core-8.7.80 breaks LDAP groups on Debian 9 /w OpenLDAP
-
After upgrading to core-8.7.80, Kopano is no longer able to look up the group memberships of Kopano users + Kopano groups have no members (tested on Debian 9 AMD /w OpenLDAP). Works perfectly if I restore the VM with a snapshot to roll back to the previous version of Kopano.
kopano-cli --user “chris”
Name: chris Full name: XYZ Chris Email address: chris@domain.tld Active: yes Administrator: yes Address Book: visible Features: mobile; outlook; webapp Store: 84968309FFD0446997A168846BDFF5C4 Store size: 1012.61 MB Send-as: Delegation: Auto-accept meeting requests: no Auto-process meeting request: yes Out-Of-Office: disabled Current user store quota settings: Quota overrides: yes Warning level: unlimited Soft level: unlimited Hard level: unlimited Groups (1): Groupname ---------------- Everyone Permissions:kopano-cli --group “Domain Users”
Name: Domain Users Email address: users@domain.tld Address Book: visible Send-as: Users (0): User Full Name Homeserver Store --------------------------------------------------------------------------------------------------- -
That works for me with 8.7.80.168-0+43.1
-
Apparently the cause were old ldap*.cfg config files. I have restored the most recent ldap.cfg and ldap.openldap.cfg from /usr/share/kopano and applied the required changes, so I can connect to my LDAP again. That solved the issue.
-
That reads like you were doing adjustments to the ldap configuration below /usr/share. User modified files should always reside in /etc
-
Actually no. I am using the memberOf overlay in my OpenLDAP settings which require changes in ldap.openldap.cfg. However, after every core update I had my ldap.openldap.cfg overwritten in /usr/share/kopano which led me to the idea, to copy the ldap*.cfg files to /etc/kopano and change the file paths to /etc/kopano instead of using /usr/share/kopano.
-
@chris said in core-8.7.80 breaks LDAP groups on Debian 9 /w OpenLDAP:
Actually no. […] after every core update I had my ldap.openldap.cfg overwritten in /usr/share/kopano
You are conflicting with yourself.
I’ll repeat: you should only make adaptations to your ldap configuration in
/etc/kopano, the default file to use there is/etc/kopano/ldap.cfg. This is also a topic in the Kopano admin manual at https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#configure-kopano-for-user-management-with-ldap-e-g-openldap-ads. We have recently rewritten this to streamline the configuration process a bit.
