Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Warning K-1504: Unable to retrieve parents for groupmember relation...

    Kopano Groupware Core
    2
    7
    1594
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Former User
      A Former User last edited by

      Hello,

      our server.log frequently shows the warning message
      K-1504: Unable to retrieve parents for groupmember relation 16: uid attribute not found.
      for different relation #.

      Version installed: 8.4.0.1540 on SLES 12 SP2.

      Could someone explain the cause for the warning and how to avoid it?

      Thanks

      Ulrich

      fbartels 1 Reply Last reply Reply Quote 0
      • fbartels
        fbartels Kopano @Guest last edited by

        Hello @dylan08 ,

        a similar topic was discussed here in this forum before. I gave pointers in https://forum.kopano.io/topic/264/unable-to-retrieve-parents-for-relation-groupmember-uid-attribute-not-found how to resolve it (some more detailed steps are linked in that post).

        Regards Felix

        Resources:
        https://kopano.com/blog/how-to-get-kopano/
        https://documentation.kopano.io/
        https://kb.kopano.io/

        Support overview:
        https://kopano.com/support/

        1 Reply Last reply Reply Quote 0
        • A Former User
          A Former User last edited by

          Hello Felix,

          thanks for the hint. I have seen the discussion and checked if something is wrong with my ldap configuration.
          Also have checked my ldap configuration according to https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#testing-ldap-configuration

          Now I have changed logging settings in kopano server.cfg to 6 (Debug). But it seems that the server does not send ldap queries to the log files. I see debug messages but no ldap queries.

          Ulrich

          fbartels 1 Reply Last reply Reply Quote 0
          • fbartels
            fbartels Kopano @Guest last edited by

            Hi @dylan08 ,

            from man kopano-server:

            DIAGNOSTICS
       If you run into problems, check the log for any errors. If you made a mistake in the configuration of the log method, this will be reported on standard error. You can also
       restart the server with a higher log level. Also, before starting the server, always make sure the database server is running at the right location and no other server is
       listening on the configured TCP port.

       For extended diagnostics, there are special extended log options available for enhanced debugging capabilities. The parameter log_level has special or-ed values which can be set
       to investigate different modules within the server process:

       SQL: 0x00010000, User backend: 0x00020000, Server cache: 0x00040000, SOAP: 0x00100000, ICS: 0x00200000

       For example, if you are using LDAP as the user plugin, you can set the log_level to 0x00020006 for extended LDAP logging (the last digit 6 enables extended verbose logging). To
       enable SQL and LDAP logging at the same time, set log_level to 0x00030006

       WARNING: The log options create huge amounts of log entries in production environments, this results in abnormal large logfiles which can fill up available disk space very fast.
       Only use this with extreme caution.

            so you need to set the log_level to 0x00020006 to have the ldap queries logged.

            Regards Felix

            Resources:
            https://kopano.com/blog/how-to-get-kopano/
            https://documentation.kopano.io/
            https://kb.kopano.io/

            Support overview:
            https://kopano.com/support/

            1 Reply Last reply Reply Quote 0
            • A Former User
              A Former User last edited by

              Hello Felix,

              thank you. Missed to read the man page for kopano-server.
              Hope to find the cause with ldap logging enabled.

              1 Reply Last reply Reply Quote 0
              • A Former User
                A Former User last edited by

                Hello,

                done a little bit of investing using ldap debugging. Seems the problem is related to the earlier mentioned univention topic.

                Kopano does the following ldap searches:
                ("dc=DOMAIN,dc=TLD" "(&(|(objectClass=posixGroup)(objectClass=kopano-dynamicgroup))(memberUid=USER))" objectClass kopanoSharedStoreOnly kopanoResourceType kopanoSecurityGroup uidNumber gidNumber ou cn cn modifyTimestamp

                Result is one “posixGroup” with some members. Every member has a “memberUID” and a “member” attribute. Say “gidNumber” in the result is 4711.

                Next kopano search for
                ("dc=DOMAIN,dc=TLD" "(&(|(objectClass=posixGroup)(objectClass=kopano-dynamicgroup))(gidNumber=4711))" uid )

                As it is a posixGroup there is no “uid” member present. So ldap search result is empty.
                This LDAP configuration has worked before with zarafa. Warning K-1504 has started after updating to kopano.
                Maybe there is an error in kopano and search result should be the “member” attribute?

                fbartels 1 Reply Last reply Reply Quote 0
                • fbartels
                  fbartels Kopano @Guest last edited by

                  @dylan08 said in Warning K-1504: Unable to retrieve parents for groupmember relation...:

                  Maybe there is an error in kopano and search result should be the “member” attribute?

                  you can define which attributes kopano queries from the ldap. you can find the default values in /usr/share/kopano/ldap.openldap.cfg, any modifications to the defaults should be done in the ldap.cfg.

                  By default the following values are used:

                  # Optional, default = member
# Active directory: member
# LDAP: memberUid
ldap_groupmembers_attribute = memberUid

# Optional, default = text
# Active directory: dn
# LDAP: text
ldap_groupmembers_attribute_type = text

# The attribute of the user which is listed in ldap_groupmember_attribute
# Active directory: empty, matching DNs
# LDAP: uid, matching users in ldap_loginname_attribute
ldap_groupmembers_relation_attribute = uid

                  Regards Felix

                  Resources:
                  https://kopano.com/blog/how-to-get-kopano/
                  https://documentation.kopano.io/
                  https://kb.kopano.io/

                  Support overview:
                  https://kopano.com/support/

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post