Core 8.7: Invalid LDAP search filter containing (|)



  • Hey guys,

    I updated to 8.7 and noticed, that Kopano creates LDAP filter which contains (|) e.g.

    (&(|(&(&(objectClass=kopano-user)(mail=*@xxx))(|(objectClass=posixAccount)(objectClass=kopano-contact)))(&(&(objectClass=kopano-user)(mail=*@xxx))(objectClass=kopano-contact))(|(&(objectClass=posixGroup)(objectClass=kopano-group))(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist))))(&(|(gecos=*\2A*)(mail=*\2A*)(mail=*\2A*)(mail=*\2A*)(department=*\2A*)(gecos=*\2A*))(&(!(&(|(|)(|))(|(|))))(!(&(|(|)(|))(|(|)))))))
    

    These are rejected by the 389 directory server inside FreeIPA. According to https://www.ietf.org/rfc/rfc1960.txt (|) is invalid because it does not have at least one filter after |.

    Is there a way to avoid these statements by any kind of configuration I can perform?

    thanks in advance



  • The effect is, that currently no operations are working, which require these search. Adding permissions for calendar users for example.


  • Kopano

    Hi @dcuser,

    we currently do not support freeipa and therefore do not test it. Which exact version are you talking about? In which previous version has it still worked?



  • I use the FreeIPA version 4.6.4 on CentOS 7.
    The issue was introduced with Kopano 8.7.0, it worked with 8.6.9


  • Kopano

    thanks for the additional information.

    I’ve created https://jira.kopano.io/browse/KC-1402 to followup on this.



  • Thanks, Felix!


Log in to reply