kopano-admin --sync ignoring my settings in ldap.cfg?

burgessja

Hello,
I am attempting to connect our Kopano installation to a rather large LDAP Database. It contains over 12,000 user entries, however only 2,250 are going to be logging into Kopano, and have the “kopano-user” objectClass set. However, when I attempt to run a sync, it reports that 9456 entries were found, and then it bails out with the error “Administrative Limit Exceeded”.

In my ldap.cfg file, I changed the user attribute value to kopano-user, and set the search filter to exclude an objectClass that will never apply to kopano users.

ldap.cfg:
dap_object_type_attribute = objectClass
ldap_user_type_attribute_value = kopano-user
ldap_user_search_filter = (!(objectClass=ipaOverrideTarget))
ldap_group_type_attribute_value = groupofnames
ldap_contact_type_attribute_value = kopano-contact
ldap_company_type_attribute_value = kopano-company
ldap_addresslist_type_attribute_value = kopano-addresslist
ldap_dynamicgroup_type_attribute_value = kopano-dynamicgroup

ldap_user_unique_attribute = uid
ldap_user_unique_attribute_type = text
ldap_fullname_attribute = cn
ldap_loginname_attribute = uid
ldap_emailaddress_attribute = mail
ldap_emailaliases_attribute = kopanoAliases
ldap_password_attribute = userPassword
ldap_isadmin_attribute = kopanoAdmin
ldap_nonactive_attribute = kopanoSharedStoreOnly

Verbose command output:
kopano-admin -c /etc/kopano/dagent.cfg --sync -vvvvvv
[debug ] Initializing provider “Kopano Directory Service”
[debug ] Initializing provider “Private Folders”
[debug ] Initializing provider “Public Folders”
User/group synchronization failed: “object” not found
Using the -v option (possibly multiple times) may give more hints.

Server.log:
Tue Jul 3 16:07:37 2018: [ 20006] plugin: Trying to connect to ldap://172.16.16.51:389
Tue Jul 3 16:07:37 2018: [ 20006] plugin: Issuing LDAP bind
Tue Jul 3 16:07:37 2018: [ 20006] plugin: ldaptiming [00000.00] connected to ldap
Tue Jul 3 16:07:40 2018: [ 20006] plugin: ldaptiming [00000.00] (“dc=int,dc=domain,dc=net” “(|(|(objectClass=posixAccount)(objectClass=kopano-contact))(objectClass=kopano-contact)(|(objectClass=posixGroup)(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist))))” objectClass kopanoSharedStoreOnly kopanoResourceType kopanoSecurityGroup uidNumber gidNumber ou gidNumber cn modifyTimestamp ), results: 9456
Tue Jul 3 16:07:49 2018: [ 20006] Previous message logged 3 times
Tue Jul 3 16:07:49 2018: [error ] LDAP query in “dc=int,dc=domain,dc=net” failed: (|(|(objectClass=posixAccount)(objectClass=kopano-contact))(objectClass=kopano-contact)(|(objectClass=posixGroup)(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist)))) (result=0x0b, Administrative limit exceeded)
Tue Jul 3 16:07:49 2018: [warning] K-1502: Unable to retrieve list from external user source: ldap_search_ext_s: Administrative limit exceeded
Tue Jul 3 16:07:49 2018: [error ] Error synchronizing user list: 8000001D

Am I missing something? it looks like the LDAP query didn’t use any of my settings in ldap.cfg at all.

fbartels

For that amount of users you surely want to get in contact with our support instead of relying on community support.