/backends.py", line 14, in authenticate
awx-prod-web     return super().authenticate(request, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/contrib/auth/backends.py", line 46, in authenticate
awx-prod-web     user = UserModel._default_manager.get_by_natural_key(username)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/contrib/auth/base_user.py", line 54, in get_by_natural_key
awx-prod-web     return self.get(**{self.model.USERNAME_FIELD: username})
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/models/manager.py", line 87, in manager_method
awx-prod-web     return getattr(self.get_queryset(), name)(*args, **kwargs)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/models/query.py", line 633, in get
awx-prod-web     num = len(clone)
awx-prod-web           ^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/models/query.py", line 380, in __len__
awx-prod-web     self._fetch_all()
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/models/query.py", line 1881, in _fetch_all
awx-prod-web     self._result_cache = list(self._iterable_class(self))
awx-prod-web                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web 10.244.2.0 - - [02/Feb/2026:15:59:40 +0000] "POST /api/login/ HTTP/1.1" 500 145 "<REMOVED INFORMATION>" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/144.0.0.0 Safari/537.36" "128.206.119.195"
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/models/query.py", line 91, in __iter__
awx-prod-web     results = compiler.execute_sql(
awx-prod-web               ^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/models/sql/compiler.py", line 1562, in execute_sql
awx-prod-web     cursor.execute(sql, params)
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/backends/utils.py", line 67, in execute
awx-prod-web     return self._execute_with_wrappers(
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/backends/utils.py", line 80, in _execute_with_wrappers
awx-prod-web     return executor(sql, params, many, context)
awx-prod-web            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/backends/utils.py", line 83, in _execute
awx-prod-web     self.db.validate_no_broken_transaction()
awx-prod-web   File "/var/lib/awx/venv/awx/lib64/python3.11/site-packages/django/db/backends/base/base.py", line 531, in validate_no_broken_transaction
awx-prod-web     raise TransactionManagementError(
awx-prod-web django.db.transaction.TransactionManagementError: An error occurred in the current transaction. You can't execute queries until the end of the 'atomic' block.
awx-prod-web 2026-02-02 15:59:40,616 DEBUG    [51ea4920039c41f59c3474c3dad951c1[] awx.analytics.performance request: <WSGIRequest: POST '/api/login/'>, response_time: 0.674s

Topic		Replies	Views
AD authentification AWX Project awx	3	43	February 19, 2021
Having issues authenticating to Active Directory AWX Project awx , fedora	0	30	September 24, 2019
LDAP Organization Mapping AWX Project awx	0	26	June 30, 2020
LDAP login not working (AWX 15.0.1) AWX Project awx	4	33	April 21, 2021
LDAP issues with AWX AWX Project awx	6	170	October 2, 2020

Enable ldap in our production environment getting error even though it is configured same as our test environment

Related topics