ldap_user_search_filter with Active Directory



  • Kopano Core is bothering me. I have

    ldap_user_search_filter = (kopanoAccount=1)
    

    I see in ADUC all filltered users with kopanoAccount=1. However, Kopano only sees with this filter only 2 users. If I set:

    ldap_user_search_filter = (objectCategory=Person)
    

    Kopano will create all users regardless of whether they are authorized or not.

    Did not you meet someone with this behavior?



  • Hello @ZofreCZ ,

    i had installed zarafa before i upgraded to kopano but still useing the zarafa-ADS…
    all users had the zarafaAccount-Attribute…

    Maybe you installed the kopano-ADS after/toghether with zarafa and all new users get the kopanoAccount attribute and all existent users have zarafaAccount…
    If thats the case try:

    ldap_user_search_filter = ((kopanoAccount=1)|(zarafaAccount=1))
    

    Coffee_is_life



  • Thanks for answer.

    I make new instalation of Kopano with integrated Windows Server 2012 R2 Active Directory. Debug logs display no errors. Is way to test ldap search with Kopano and see results?



  • using ldapsearch:

    ldapsearch -LLL -x -H ldap://<ldapserver> -D cn=<user>,cn=<userscn>,dc=<domain>,dc=<topdomain> -w <pass> -b dc=<domain>,dc=<topdomain> '(&(kopanoAccount=1)(|(zarafaAccount=1)))' uid |grep '^uid:' | awk '{print $2}' | sort -u
    

    replace <user> with a user who has read rights on server (or for test you can use domainadmin)
    replace <userscn> with something like cn=users (or in your case i think cn=people)
    replace <pass> withj the users password of course
    replace <topdomain> with yours (de/com/net/whatever)
    and <ldapserver> with your server :)

    should give you a list of all users ( returnvalue is uid) with the specified values

    Coffee_is_life



  • Thank You @Coffee_is_life for your help and right direction.

    When I test lapdsearch, I found this was an account authorization problem used for ldap search.

    Its solved.

    Best regards.


Log in to reply