ldap_user_search_filter with Active Directory

ZofreCZ

Kopano Core is bothering me. I have

ldap_user_search_filter = (kopanoAccount=1)

I see in ADUC all filltered users with kopanoAccount=1. However, Kopano only sees with this filter only 2 users. If I set:

ldap_user_search_filter = (objectCategory=Person)

Kopano will create all users regardless of whether they are authorized or not.

Did not you meet someone with this behavior?

Coffee_is_life

Hello @ZofreCZ ,

i had installed zarafa before i upgraded to kopano but still useing the zarafa-ADS…
all users had the zarafaAccount-Attribute…

Maybe you installed the kopano-ADS after/toghether with zarafa and all new users get the kopanoAccount attribute and all existent users have zarafaAccount…
If thats the case try:

ldap_user_search_filter = ((kopanoAccount=1)|(zarafaAccount=1))

Coffee_is_life

ZofreCZ

Thanks for answer.

I make new instalation of Kopano with integrated Windows Server 2012 R2 Active Directory. Debug logs display no errors. Is way to test ldap search with Kopano and see results?

Coffee_is_life

using ldapsearch:

ldapsearch -LLL -x -H ldap://<ldapserver> -D cn=<user>,cn=<userscn>,dc=<domain>,dc=<topdomain> -w <pass> -b dc=<domain>,dc=<topdomain> '(&(kopanoAccount=1)(|(zarafaAccount=1)))' uid |grep '^uid:' | awk '{print $2}' | sort -u

replace <user> with a user who has read rights on server (or for test you can use domainadmin)
replace <userscn> with something like cn=users (or in your case i think cn=people)
replace <pass> withj the users password of course
replace <topdomain> with yours (de/com/net/whatever)
and <ldapserver> with your server :)

should give you a list of all users ( returnvalue is uid) with the specified values

Coffee_is_life

ZofreCZ

Thank You @Coffee_is_life for your help and right direction.

When I test lapdsearch, I found this was an account authorization problem used for ldap search.

Its solved.

Best regards.