General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Button to expand LDAP groups in mail editor is not shown


Chronological Thread 
  • From: "Rowland Penny" ( ) < >
  • To:
  • Subject: Re: [SOGo] Button to expand LDAP groups in mail editor is not shown
  • Date: Mon, 20 Jan 2020 17:17:09 +0000
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 212031DE5205

On 20/01/2020 16:31, Lars Liedtke
( )
wrote:

No,

neither

(&(|(samaccountname=Team-mOps)(mail=Team-mOps)(userPrincipalName=Team-mOps))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))

nor

(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))

do return a result, but with Team-Pi it seems to do another query afterwards, which returns the Team for u:

Jan 20 17:15:47 sogod [1076]: <0x0x80bcc9418[NGLdapConnection]> Using
ldap_initialize for LDAP URL:ldap://127.0.0.1:389
2020-01-20 17:15:47.782 sogod[1076:100238] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'ou=mitarbeiter,dc=intern,dc=punkt, dc=de' filter
'(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))'
for attrs '*'                                                                            
                                                                      │
Jan 20 17:15:47 sogod [1076]: <0x0x80bccb538[NGLdapConnection]> Using
ldap_initialize for LDAP URL:ldap://127.0.0.1:389
2020-01-20 17:15:47.810 sogod[1076:100238] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'ou=mitarbeiter,dc=intern,dc=punkt,dc=de' filter '(samaccountname=Team-Pi)'
for attrs '*'

and with Team-mOps it seems not to do the second query

But when I change the sAmAccountName of Team-mOps, this group is working, too. So I must havce been wrong with the difference between CN and sAMAccountName. So thank you for your help. I will change all sAMAccountNames.

Lars

If the software relies on the 'CN' == 'sAMAccountName' then it is a bug, there is nothing in AD that specifies that they must be the same, in fact, they are very often different.

Rowland





Archive powered by MHonArc 2.6.18.

Top of page