core-8.7.80 breaks LDAP groups on Debian 9 /w OpenLDAP



  • After upgrading to core-8.7.80, Kopano is no longer able to look up the group memberships of Kopano users + Kopano groups have no members (tested on Debian 9 AMD /w OpenLDAP). Works perfectly if I restore the VM with a snapshot to roll back to the previous version of Kopano.

    kopano-cli --user “chris”

    Name:                          chris
    Full name:                     XYZ Chris
    Email address:                 chris@domain.tld
    Active:                        yes
    Administrator:                 yes
    Address Book:                  visible
    Features:                      mobile; outlook; webapp
    Store:                         84968309FFD0446997A168846BDFF5C4
    Store size:                    1012.61 MB
    Send-as:
    Delegation:
    Auto-accept meeting requests:  no
    Auto-process meeting request:  yes
    Out-Of-Office:                 disabled
    Current user store quota settings:
        Quota overrides:           yes
        Warning level:             unlimited
        Soft level:                unlimited
        Hard level:                unlimited
    Groups (1):
                   Groupname
            ----------------
                    Everyone
    Permissions:
    

    kopano-cli --group “Domain Users”

    Name:            Domain Users
    Email address:   users@domain.tld
    Address Book:    visible
    Send-as:
    Users (0):
                User            Full Name           Homeserver                                    Store
    ---------------------------------------------------------------------------------------------------
    

  • Kopano

    That works for me with 8.7.80.168-0+43.1



  • Apparently the cause were old ldap*.cfg config files. I have restored the most recent ldap.cfg and ldap.openldap.cfg from /usr/share/kopano and applied the required changes, so I can connect to my LDAP again. That solved the issue.


  • Kopano

    That reads like you were doing adjustments to the ldap configuration below /usr/share. User modified files should always reside in /etc



  • Actually no. I am using the memberOf overlay in my OpenLDAP settings which require changes in ldap.openldap.cfg. However, after every core update I had my ldap.openldap.cfg overwritten in /usr/share/kopano which led me to the idea, to copy the ldap*.cfg files to /etc/kopano and change the file paths to /etc/kopano instead of using /usr/share/kopano.


  • Kopano

    @chris said in core-8.7.80 breaks LDAP groups on Debian 9 /w OpenLDAP:

    Actually no. […] after every core update I had my ldap.openldap.cfg overwritten in /usr/share/kopano

    You are conflicting with yourself.

    I’ll repeat: you should only make adaptations to your ldap configuration in /etc/kopano, the default file to use there is /etc/kopano/ldap.cfg. This is also a topic in the Kopano admin manual at https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#configure-kopano-for-user-management-with-ldap-e-g-openldap-ads. We have recently rewritten this to streamline the configuration process a bit.


Log in to reply