System Groups in GAB

Moin!

In Outlook with Z-Push in the global address book, many system groups are displayed in addition to the kopano users:

0_1525163104044_KopanoOLE-SystemGroups.jpg

I use the AD of Samba4.

The groups are not displayed in Webapp and Deskapp.

However… does anyone have a little hint or link for me? So I can understand where to start looking.

Greetings from the North Sea coast
Heinz

Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux
Samba 4.5.12-Debian
MariaDB 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Kopano-Server 8.6.80
Z-Push 2.4.1+0-0
Kopano OL Extension 2.0.294
Outlook 16

… Sorry for my bad English. Deepl.com is my friend… ;-)

@moin

Hi i think you’ll have to add the kopano group flag to the groups to be visible in webapp/deskapp

rg
Christian

Moin!

Oh, I may have written that misleadingly.

I want to hide the groups. It is good that they are not displayed in Webapp and Deskapp. Now they have to disappear from Outlook.

Viele Grüße
Heinz

Here I am again…

I have now played a little with z-push-admin. A little “z-push-admin -a resync -u doe -d ID”, a little “z-push-admin -a fixstates” and a little “clearloop”.

Then a “gab-sync” is executed.

Re-synchronizes the GAB in KOLE. After that some entries disappeared. The problem must be on the way from Outlook via KOLE via Z-Push.

The files z-push.log and z-push-error.log now only contain info messages.

Enough for today.

Tschüss!

Hi @moin ,

generally speaking the GAB in KOE should display the same amount of entries as the GAB in WebApp/DeskApp. With the one exception that while the WebApp GAB is automatically updated when a new user is added, for the KOE GAB you have to run the z-push-gabsync command to update the gab data for the sync.

Documentation for the gab-sync utility: https://wiki.z-hub.io/display/ZP/Configuring+GAB-Sync+for+Kopano+OL+Extension

To me it sound like:

  • you have these groups configured in Kopano (e.g. a kopano-cli --list-groups would list them as well)
  • in your ldap you have set these groups to be hidden (therefore then are not listed in WebApp)
  • you did not run z-push-gabsync -a sync after setting these groups to hidden (this is supported by the effect that after you ran the command these groups were removed from Outlook)

The resync, fixstates and clearloop commands did not make a difference in your case.

Moin @fbartels

I know your link and I installed and configured Z-Push exactly according to the instructions.

I have set up the GAB update as a daily cron job. I also updated the GAB manually again and again.

root@server:~# kopano-cli --list-groups
Group list for Default (11):
               Groupname
        ----------------
                Everyone
                 Familie
        xxxx-l-client-admins
           xxxx-l-family
            xxxx-l-music
           xxxx-l-office
            xxxx-l-photo
           xxxx-l-public
            xxxx-l-scool
            xxxx-l-video

root@server:~# z-push-gabsync -a sync

Starting GAB sync to store 'SYSTEM'  on id '12345678901234567890123456789000000000000000'
Kopano->clearAllNotCurrentChunkType: no invalid items, done!

Kopano->GetGAB(): Ignoring user 'kopano' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-client-admins' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-family' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-ibl' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-music' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-office' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-photo' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-public' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-scool' as account is hidden
Kopano->GetGAB(): Ignoring user 'xxxx-l-video' as account is hidden
Kopano->setChunkData: account-10/2      Entries: 1       Size: 774 B    CRC: 4758253656886003cde486be28b74a05  -  unchanged
Kopano->setChunkData: account-10/0      Entries: 1       Size: 625 B    CRC: 135f3b6c84e9a2b1ab122eaa764f0828  -  unchanged
Kopano->setChunkData: account-10/4      Entries: 1       Size: 765 B    CRC: e5f0baf861a2c3b09901d8a050c6f233  -  unchanged
Kopano->setChunkData: account-10/8      Entries: 1       Size: 655 B    CRC: 10e31cf88d8e4e5814637bf9cf8ec3bf  -  unchanged
Kopano->setChunkData: account-10/9      Entries: 1       Size: 648 B    CRC: 579f2eb69666409c4ebeded130eb71e9  -  unchanged
Kopano->setChunkData: account-10/7      Entries: 1       Size: 655 B    CRC: e0e599fa84b5aafe5de3c0f589d5860a  -  unchanged

Sync:
        Items in GAB:                   6
        Total data size:                4122 B

        Avg. of items per chunk:        1
        Min. of items per chunk:        1
        Max. of items per chunk:        1

        Avg. of size per chunk:         687 B
        Min. of size per chunk:         625 B
        Max. of size per chunk:         774 B

        Configured amout of chunks:     10
        Ideal amount by entries:        5
        Ideal amount by size:           5

These are the results of kopano-cli --list-groups and z-push-gabsync -a sync. The gabsync command says that some groups are hidden. In the following picture you can see that they are still displayed in the GAB For example xxxx-l-office. But others are also displayed. And they’re not in the ldap_search_base path.
0_1525296513620_KopanoOLE-SystemGroups2.jpg

I must have done something really wrong at first. Unfortunately, I have absolutely no idea what it could have been. But I think the result is a database that’s a little confused.

I would not like to reinstall the whole system. Is there a way to reset the Kopano database so that a new comparison with the Samba4 database cleans everything up? The system is not yet in use. I wanted to set it up and test it at home before I used it in the office. Good decision… ;-)

So long
Heinz

Hi Heinz,

did you change the ldap_search_base before the kopano server synced the users and groups or after? Have you tried z-push-gabsync -a delete and then z-push-gabsync -a sync?

@moin said in System Groups in GAB:

I also updated the GAB manually again and again.

What do you mean by this? How did you updated the GAB?

Manfred

Moin @manfred ,

@manfred said in System Groups in GAB:

did you change the ldap_search_base before the kopano server synced the users and groups or after? Have you tried z-push-gabsync -a delete and then z-push-gabsync -a sync?

My mistake was to start with the wrong ldap_search_base. Only after the first sync I adjusted the ldap_search_base correctly. After that, the system groups were always in GAB.

Yesterday I built up a new database. With the new database, all groups outside the ldap search area have disappeared.

The groups with the attribute kopanoHidden = 1 were unfortunately still displayed. Only after I edited the file /usr/share/kopano/ldap.propmap.cfg, they disappeared:

# PR_EC_AB_HIDDEN
0x67A7000B      = kopanoHidden

However, I still had to run z-push-gabsync -a clear-all. Then z-push-gabsync -a sync again. Then restart Outlook and synchronize the GAB in Outlook (KOLE) again. Everything’s all right now.

According to the instructions at https://wiki.z-hub.io/display/ZP/Configuring+GAB-Sync+for+Kopano+OL+Extension the entry should no longer be necessary since Z-Push version 2.3.4. I am using version 2.4.1+0-0 (Debian) and had to make the entry anyway.

After all this, I got curious again. Now I have reconnected Kopano to the old database. The database with the stupid system groups.

Another z-push-gabsync -a clear-all and z-push-gabsync -a sync and Tataaaa! Everything’s fine.

My conclusion:
1.) First define the ldap_search_base correctly.
2.) Insert the entry in /usr/share/kopano/ldap.propmap.cfg.
3.) Set attributes kopanoHidden = 1.

If something goes wrong:
1.) z-push-gabsync -a clear-all and z-push-gabsync -a sync
2.) Sync Outlook again.

If everything is confused:
You can also add a new database. Be careful, this is probably only possible because the “real” database is the AD in Samba4 and Kopano only uses a “copy” of it (see also Kopano Core Administrator Manual, 8.5. User Management with LDAP or Active Directory).

@manfred: Thank you, you put me on the right path.

Viele Grüße
Heinz

Hi Heinz,

good to hear it works now. Just one addition:

@moin said in System Groups in GAB:

According to the instructions at https://wiki.z-hub.io/display/ZP/Configuring+GAB-Sync+for+Kopano+OL+Extension the entry should no longer be necessary since Z-Push version 2.3.4. I am using version 2.4.1+0-0 (Debian) and had to make the entry anyway.

The hidden entries didn’t work before Z-Push 2.3.4 at all. We’ve added the code to do it in that version.
The entry in /usr/share/kopano/ldap.propmap.cfg is necessary to have the mapping for a hidden entry between LDAP/AD and KC (and though Z-Push). So, if it’s not there, you have to add it manually (and restart kopano-server for the changes to take effect).

Manfred