kopano-admin --sync ignoring my settings in ldap.cfg?



  • Hello,
    I am attempting to connect our Kopano installation to a rather large LDAP Database. It contains over 12,000 user entries, however only 2,250 are going to be logging into Kopano, and have the “kopano-user” objectClass set. However, when I attempt to run a sync, it reports that 9456 entries were found, and then it bails out with the error “Administrative Limit Exceeded”.

    In my ldap.cfg file, I changed the user attribute value to kopano-user, and set the search filter to exclude an objectClass that will never apply to kopano users.

    ldap.cfg:
    dap_object_type_attribute = objectClass
    ldap_user_type_attribute_value = kopano-user
    ldap_user_search_filter = (!(objectClass=ipaOverrideTarget))
    ldap_group_type_attribute_value = groupofnames
    ldap_contact_type_attribute_value = kopano-contact
    ldap_company_type_attribute_value = kopano-company
    ldap_addresslist_type_attribute_value = kopano-addresslist
    ldap_dynamicgroup_type_attribute_value = kopano-dynamicgroup

    ldap_user_unique_attribute = uid
    ldap_user_unique_attribute_type = text
    ldap_fullname_attribute = cn
    ldap_loginname_attribute = uid
    ldap_emailaddress_attribute = mail
    ldap_emailaliases_attribute = kopanoAliases
    ldap_password_attribute = userPassword
    ldap_isadmin_attribute = kopanoAdmin
    ldap_nonactive_attribute = kopanoSharedStoreOnly

    Verbose command output:
    kopano-admin -c /etc/kopano/dagent.cfg --sync -vvvvvv
    [debug ] Initializing provider “Kopano Directory Service”
    [debug ] Initializing provider “Private Folders”
    [debug ] Initializing provider “Public Folders”
    User/group synchronization failed: “object” not found
    Using the -v option (possibly multiple times) may give more hints.

    Server.log:
    Tue Jul 3 16:07:37 2018: [ 20006] plugin: Trying to connect to ldap://172.16.16.51:389
    Tue Jul 3 16:07:37 2018: [ 20006] plugin: Issuing LDAP bind
    Tue Jul 3 16:07:37 2018: [ 20006] plugin: ldaptiming [00000.00] connected to ldap
    Tue Jul 3 16:07:40 2018: [ 20006] plugin: ldaptiming [00000.00] (“dc=int,dc=domain,dc=net” “(|(|(objectClass=posixAccount)(objectClass=kopano-contact))(objectClass=kopano-contact)(|(objectClass=posixGroup)(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist))))” objectClass kopanoSharedStoreOnly kopanoResourceType kopanoSecurityGroup uidNumber gidNumber ou gidNumber cn modifyTimestamp ), results: 9456
    Tue Jul 3 16:07:49 2018: [ 20006] Previous message logged 3 times
    Tue Jul 3 16:07:49 2018: [error ] LDAP query in “dc=int,dc=domain,dc=net” failed: (|(|(objectClass=posixAccount)(objectClass=kopano-contact))(objectClass=kopano-contact)(|(objectClass=posixGroup)(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist)))) (result=0x0b, Administrative limit exceeded)
    Tue Jul 3 16:07:49 2018: [warning] K-1502: Unable to retrieve list from external user source: ldap_search_ext_s: Administrative limit exceeded
    Tue Jul 3 16:07:49 2018: [error ] Error synchronizing user list: 8000001D

    Am I missing something? it looks like the LDAP query didn’t use any of my settings in ldap.cfg at all.


  • Kopano

    For that amount of users you surely want to get in contact with our support instead of relying on community support.


Log in to reply