Core 8.7: Invalid LDAP search filter containing (|)
-
Hey guys,
I updated to 8.7 and noticed, that Kopano creates LDAP filter which contains (|) e.g.
(&(|(&(&(objectClass=kopano-user)(mail=*@xxx))(|(objectClass=posixAccount)(objectClass=kopano-contact)))(&(&(objectClass=kopano-user)(mail=*@xxx))(objectClass=kopano-contact))(|(&(objectClass=posixGroup)(objectClass=kopano-group))(objectClass=kopano-dynamicgroup))(|(&(objectClass=kopano-addresslist))))(&(|(gecos=*\2A*)(mail=*\2A*)(mail=*\2A*)(mail=*\2A*)(department=*\2A*)(gecos=*\2A*))(&(!(&(|(|)(|))(|(|))))(!(&(|(|)(|))(|(|)))))))These are rejected by the 389 directory server inside FreeIPA. According to https://www.ietf.org/rfc/rfc1960.txt (|) is invalid because it does not have at least one filter after |.
Is there a way to avoid these statements by any kind of configuration I can perform?
thanks in advance
-
The effect is, that currently no operations are working, which require these search. Adding permissions for calendar users for example.
-
Hi @dcuser,
we currently do not support freeipa and therefore do not test it. Which exact version are you talking about? In which previous version has it still worked?
-
I use the FreeIPA version 4.6.4 on CentOS 7.
The issue was introduced with Kopano 8.7.0, it worked with 8.6.9 -
thanks for the additional information.
I’ve created https://jira.kopano.io/browse/KC-1402 to followup on this.
-
Thanks, Felix!
