Kopano Core ldap search error K-1501: No contact type attribute value defined

lleopold19

Hi All,
I have an on-premise Univention 4.3 Kopano server that is connected to my AD. Because I can :-) I extended this install to a multi-server design by adding a a second, cloud-based Univention server as domain back-up.
I would like to commend the folks at Univention and Kopano for making a rock solid software. Everything works as expected, with the error message in the kopano server log

Wed May  2 12:00:02 2018: [error  ] LDAP search error: Can't contact LDAP server. Will unbind, reconnect and retry.
Wed May  2 12:00:02 2018: [warning] K-1501: Unable to retrieve details from external user source: No contact type attribute value defined```

lleopold19

I turned on debugging as I noticed that I get no users listed by using the kopano-admin -l command,
This is what it logged.

Wed May  2 20:37:37 2018: [debug  ] Accepted incoming connection from file:///var/run/kopano/server.sock
Wed May  2 20:37:38 2018: [debug  ] Accepted incoming SSL connection from 192.168.1.200
Wed May  2 20:37:44 2018: [info   ] Accepted certificate "kopano-client-public.pem" from client.
Wed May  2 20:37:44 2018: [  20006] plugin: Trying to connect to ldap://ucs.example.net:7389
Wed May  2 20:37:44 2018: [  20006] plugin: Issuing LDAP bind
Wed May  2 20:37:44 2018: [  20006] plugin: ldaptiming [00000.02] connected to ldap
Wed May  2 20:37:44 2018: [  20006] plugin: getPublicStoreDetails
Wed May  2 20:37:44 2018: [  20006] plugin: ldaptiming [00000.00] ("dc=example,dc=net" "(&(objectClass=kopano-server)(kopanoContainsPublic=1))" cn ), results: 1
Wed May  2 20:37:44 2018: [debug  ] Accepted incoming SSL connection from 192.168.1.200
Wed May  2 20:37:44 2018: [info   ] Accepted certificate "kopano-client-public.pem" from client.
Wed May  2 20:37:44 2018: [  20006] plugin: Trying to connect to ldap://ucs.example.net:7389
Wed May  2 20:37:44 2018: [  20006] plugin: Issuing LDAP bind
Wed May  2 20:37:44 2018: [  20006] plugin: ldaptiming [00000.02] connected to ldap
Wed May  2 20:37:44 2018: [  20006] plugin: getObjectDetails N=3
Wed May  2 20:37:44 2018: [warning] K-1501: Unable to retrieve details from external user source: No contact type attribute value defined

fbartels

Hi @lleopold19,

is your ldap properly populated? the following command will list all users matching the search filter of kopano-server:

univention-ldapsearch $(ucr get kopano/cfg/ldap/ldap_user_search_filter)

lleopold19

thanks for your reply
yes, the ldap search shows the expected number of users/objects. Kopano webapp also works as expected. I get the error when I try to use the kopano command line tools, such as kopano-admin or kopano-cli.
I mentioned that I extended this server to a multi-server install, to check that aspect as well. In the kopano documentation I found a reference that in multi-server environments for the command line tools to work, the content of the admin.cfg has to match the multi-server arrangements, but I have that. Could this be the issue?
A separate and unrelated question I have that can a multi-server install simply separated into separate servers by reverting the multi-node settings?

root@ucs:~# univention-ldapsearch $(ucr get kopano/cfg/ldap/ldap_user_search_filter)
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=net> (default) with scope subtree
# filter: (kopanoAccount=1)
# requesting: ALL
#
{snip}
# search result
search: 3
result: 0 Success
# numResponses: 5
# numEntries: 4

root@ucs:~# kopano-admin -l
Unable to list users: "object" not found
Using the -v option (possibly multiple times) may give more hints.

root@ucs:~# kopano-cli --debug
Name:                         Default
Address Book:                 visible
Public store:                 2762447CAEE64D86AD42E77119D4CA7E
Public store size:            0.00 MB
Permissions:
    (store): Everyone:read_items,folder_visible

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/kopano_cli/__init__.py", line 530, in main
    global_options(options, server)
  File "/usr/lib/python2.7/dist-packages/kopano_cli/__init__.py", line 491, in global_options
    company_update_options(server.company('Default'), options, server)
  File "/usr/lib/python2.7/dist-packages/kopano_cli/__init__.py", line 440, in company_update_options
    for user in company.users(): # there are only server-wide settings
  File "/usr/lib/python2.7/dist-packages/kopano/company.py", line 237, in users
    for user in self.server.users(system=system, remote=True):
  File "/usr/lib/python2.7/dist-packages/kopano/server.py", line 293, in users
    for ecuser in self.sa.GetUserList(None, MAPI_UNICODE):
  File "/usr/lib/python2.7/dist-packages/MAPICore.py", line 2149, in GetUserList
    return _MAPICore.IECServiceAdmin_GetUserList(self, cbCompanyId, ulFlags)
MAPIErrorNotFound: MAPI error 8004010F (MAPI_E_NOT_FOUND)

fbartels

@lleopold19 said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

Kopano webapp also works as expected. I get the error when I try to use the kopano command line tools, such as kopano-admin or kopano-cli.

So just to be 100% clear. you can login to webapp, see other users in the gab and send/receive mails as expected? You “just” see the error in the server.log and the admin cli tools throw below errors?

You say you have a multi server setup. so two the kopano core app is installed on both your univention systems? where do you get these error messages? on both systems?

@lleopold19 said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

K-1501: Unable to retrieve details from external user source: No contact type attribute value defined

This makes it seem like your ldap.cfg is missing a definition of ldap_contact_type_attribute_value. On a standard ucs systems this is not necessary, but this may be different for systems joined into an ad.

@lleopold19 said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

A separate and unrelated question I have that can a multi-server install simply separated into separate servers by reverting the multi-node settings?

This should indeed be the case.

lleopold19

@fbartels said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

So just to be 100% clear. you can login to webapp, see other users in the gab and send/receive mails as expected? You “just” see the error in the server.log and the admin cli tools throw below errors?

Yes, this is correct, I can log in to webapp and send/receive emails.

You say you have a multi server setup. so two the kopano core app is installed on both your univention systems? where do you get these error messages? on both systems?

yes, both systems are univention 4.3 systems as stock install, first is domain master, second system domain slave controller. And get the same error on both systems when trying to use the command line utilities.

@lleopold19 said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

K-1501: Unable to retrieve details from external user source: No contact type attribute value defined

This makes it seem like your ldap.cfg is missing a definition of ldap_contact_type_attribute_value. On a standard ucs systems this is not necessary, but this may be different for systems joined into an ad.

this could be relevant, since to populate the univention systems with data, I used the “Active Directory Connection” app to connect the UCS master to the AD and replicate data one-way, from AD to UCS. It is not clear from your comments if you think the missing definition could cause the command lines tools to stop working?

@lleopold19 said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

A separate and unrelated question I have that can a multi-server install simply separated into separate servers by reverting the multi-node settings?

This should indeed be the case.

thank you for confirming.

fbartels

@lleopold19 said in Kopano Core ldap search error K-1501: No contact type attribute value defined:

It is not clear from your comments if you think the missing definition could cause the command lines tools to stop working?

yes, I would say that is the case.

lleopold19

thanks!
I added “ldap_contact_type_attribute_value = kopano-contact” to the ldap.cfg and restarted kopano-server but I still get the same errors after using the command line client utilities

fbartels

I don’t have a test system to reproduce such an environment. I therefore would recommend to get in touch with our support so that someone can have a look at your setup.