LDAP and groups
dcuser last edited by dcuser
we use the LDAP plugin for kopano user management. “ldap” is the only user_plugin in server.cfg. Recently, I found a lot of error messages in the server log, which are all structured the same way:
Fri Aug 23 15:36:35 2019: [warning] K-1515: Object not found unknown user "firstname.lastname@example.org": email@example.com not found in LDAP
“group” being a
distributionLDAP group that has been added through Kopano Webinterface
To me, this looks like kopano tries to first look for an address resolution through LDAP and when this fails, it somehow looks in those groups and resolves the individual group member addresses by again using LDAP.
In unix pam, one can change the order, in which pam modules are processed.
Where I set kopano to first query (and thereby resolve) the
distributiongroups, before querying LDAP for the regular users?
i just created a distribution list in the contacts folder of a user and then used this distribution list to send an email. For me no such error messages were logged.
dcuser last edited by
Thanks for the quick reply @fbartels !
Today I put some time into finding out, what exactly happens before the error occurs:
we are using the LDAP-module as single user plugin. What I originally thougt to be distribution group errors actually are group errors, the icon looks alike, but they are in the global address book, not my individual one. Also I can not edit or change them directly, as they are managed by LDAP.
So when I create a new ldap group with only my own email address inside and try to send a mail there, the server.log shows those lines:
Mon Aug 26 15:35:14 2019: [error ] Command "/etc/kopano/userscripts/creategroup" exited with non-zero status 127 Mon Aug 26 15:35:16 2019: [error ] LDAP search error: Can't contact LDAP server. Will unbind, reconnect and retry. Mon Aug 26 15:35:18 2019: [warning] K-1515: Object not found unknown user "firstname.lastname@example.org": email@example.com not found in LDAP Mon Aug 26 15:35:49 2019: [error ] LDAP search error: Can't contact LDAP server. Will unbind, reconnect and retry.
The first line is clear - there simply is no userscripts/creategroup.
The following lines look like there were connection problems - that I could not yet verify - and kopano be looking for the testgroup as a user first, not as a group.
In disregard of the log lines, the test email was delivered.