Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    trouble on get kopano users / groups from active directory

    Kopano Groupware Core
    2
    5
    765
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Andre
      Andre last edited by

      Hello together,

      i try to use my active directory as user database following the guide
      on kopano documentation site: https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#id4

      After some trouble to find correct parameters to connect to the active directory and i thought i got it work, but if i want to fetch the users from the server with:

      #$ kopano-cli --list-users

      i got error in the logs:

      [info ] Auto-creating user from external source
      [warning] K-1534: Unable to create object in local database: user has no name

      You can find these error in the error-code section:
      https://kb.kopano.io/display/WIKI/K-XXXX+log+entries

      … but there is no additional description for that. So i have no idea, where the
      problem exists.

      The connection params for ldap seems to be correct. If i modify values (password, bind-user, search-base) i got en error in logfile, that ldap-auth-module could not be initialised. I also tried the same settings on command line with ldap-search, and this also works fine.
      With ldap-search i got an list of all relevant users in the ou, so i think that is
      not an authentification problem.

      I have 2 other questions regarding this:

      Is it needed to put the kopano base linux system as a domain member / join the domain with a computer-account or does the active directory-auth does work too without this step?

      What credentials needs an active directory user to bind and search inside ad? I tried with a standard user and got no successfull connection. After i switched the ldap-bind user to an domain-admin-account the search worked.

      Thanks for your help.

      Best regardings
      Andre

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @Andre last edited by

        Hi @Andre ,

        From what you describe we should be able to tell more, once you enable the user plugin diag logging in server.cfg. from the error description it sounds like the user you use to search the ldap, does not have enough permissions to read out all relevant user information (the error message strongly hints either towards the full name or username - I did not check the source code what is more likely).

        @andre said in trouble on get kopano users / groups from active directory:

        Is it needed to put the kopano base linux system as a domain member / join the domain with a computer-account

        No, unless you also want to work with Kerberos, this is not necessary.

        @andre said in trouble on get kopano users / groups from active directory:

        What credentials needs an active directory user to bind and search inside ad?

        The given user should have at least enough permission to list your users/groups along with all configured attributes.

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        Andre 1 Reply Last reply Reply Quote 0
        • Andre
          Andre @fbartels last edited by

          @fbartels said in trouble on get kopano users / groups from active directory:

          the error description it sounds like the user you use to search the ldap, does not have enough permissions to read out all relevant user information

          Thanks a lot. Your answers lets me thinking about it and i have had a look at the configuration examples in /usr/share/kopano. There was an example configuration file for active directory but inside this file, was no settings for ldap host and other needed settings.
          So in included the example file at the end of my ldap.cnf and now i got all users / groups.

          !include /usr/share/kopano/ldap.active-directory.cfg

          The only thing is that i now get all users, not only users that are enabled for kopano. From the 25 Users in AD only 20 have the flag “kopano user” enabled in the user-setting kopano-tab.
          I tried to set:

          ldap_user_search_filter = (kopanoAccount=1)

          … but this was overwritten with “(objectCategory=Person)” in the active-directory example configuration. After change the value inside that file, it was ok.

          So i have modified the default filter

          ldap_user_search_filter = (&(objectCategory=Person)(kopanoAccount=1))

          … and hope this way is the correct one.

          Andre

          1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano last edited by fbartels

            Hi @Andre,

            I just scrolled through our ldap documentation and it seems a bit more verbose (and therefore probably confusing) than it needs to be. the gist is the following:

            • you should copy /usr/share/doc/kopano/example-config/ldap.cfg to /etc/kopano/ldap.cfg
            • you should only modify files in /etc/kopano and no files below /usr/share to configure kopano or the ldap integration of kopano
            • in /etc/kopano/ldap.cfg you should switch the include statement according to your type of ldap and of course change your connection details.
            • if you then want/need to override a default (like your ldap_user_search_filter) then you should add this to /etc/kopano/ldap.cfg.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • Andre
              Andre last edited by

              Thanks for your reply. You made my day. :-)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post