Closes#72
So, #72 is about a segfault in the LDAP outpost, but this is the actual
culprit[0]:
* Both server & worker share the same configuration in this setup.
* Since 2025.8 this means that both try to start a server for metrics at
port 9300 and an HTTP server (in the worker case for healthchecks) at
port 9000.
* On upgrades, migrations are performed. Only the server waited for the
migrations to finish, hence the worker started up earlier. As a
result, it was quicker in binding port 9000 in ONLY this case (and
thus, this was never reproducible on a second attempt!). Now, on port
9000 was NOT the authentik server, but something that returned an
empty response for everything that's not the healthcheck.
* As a result, the LDAP outpost got a response from what it believed was
authentik, but actually `nil, nil` because of the empty response.
Trying to dereference values from that response[1] caused the
segfault.
The fix is pretty easy, just override the listen ports via the
environment. Unfortunately, the docs[2] are apparently not entirely correct[3],
given the Python code it must be LISTEN__LISTEN_HTTP[4]. I added a
test-case to ensure that the config is properly applied.
[0] Reported as https://github.com/goauthentik/authentik/issues/16850
[1] 57e12cef06/internal/outpost/ak/api.go (L95)
[2] https://docs.goauthentik.io/install-config/configuration/#listen-settings
[3] Reported as https://github.com/goauthentik/authentik/issues/16851
[4] 57e12cef06/authentik/lib/config.py (L238)
6a080328a3