Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement about z-hub.io

    ldap_user_search_filter with Active Directory

    Kopano Groupware Core
    2
    5
    1259
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ZofreCZ
      ZofreCZ last edited by

      Kopano Core is bothering me. I have

      ldap_user_search_filter = (kopanoAccount=1)
      

      I see in ADUC all filltered users with kopanoAccount=1. However, Kopano only sees with this filter only 2 users. If I set:

      ldap_user_search_filter = (objectCategory=Person)
      

      Kopano will create all users regardless of whether they are authorized or not.

      Did not you meet someone with this behavior?

      1 Reply Last reply Reply Quote 0
      • Coffee_is_life
        Coffee_is_life last edited by Coffee_is_life

        Hello @ZofreCZ ,

        i had installed zarafa before i upgraded to kopano but still useing the zarafa-ADS…
        all users had the zarafaAccount-Attribute…

        Maybe you installed the kopano-ADS after/toghether with zarafa and all new users get the kopanoAccount attribute and all existent users have zarafaAccount…
        If thats the case try:

        ldap_user_search_filter = ((kopanoAccount=1)|(zarafaAccount=1))
        

        Coffee_is_life

        KC:
        CentOS 7.9.2009
        Mariadb-10.5.10-1
        KC -8.7.22.0
        Z-Push -2.5.2+0-119.1
        PHP 5.6.25-1 Zend OPcache v7.0.6-dev (Engine v2.6.0)
        Webapp:
        CentOS 7.9.2009
        WebApp 5.2.0.0-168.1 external Server
        PHP-MAPI 8.7.22.0
        DeskApp 2.7.0
        Outlook 2016 KOE 2.1.20

        1 Reply Last reply Reply Quote 0
        • ZofreCZ
          ZofreCZ last edited by

          Thanks for answer.

          I make new instalation of Kopano with integrated Windows Server 2012 R2 Active Directory. Debug logs display no errors. Is way to test ldap search with Kopano and see results?

          1 Reply Last reply Reply Quote 0
          • Coffee_is_life
            Coffee_is_life last edited by Coffee_is_life

            using ldapsearch:

            ldapsearch -LLL -x -H ldap://<ldapserver> -D cn=<user>,cn=<userscn>,dc=<domain>,dc=<topdomain> -w <pass> -b dc=<domain>,dc=<topdomain> '(&(kopanoAccount=1)(|(zarafaAccount=1)))' uid |grep '^uid:' | awk '{print $2}' | sort -u
            

            replace <user> with a user who has read rights on server (or for test you can use domainadmin)
            replace <userscn> with something like cn=users (or in your case i think cn=people)
            replace <pass> withj the users password of course
            replace <topdomain> with yours (de/com/net/whatever)
            and <ldapserver> with your server :)

            should give you a list of all users ( returnvalue is uid) with the specified values

            Coffee_is_life

            KC:
            CentOS 7.9.2009
            Mariadb-10.5.10-1
            KC -8.7.22.0
            Z-Push -2.5.2+0-119.1
            PHP 5.6.25-1 Zend OPcache v7.0.6-dev (Engine v2.6.0)
            Webapp:
            CentOS 7.9.2009
            WebApp 5.2.0.0-168.1 external Server
            PHP-MAPI 8.7.22.0
            DeskApp 2.7.0
            Outlook 2016 KOE 2.1.20

            1 Reply Last reply Reply Quote 1
            • ZofreCZ
              ZofreCZ last edited by

              Thank You @Coffee_is_life for your help and right direction.

              When I test lapdsearch, I found this was an account authorization problem used for ldap search.

              Its solved.

              Best regards.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post