AW: LDAP Users can see other's mails

2017-11-23 Thread Katterl Christian 
It seems that i can see all messages of members of the same ad-groups.
In my case, piler would not need to take care of groups…..

Von: Janos SUTO [mailto:s...@acts.hu]
Gesendet: Donnerstag, 23. November 2017 09:45
An: Piler User
Betreff: Re: LDAP Users can see other's mails

Show me the sphinx query from the mail log related to the given user.
Janos

From: Katterl Christian
Sent: Thu Nov 23 07:35:19 GMT+01:00 2017
To: "piler-user@list.acts.hu"
Subject: LDAP Users can see other's mails


Dear all,


i configured piler (1.3.1) on Debian (9) using LDAP authentication against 
Active Directory.
Basically, authentication works.


BUT:
Successfully logged in users cannot only see their own mails, but also mails of 
other users?


My ldap-config from config-site.php looks like this:


$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_HOST'] = 'mydomaincontroller.mydomain.myforest.tld';
$config['LDAP_HELPER_DN'] = 
'CN=pilerldap,OU=ServicesAccounts,DC=mydomain,DC=myforest,DC=tld';
$config['LDAP_HELPER_PASSWORD'] = 'highpressurecompressor';
$config['LDAP_MAIL_ATTR'] = 'mail';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'user';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'group';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'member';
$config['LDAP_BASE_DN'] = DC=mydomain,DC=myforest,DC=tld;
$config['LDAP_AUDITOR_MEMBER_DN'] = '';
$config['LDAP_ADMIN_MEMBER_DN'] = '';


Any ideas?


BR, Christian


Christian Katterl
Teamleader Technical IT

[cid:00d9-0001@01d36425.3b18d2bf]

Asamer Baustoffe AG
Unterthalham Straße 2
4694 Ohlsdorf
Austria
tel  +43 50 799 - 2511
mobile +43 664 811 54 99
email c.katt...@asamer.at
www.abag.at


This message is confidential. It may not be disclosed to, or used by, anyone 
other than the addressee. If you receive this message by mistake, please advise 
the sender.
Firmenbuch: Landesgericht Wels, FN: 407726y, ATU 68646334

AW: LDAP Users can see other's mails

2017-11-23 Thread Katterl Christian 
The query looks strange to me:

Nov 23 09:46:20 aohmailarchive01 piler-webui[6828]: sphinx query: 'SELECT id 
FROM main1,dailydelta1,delta1 WHEREMATCH(' (@from 
gXsignXasamerXbaustoffeXagXasamerXat| gXsignXasamerXbaustoffeXagXalasXba| 
allXabagXasamerXat| cXkatterlXasamerXat| eXscheiblXasamerXat| katterlXasamerXat 
| @to gXsignXasamerXbaustoffeXagXasamerXat| gXsignXasamerXbaustoffeXagXalasXba| 
allXabagXasamerXat| cXkatterlXasamerXat| eXscheiblXasamerXat| 
katterlXasamerXat) ') ORDER BY `sent` DESC LIMIT 0,20 OPTION max_matches=1000' 
in 0.00 s, 5 hits, 5 total found

There are a lot of groups inside…

BR, Christian

Von: Janos SUTO [mailto:s...@acts.hu]
Gesendet: Donnerstag, 23. November 2017 09:45
An: Piler User
Betreff: Re: LDAP Users can see other's mails

Show me the sphinx query from the mail log related to the given user.
Janos

From: Katterl Christian
Sent: Thu Nov 23 07:35:19 GMT+01:00 2017
To: "piler-user@list.acts.hu"
Subject: LDAP Users can see other's mails


Dear all,


i configured piler (1.3.1) on Debian (9) using LDAP authentication against 
Active Directory.
Basically, authentication works.


BUT:
Successfully logged in users cannot only see their own mails, but also mails of 
other users?


My ldap-config from config-site.php looks like this:


$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_HOST'] = 'mydomaincontroller.mydomain.myforest.tld';
$config['LDAP_HELPER_DN'] = 
'CN=pilerldap,OU=ServicesAccounts,DC=mydomain,DC=myforest,DC=tld';
$config['LDAP_HELPER_PASSWORD'] = 'highpressurecompressor';
$config['LDAP_MAIL_ATTR'] = 'mail';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'user';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'group';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'member';
$config['LDAP_BASE_DN'] = DC=mydomain,DC=myforest,DC=tld;
$config['LDAP_AUDITOR_MEMBER_DN'] = '';
$config['LDAP_ADMIN_MEMBER_DN'] = '';


Any ideas?


BR, Christian


Christian Katterl
Teamleader Technical IT

[cid:00d9-0001@01d36425.3b18d2bf]

Asamer Baustoffe AG
Unterthalham Straße 2
4694 Ohlsdorf
Austria
tel  +43 50 799 - 2511
mobile +43 664 811 54 99
email c.katt...@asamer.at
www.abag.at


This message is confidential. It may not be disclosed to, or used by, anyone 
other than the addressee. If you receive this message by mistake, please advise 
the sender.
Firmenbuch: Landesgericht Wels, FN: 407726y, ATU 68646334

Re: LDAP Users can see other's mails

2017-11-23 Thread Janos SUTO 
Show me the sphinx query from the mail log related to the given user.

Janos


 Original Message 
From: Katterl Christian 
Sent: Thu Nov 23 07:35:19 GMT+01:00 2017
To: "piler-user@list.acts.hu" 
Subject: LDAP Users can see other's mails

Dear all,

i configured piler (1.3.1) on Debian (9) using LDAP authentication against 
Active Directory.
Basically, authentication works.

BUT:
Successfully logged in users cannot only see their own mails, but also mails of 
other users?

My ldap-config from config-site.php looks like this:

$config['ENABLE_LDAP_AUTH'] = 1;
$config['LDAP_HOST'] = 'mydomaincontroller.mydomain.myforest.tld';
$config['LDAP_HELPER_DN'] = 
'CN=pilerldap,OU=ServicesAccounts,DC=mydomain,DC=myforest,DC=tld';
$config['LDAP_HELPER_PASSWORD'] = 'highpressurecompressor';
$config['LDAP_MAIL_ATTR'] = 'mail';
$config['LDAP_ACCOUNT_OBJECTCLASS'] = 'user';
$config['LDAP_DISTRIBUTIONLIST_OBJECTCLASS'] = 'group';
$config['LDAP_DISTRIBUTIONLIST_ATTR'] = 'member';
$config['LDAP_BASE_DN'] = DC=mydomain,DC=myforest,DC=tld;
$config['LDAP_AUDITOR_MEMBER_DN'] = '';
$config['LDAP_ADMIN_MEMBER_DN'] = '';

Any ideas?

BR, Christian


Christian Katterl
Teamleader Technical IT

[cid:00d9-0001@01d36425.3b18d2bf]

Asamer Baustoffe AG
Unterthalham Stra?e 2
4694 Ohlsdorf
Austria
tel  +43 50 799 - 2511
mobile +43 664 811 54 99
email c.katt...@asamer.at
www.abag.at



This message is confidential. It may not be disclosed to, or used by, anyone 
other than the addressee. If you receive this message by mistake, please advise 
the sender.
Firmenbuch: Landesgericht Wels, FN: 407726y, ATU 68646334