Re: [SOGo] LDAP filter question
Le 23/04/2013 23:50, Paul van der Vlis a écrit : On 23-04-13 16:42, Jean Raby wrote: On 13-04-23 10:15 AM, Paul van der Vlis wrote: Hello, I use LDAP authentication on a server, but there are some users in LDAP who I don't want to give access to Sogo. They should be easy to filter, because they don't have an e-mail address. Do you have an idea how to filter this? This does not work: filter = (!(mail='')); filter = (!(mail=)); filter = (!(mail='*@*')); filter = (!(mail=*@*)); Do the opposite, add a filter to include all users with a mail attribute: filter = mail = '*'; Hey, this works! Thanks! With regards, Paul van der Vlis. Hello, it seems that : filter = mail = '*'; doesn't work with sogo package 2.0.5.20130422-1 on debian 7... it doesn't work for me.. the caracter jocker * is not considered! nice day -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] LDAP filter question
Hello, I use LDAP authentication on a server, but there are some users in LDAP who I don't want to give access to Sogo. They should be easy to filter, because they don't have an e-mail address. Do you have an idea how to filter this? This does not work: filter = (!(mail='')); filter = (!(mail=)); filter = (!(mail='*@*')); filter = (!(mail=*@*)); With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl/ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] LDAP filter question
On 23/04/13 10:15, Paul van der Vlis wrote: This does not work: filter = (!(mail='')); filter = (!(mail=)); filter = (!(mail='*@*')); filter = (!(mail=*@*)); Try: filter = (!(mail=*)) -- Ludovic Marcotte +1.514.755.3630 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] LDAP filter question
On 13-04-23 10:15 AM, Paul van der Vlis wrote: Hello, I use LDAP authentication on a server, but there are some users in LDAP who I don't want to give access to Sogo. They should be easy to filter, because they don't have an e-mail address. Do you have an idea how to filter this? This does not work: filter = (!(mail='')); filter = (!(mail=)); filter = (!(mail='*@*')); filter = (!(mail=*@*)); Do the opposite, add a filter to include all users with a mail attribute: filter = mail = '*'; -- Jean Raby jr...@inverse.ca :: +1.514.447.4918 (x120) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] LDAP filter question
On 23-04-13 16:35, Ludovic Marcotte wrote: filter = (!(mail=*)) This gives an error: object not found: mailtest. Where mailtest is the user. Sogo version 1.3.16 from Debian 7. With regards, Paul van der Vlis. -- Paul van der Vlis Linux systeembeheer, Groningen http://www.vandervlis.nl/ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] - Ldap Filter don't work
Am 27.02.2013 11:20, schrieb Dario Carbone: Il 27/02/2013 11:05, Christian Mack ha scritto: Hello Dario Carbone Am 2013-02-26 16:21, schrieb Dario Carbone: Il 26/02/2013 14:59, Christian Mack ha scritto: Am 2013-02-26 10:27, schrieb Dario Carbone: Here my .GNUstepDefaults : dict keyCNFieldName/key stringcn/string keyIDFieldName/key stringuid/string keyMailFieldNames/key string(mail,)/string keySOGoLDAPQueryTimeout/key string20/string keyUIDFieldName/key stringuid/string keybaseDN/key stringdc=primeur,dc=com/string keybindFields/key array stringuid/string /array keycanAuthenticate/key stringNO/string keydisplayName/key stringPrimeur Global/string keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string keyhostname/key string192.168.20.115/string keyid/key stringPrimeur_LDAP/string keyisAddressBook/key stringYES/string keypasswordPolicy/key stringNO/string keyport/key string389/string keyscope/key stringSUB/string keytype/key stringldap/string /dict I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn="" method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base="dc=primeur,dc=com" scope=2 deref=0 filter="((cn=*)(?=undefined))"* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed What's wrong ? The Address Book make me crazy!!! Do you mean this bug? http://www.sogo.nu/bugs/view.php?id=2169 I don't think, because i do the auth on Active Directory and the users search on OpenLDAP to load the Address Book. But I think there is something in filter parsing, but I don't know how is the code/script to do this. Could you provide an LDIF of an user in this group and an LDIF of your group? Kind regards, Christian Mack User : dn: uid=user1,ou=Group1,ou=Users,dc=primeur,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount uid: user1 uidNumber: 2424 gidNumber: 513 loginShell: /bin/bash gecos: System User userPassword: {SHA}wc45o+kQbuY95Gd3n9hdwdh8CAg= userPassword: {SHA}nxXj9Ve3UtHqjdD+FGH3USCzljY= sn: user1 homeDirectory: /home/user1 cn: user1 shadowFlag: 0 shadowMin: 0 shadowMax: 9 shadowWarning: 0 shadowInactive: 9 shadowLastChange: 12011 shadowExpire: 9 sambaKickoffTime: 2147483647 sambaAcctFlags: [U] sambaSID: S-1-5-21-3692295675-382424995-2796369013-5848 sambaDomainName: PRIMEUR sambaPrimaryGroupSID: S-1-5-21-3692295675-382424995-2796369013-513 sambaNTPassword: B2D9FE357CC623EF3770C3ECFE0CF7FC sambaPwdLastSet: 1361803572 This user does not have the memberOf attribute your filter is looking for. If the group can be the primary group you may have to extend your filter to look for sambaPrimaryGroupSID='S-1-5-21-3692295675-382424995-2796369013-513' as well, if there are no warinngs in your sogo logs that those sid attributes are not parsable. I get those warnings here with queries against samba4 ldap. -- Carbone Dario | Primeur Sales Marketing IT Service Department Mobile:3488960584 | Email | linkedin | skype
Re: [SOGo] - Ldap Filter don't work
Il 01/03/2013 13:39, Achim Gottinger ha scritto: keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn="" method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base="dc=primeur,dc=com" scope=2 deref=0 filter="((cn=*)(?=undefined))"* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed Have you tried to remove the linebreak. string(memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string Or use something like string(objectClass=person)/string for testing if it's an problem with parsing the filter value or applying it? achim~ I've tried a lots of combinations, but no lucky. I think the problem is the parsing part. -- Carbone Dario | Primeur Sales Marketing IT Service Department Mobile:3488960584 | Email | linkedin | skype
Re: [SOGo] - Ldap Filter don't work
Yes, without the filter , all work, but a lots of unwanted users appers. Il 01/03/2013 20:32, Mark Madere ha scritto: have you tried it without a filter? Original Message Subject: Re: [SOGo] - Ldap Filter don't work Date: Friday, March 1, 2013 06:39 AM CST From: Achim Gottinger ac...@ag-web.biz Reply-To: users@sogo.nu To: users@sogo.nu References: 512c7fe4.5030...@primeur.com 512cbfb4.7080...@uni-konstanz.de 512cd2e8.5020...@primeur.com 512dda69.6090...@uni-konstanz.de 5120.4060...@primeur.com 513077d0.2000...@primeur.com keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn="" method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base="dc=primeur,dc=com" scope=2 deref=0 filter="((cn=*)(?=undefined))"* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed Have you tried to remove the linebreak. string(memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string Or use something like string(objectClass=person)/string for testing if it's an problem with parsing the filter value or applying it? achim~ -- users@sogo.nu https://inverse.ca/sogo/lists -- Carbone Dario | Primeur Sales Marketing IT Service Department Mobile:3488960584 | Email | linkedin | skype
Re: [SOGo] - Ldap Filter don't work
Il 27/02/2013 11:20, Dario Carbone ha scritto: Il 27/02/2013 11:05, Christian Mack ha scritto: Hello Dario Carbone Am 2013-02-26 16:21, schrieb Dario Carbone: Il 26/02/2013 14:59, Christian Mack ha scritto: Am 2013-02-26 10:27, schrieb Dario Carbone: Here my .GNUstepDefaults : dict keyCNFieldName/key stringcn/string keyIDFieldName/key stringuid/string keyMailFieldNames/key string(mail,)/string keySOGoLDAPQueryTimeout/key string20/string keyUIDFieldName/key stringuid/string keybaseDN/key stringdc=primeur,dc=com/string keybindFields/key array stringuid/string /array keycanAuthenticate/key stringNO/string keydisplayName/key stringPrimeur Global/string keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string keyhostname/key string192.168.20.115/string keyid/key stringPrimeur_LDAP/string keyisAddressBook/key stringYES/string keypasswordPolicy/key stringNO/string keyport/key string389/string keyscope/key stringSUB/string keytype/key stringldap/string /dict I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn="" method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base="dc=primeur,dc=com" scope=2 deref=0 filter="((cn=*)(?=undefined))"* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed What's wrong ? The Address Book make me crazy!!! Do you mean this bug? http://www.sogo.nu/bugs/view.php?id=2169 I don't think, because i do the auth on Active Directory and the users search on OpenLDAP to load the Address Book. But I think there is something in filter parsing, but I don't know how is the code/script to do this. Could you provide an LDIF of an user in this group and an LDIF of your group? Kind regards, Christian Mack User : dn: uid=user1,ou=Group1,ou=Users,dc=primeur,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount uid: user1 uidNumber: 2424 gidNumber: 513 loginShell: /bin/bash gecos: System User userPassword: {SHA}wc45o+kQbuY95Gd3n9hdwdh8CAg= userPassword: {SHA}nxXj9Ve3UtHqjdD+FGH3USCzljY= sn: user1 homeDirectory: /home/user1 cn: user1 shadowFlag: 0 shadowMin: 0 shadowMax: 9 shadowWarning: 0 shadowInactive: 9 shadowLastChange: 12011 shadowExpire: 9 sambaKickoffTime: 2147483647 sambaAcctFlags: [U] sambaSID: S-1-5-21-3692295675-382424995-2796369013-5848 sambaDomainName: PRIMEUR sambaPrimaryGroupSID: S-1-5-21-3692295675-382424995-2796369013-513 sambaNTPassword: B2D9FE357CC623EF3770C3ECFE0CF7FC sambaPwdLastSet: 1361803572 Group : dn: cn=AddressBook,ou=Groups,dc=primeur,dc=com objectClass: posixGroup objectClass: top cn: AddressBook memberUid: user1 memberUid: user2 memberUid: user3 memberUid: user4 memberUid: user5 gidNumber: 19779 Thanks -- Carbone Dario | Primeur Sales Marketing IT Service Department Mobile:3488960584 | Email | linkedin | skype Any ideas ? ( i'm blocked and this problem make me crazy ) --
Re: [SOGo] - Ldap Filter don't work
keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn= method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base=dc=primeur,dc=com scope=2 deref=0 filter=((cn=*)(?=undefined))* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed Have you tried to remove the linebreak. string(memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string Or use something like string(objectClass=person)/string for testing if it's an problem with parsing the filter value or applying it? achim~ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] - Ldap Filter don't work
have you tried it without a filter? Original Message Subject: Re: [SOGo] - Ldap Filter don't work Date: Friday, March 1, 2013 06:39 AM CST From: Achim Gottinger ac...@ag-web.biz Reply-To: users@sogo.nu To: users@sogo.nu References: 512c7fe4.5030...@primeur.com 512cbfb4.7080...@uni-konstanz.de 512cd2e8.5020...@primeur.com 512dda69.6090...@uni-konstanz.de 5120.4060...@primeur.com 513077d0.2000...@primeur.com keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn= method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base=dc=primeur,dc=com scope=2 deref=0 filter=((cn=*)(?=undefined))* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed Have you tried to remove the linebreak. string(memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string Or use something like string(objectClass=person)/string for testing if it's an problem with parsing the filter value or applying it? achim~ -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] - Ldap Filter don't work
Hello Dario Carbone Am 2013-02-26 16:21, schrieb Dario Carbone: Il 26/02/2013 14:59, Christian Mack ha scritto: Am 2013-02-26 10:27, schrieb Dario Carbone: Here my .GNUstepDefaults : dict keyCNFieldName/key stringcn/string keyIDFieldName/key stringuid/string keyMailFieldNames/key string(mail,)/string keySOGoLDAPQueryTimeout/key string20/string keyUIDFieldName/key stringuid/string keybaseDN/key stringdc=primeur,dc=com/string keybindFields/key array stringuid/string /array keycanAuthenticate/key stringNO/string keydisplayName/key stringPrimeur Global/string keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string keyhostname/key string192.168.20.115/string keyid/key stringPrimeur_LDAP/string keyisAddressBook/key stringYES/string keypasswordPolicy/key stringNO/string keyport/key string389/string keyscope/key stringSUB/string keytype/key stringldap/string /dict I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn= method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base=dc=primeur,dc=com scope=2 deref=0 filter=((cn=*)(?=undefined))* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed What's wrong ? The Address Book make me crazy!!! Do you mean this bug? http://www.sogo.nu/bugs/view.php?id=2169 I don't think, because i do the auth on Active Directory and the users search on OpenLDAP to load the Address Book. But I think there is something in filter parsing, but I don't know how is the code/script to do this. Could you provide an LDIF of an user in this group and an LDIF of your group? Kind regards, Christian Mack -- Christian Mack Gruppe Informationsdienste Rechenzentrum Universität Konstanz -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] - Ldap Filter don't work
Il 27/02/2013 11:05, Christian Mack ha scritto: Hello Dario Carbone Am 2013-02-26 16:21, schrieb Dario Carbone: Il 26/02/2013 14:59, Christian Mack ha scritto: Am 2013-02-26 10:27, schrieb Dario Carbone: Here my .GNUstepDefaults : dict keyCNFieldName/key stringcn/string keyIDFieldName/key stringuid/string keyMailFieldNames/key string(mail,)/string keySOGoLDAPQueryTimeout/key string20/string keyUIDFieldName/key stringuid/string keybaseDN/key stringdc=primeur,dc=com/string keybindFields/key array stringuid/string /array keycanAuthenticate/key stringNO/string keydisplayName/key stringPrimeur Global/string keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string keyhostname/key string192.168.20.115/string keyid/key stringPrimeur_LDAP/string keyisAddressBook/key stringYES/string keypasswordPolicy/key stringNO/string keyport/key string389/string keyscope/key stringSUB/string keytype/key stringldap/string /dict I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn="" method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base="dc=primeur,dc=com" scope=2 deref=0 filter="((cn=*)(?=undefined))"* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed What's wrong ? The Address Book make me crazy!!! Do you mean this bug? http://www.sogo.nu/bugs/view.php?id=2169 I don't think, because i do the auth on Active Directory and the users search on OpenLDAP to load the Address Book. But I think there is something in filter parsing, but I don't know how is the code/script to do this. Could you provide an LDIF of an user in this group and an LDIF of your group? Kind regards, Christian Mack User : dn: uid=user1,ou=Group1,ou=Users,dc=primeur,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount uid: user1 uidNumber: 2424 gidNumber: 513 loginShell: /bin/bash gecos: System User userPassword: {SHA}wc45o+kQbuY95Gd3n9hdwdh8CAg= userPassword: {SHA}nxXj9Ve3UtHqjdD+FGH3USCzljY= sn: user1 homeDirectory: /home/user1 cn: user1 shadowFlag: 0 shadowMin: 0 shadowMax: 9 shadowWarning: 0 shadowInactive: 9 shadowLastChange: 12011 shadowExpire: 9 sambaKickoffTime: 2147483647 sambaAcctFlags: [U] sambaSID: S-1-5-21-3692295675-382424995-2796369013-5848 sambaDomainName: PRIMEUR sambaPrimaryGroupSID: S-1-5-21-3692295675-382424995-2796369013-513 sambaNTPassword: B2D9FE357CC623EF3770C3ECFE0CF7FC sambaPwdLastSet: 1361803572 Group : dn: cn=AddressBook,ou=Groups,dc=primeur,dc=com objectClass: posixGroup objectClass: top cn: AddressBook memberUid: user1 memberUid: user2 memberUid: user3 memberUid: user4 memberUid: user5 gidNumber: 19779 Thanks -- Carbone Dario | Primeur Sales Marketing IT Service Department Mobile:3488960584 | Email | linkedin | skype
Re: [SOGo] - Ldap Filter don't work
Hello Dario Carbone Am 2013-02-26 10:27, schrieb Dario Carbone: Here my .GNUstepDefaults : dict keyCNFieldName/key stringcn/string keyIDFieldName/key stringuid/string keyMailFieldNames/key string(mail,)/string keySOGoLDAPQueryTimeout/key string20/string keyUIDFieldName/key stringuid/string keybaseDN/key stringdc=primeur,dc=com/string keybindFields/key array stringuid/string /array keycanAuthenticate/key stringNO/string keydisplayName/key stringPrimeur Global/string keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string keyhostname/key string192.168.20.115/string keyid/key stringPrimeur_LDAP/string keyisAddressBook/key stringYES/string keypasswordPolicy/key stringNO/string keyport/key string389/string keyscope/key stringSUB/string keytype/key stringldap/string /dict I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn= method=128 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base=dc=primeur,dc=com scope=2 deref=0 filter=((cn=*)(?=undefined))* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed What's wrong ? The Address Book make me crazy!!! Do you mean this bug? http://www.sogo.nu/bugs/view.php?id=2169 Kind regards, Christian Mack -- Christian Mack Gruppe Informationsdienste Rechenzentrum Universität Konstanz -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] - Ldap Filter don't work
Il 26/02/2013 14:59, Christian Mack ha scritto: Hello Dario Carbone Am 2013-02-26 10:27, schrieb Dario Carbone: Here my .GNUstepDefaults : dict keyCNFieldName/key stringcn/string keyIDFieldName/key stringuid/string keyMailFieldNames/key string(mail,)/string keySOGoLDAPQueryTimeout/key string20/string keyUIDFieldName/key stringuid/string keybaseDN/key stringdc=primeur,dc=com/string keybindFields/key array stringuid/string /array keycanAuthenticate/key stringNO/string keydisplayName/key stringPrimeur Global/string keyfilter/key string (memberOf='cn=AddressBook,ou=Groups,dc=primeur,dc=com')/string keyhostname/key string192.168.20.115/string keyid/key stringPrimeur_LDAP/string keyisAddressBook/key stringYES/string keypasswordPolicy/key stringNO/string keyport/key string389/string keyscope/key stringSUB/string keytype/key stringldap/string /dict I've created a group on OpenLDAP and addess some users, but on the slapd log i've undefined filter. see the log : ldapserver:/var/log # cat messages | grep conn=2843622 Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 ACCEPT from IP=192.168.20.115:43613 (IP=0.0.0.0:389) Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 BIND dn="" method=128t Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=0 RESULT tag=97 err=0 text= Feb 26 10:23:31 atlante slapd[10022]: *conn=2843622 op=1 SRCH base="dc=primeur,dc=com" scope=2 deref=0 filter="((cn=*)(?=undefined))"* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SRCH attr=* Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 op=2 UNBIND Feb 26 10:23:31 atlante slapd[10022]: conn=2843622 fd=65 closed What's wrong ? The Address Book make me crazy!!! Do you mean this bug? http://www.sogo.nu/bugs/view.php?id=2169 Kind regards, Christian Mack Hi Christian, I don't think, because i do the auth on Active Directory and the users search on OpenLDAP to load the Address Book. But I think there is something in filter parsing, but I don't know how is the code/script to do this. -- Carbone Dario | Primeur Sales Marketing IT Service Department Mobile:3488960584 | Email | linkedin | skype
[SOGo] ldap filter with *
Hello, ldap filter written to settings with command defaults write sogod ... and regex * (for example *filter = mail='*'*) does not work. It will delete comma and result in error in logs and not working ldap search filter... Example: when i use under sogo user: 1) defaults write sogod SOGoUserSources '( { KindFieldName = kind; MultipleBookingsFieldName = multiple_bookings; canAuthenticate = YES; displayName = Uzivatele emailu; id = users; isAddressBook = YES; type = sql; userPasswordAlgorithm = md5; viewURL = mysql://sogo:PASSWORD@127.0.0.1:3306/sogo/sogo_users; },{ type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = sAMAccountName; baseDN = DC=OU-NEM,DC=CZ; bindDN = s...@ou-nem.cz; bindFields = (sAMAccountName); SearchFieldNames = ( sn, displayName, department ); bindPassword = PASSWORD; canAuthenticate = NO; displayName = Active Directory; hostname = 192.168.89.244; id = directory; isAddressBook = YES; port = 389; scope = SUB; *filter = objectClass = 'user' AND mail = '*' *; } )' 2) defaults read ... filter = objectClass = user AND *mail = * *; ... 3) Search from sogo webmail (sogo.log): 2012-12-17 13:32:28.152 sogod[2571] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=143) '(sn='martin*') OR (displayName='martin*') OR (department='martin*') OR (mail='martin*') OR (cn='martin*') AND objectClass = user AND mail = * ' 4) Resolution: edit manualy /home/sogo/GNUstep/Defaults/.GNUstepDefaults whitch i think is not recommanded... from this string objectClass = user AND mail = * /string to this string objectClass = user AND *mail = '*'* /string 5) defaults read after edited .GNUstepDefaults and restarted sogo: ... filter = objectClass = user AND *mail = ''*''* ; ... It is a bug in defaults write or am I doing something wrong? regards, Martin /sorry for my english/ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ldap filter with *
On 12/17/2012 10:03 PM, Martin Krpata wrote: Hello, ldap filter written to settings with command defaults write sogod ... and regex * (for example *filter = mail='*'*) does not work. It will delete comma and result in error in logs and not working ldap search filter... Example: when i use under sogo user: 1) defaults write sogod SOGoUserSources '( { KindFieldName = kind; MultipleBookingsFieldName = multiple_bookings; canAuthenticate = YES; displayName = Uzivatele emailu; id = users; isAddressBook = YES; type = sql; userPasswordAlgorithm = md5; viewURL = mysql://sogo:PASSWORD@127.0.0.1:3306/sogo/sogo_users; },{ type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = sAMAccountName; baseDN = DC=OU-NEM,DC=CZ; bindDN = s...@ou-nem.cz; bindFields = (sAMAccountName); SearchFieldNames = ( sn, displayName, department ); bindPassword = PASSWORD; canAuthenticate = NO; displayName = Active Directory; hostname = 192.168.89.244; id = directory; isAddressBook = YES; port = 389; scope = SUB; *filter = objectClass = 'user' AND mail = '*' *; } )' 2) defaults read ... filter = objectClass = user AND *mail = * *; ... 3) Search from sogo webmail (sogo.log): 2012-12-17 13:32:28.152 sogod[2571] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=143) '(sn='martin*') OR (displayName='martin*') OR (department='martin*') OR (mail='martin*') OR (cn='martin*') AND objectClass = user AND mail = * ' 4) Resolution: edit manualy /home/sogo/GNUstep/Defaults/.GNUstepDefaults whitch i think is not recommanded... from this string objectClass = user AND mail = * /string to this string objectClass = user AND *mail = '*'* /string 5) defaults read after edited .GNUstepDefaults and restarted sogo: ... filter = objectClass = user AND *mail = ''*''* ; ... It is a bug in defaults write or am I doing something wrong? regards, Martin /sorry for my english/ Hi Martin, I submitted a bug report about a possibly related issue (http://www.sogo.nu/bugs/view.php?id=2055). It sounds like the same problem. It would be nice if the filters worked, then I can make use of SOGoUserSources for address books. Simon -- htholidays.com -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ldap filter
filter looks like this keyfilter/key string( (mail='*@domain.ru' AND objectClass='person' AND userAccountControl:1.2.840.113556.1.4.803:!='2') OR (mail='*@domain.ru' AND objectClass='group') )/string 07.06.12 20:37, Николай Клименко пишет: hi all Tell me please how to write a ldap filter for sogo like this ldap query (|((mail=*@domain.ru)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))((mail=*@domain.ru)(objectClass=group))) -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] ldap filter
hi all Tell me please how to write a ldap filter for sogo like this ldap query (|((mail=*@domain.ru)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))((mail=*@domain.ru)(objectClass=group))) -- thx -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] LDAP filter for group decomposing
hi is there anyone with a solution here? should I file a bug for this? I even tried to massage the ldap suffix, so that ou=personen,ou=intern.. appears as ou=personen,ou=sogo,ou=intern.. and then set the base DN to ou=sogo,ou=intern.. with subbranches users,groups,ressources and locations, but it didn't take. searching with type SUB does not work for some reason, only a direct search of the branch. this is a bit of a pain, cos it would mean a hack in /etc/ldap.ini for example, or some other way to circumvent it, avoiding moving ldap branches around.. greets hugo.- Am 02/14/2012 03:17 PM, schrieb Bruno Lingner (Hugo): hi list I see some strange behaviour with the groups in sogo. first search is using the configured filter in the .GNUstepDefaults. then it searches again, to try to decompose it to its list of members, but this time it doesn't use the configured filter :( I have to set the search path to a higher level (ou=intern,dc=example,dc=com), because the user accounts are here: ou=personen,ou=intern,dc=example,dc=com and the sogo groups/ressources/locations are defined here: ou=sogo,ou=intern,dc=example,dc=com but because we have other groups defined as e.g: ou=sendmail,ou=intern,dc=example,dc=com which is neither one of the objectClasses that sogo sees as groups. the last search for looking up group members, is something like: SRCH base=ou=intern,dc=example,dc=com scope=2 deref=0 filter=(mail=supp...@example.com) and so it finds 2 results, one from ou=sendmail.. and one from ou=sogo.. therefore it doesn't decompose the groups properly. is it possible to change the code so it searches both times using the right filter I configured, or perhaps to search for the full DN of the group (result of the first search) the second time? LDAP debug info: --- here I search for the group in the Add Attendees window: Feb 14 14:31:02 odalix slapd[7094]: conn=1018 fd=17 ACCEPT from IP=127.0.0.1:45720 (IP=0.0.0.0:389) Feb 14 14:31:02 odalix slapd[7094]: conn=1018 op=0 BIND dn= method=128 Feb 14 14:31:02 odalix slapd[7094]: conn=1018 op=0 RESULT tag=97 err=0 text= Feb 14 14:31:02 odalix slapd[7094]: conn=1018 op=1 SRCH base=ou=intern,dc=example,dc=com scope=2 deref=0 filter=((|(sn=support*)(cn=support*)(uid=support*)(mail=support*))((objectClass=KuPPerson)(KuPaktiv=aktiv)(mail=*)(!(ou:dn:=sendmail Feb 14 14:31:02 odalix slapd[7094]: conn=1018 op=1 SRCH attr=objectClass cn uid mail title company o displayname modifytimestamp mozillahomestate mozillahomeurl homeurl st region mozillacustom2 custom2 mozillahomecountryname description notes department departmentnumber ou orgunit mobile cellphone carphone mozillacustom1 custom1 mozillanickname xmozillanickname mozillaworkurl workurl fax facsimiletelephonenumber telephonenumber mozillahomestreet mozillasecondemail xmozillasecondemail mozillacustom4 custom4 nsaimid nscpaimscreenname street streetaddress postofficebox homephone cn commonname givenname mozillahomepostalcode mozillahomelocalityname mozillaworkstreet2 mozillausehtmlmail xmozillausehtmlmail mozillahomestreet2 postalcode zip c countryname pager pagerphone mail sn surname mozillacustom3 custom3 l locality birthyear serialnumber calfburl proxyaddresses msExchHomeServerName kind multiplebookings Feb 14 14:31:02 odalix slapd[7094]: conn=1018 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 14 14:31:02 odalix slapd[7094]: conn=1018 op=2 UNBIND Feb 14 14:31:02 odalix slapd[7094]: conn=1018 fd=17 closed --- here I save the appointment: Feb 14 14:31:12 odalix slapd[7094]: conn=1019 fd=17 ACCEPT from IP=127.0.0.1:45724 (IP=0.0.0.0:389) Feb 14 14:31:12 odalix slapd[7094]: conn=1019 op=0 BIND dn= method=128 Feb 14 14:31:12 odalix slapd[7094]: conn=1019 op=0 RESULT tag=97 err=0 text= Feb 14 14:31:12 odalix slapd[7094]: conn=1019 op=1 SRCH base=ou=intern,dc=example,dc=com scope=2 deref=0 filter=(mail=supp...@example.com) Feb 14 14:31:12 odalix slapd[7094]: conn=1019 op=1 SRCH attr=objectClass cn uid mail title company o displayname modifytimestamp mozillahomestate mozillahomeurl homeurl st region mozillacustom2 custom2 mozillahomecountryname description notes department departmentnumber ou orgunit mobile cellphone carphone mozillacustom1 custom1 mozillanickname xmozillanickname mozillaworkurl workurl fax facsimiletelephonenumber telephonenumber mozillahomestreet mozillasecondemail xmozillasecondemail mozillacustom4 custom4 nsaimid nscpaimscreenname street streetaddress postofficebox homephone cn commonname givenname mozillahomepostalcode mozillahomelocalityname mozillaworkstreet2 mozillausehtmlmail xmozillausehtmlmail mozillahomestreet2 postalcode zip c countryname pager pagerphone mail sn surname mozillacustom3 custom3 l locality birthyear serialnumber calfburl proxyaddresses msExchHomeServerName kind multiplebookings member uniqueMember memberUid memberOf Feb 14 14:31:12 odalix slapd[7094]: conn=1019 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text= Feb 14 14:31:12 odalix slapd[7094]: conn=1019 op=2 UNBIND
Re: [SOGo] LDAP-Filter - How to use?
Hi Francis, ok - just tried it, here my report: - The Symbol for NOT '' has to be a lt;gt;, or an ugly error will happen: 2012-01-04 08:55:54.880 sogod[10710] File NSDictionary.m: 628. In -[NSDictionary initWithContentsOfFile:] Contents of file '/data0/srv/sogo/GNUstep/Defaults/.GNUstepDefaults' does not contain a dictionary 0x0x20e8c20[SOGoStartupLogger] No configuration found. SOGo will not work properly. Thats clear, because of an improper XML-Config-File (ok, I could set it with 'defaults' - but, its Unix ;-) ) Are you shure, there is not a better symbol for unequal like '!=' or IS NOT EQ? - after removing my account from the Groupwaregroup and done a login (trial) the following errormessage apears: object not found: SOGo = mra Thats - hm - ugly. But a kind of login will be denied, as wished. I think, SOGo checks my password, let me in but did not found further userdata (or something else) Greetings, Martin Am 03.01.2012 19:36, schrieb Martin Rabl: Thank you, I will give it a try tomorrow morning. --- Martin Rabl Am 03.01.2012 um 19:33 schrieb Francis Lachapelleflachape...@inverse.ca: Hi Martin On 2012-01-03, at 11:50 AM, Martin Rabl wrote: I tried to transform a LDAP-Search-Command into a filter for the LDAP-SOGoUserSources. My LDAP filter: ((objectClass=organizationalPerson)(memberOf=CN=Groupware-Accounts,CN=Users,DC=acme,DC=de)(!(userAccountControl=66050))) My SOGo filter: (objectClass='person' AND memberOf='CN=Groupware-Accounts,CN=Users,DC=acme,DC=de' AND NOT userAccountControl=66050) Completely false, isn't it? So, how to write a correct filter command? (I didn't find any further docs or howtos) Try this : objectClass='person' AND memberOf='CN=Groupware-Accounts,CN=Users,DC=acme,DC=de' AND userAccountControl 66050 Francis -- flachape...@inverse.ca :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- users@sogo.nu https://inverse.ca/sogo/lists -- Greetings, Martin Rabl -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] ldap filter problem (mail=*)
I want to filter out which ldap accounts have access to sogo. Under t SogoUserSources in GNUstepDefaults, I have the line filter = (objectClass=uidObject ); and that works great. But I want to filter on the existence of the attribute mail , like: filter = (objectClass=uidObject and mail=* ); and does not work but gives the error shown below in the logs. I've tried escaping the * character (mail=\*) as I think the asterisk is the problem, but I get the same error. Any ideas? 2011-12-13 10:13:25.928 sogod[31483] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=118) '(uid='username') AND (objectClass=uidObject and mail=*)' 2011-12-13 10:13:25.928 sogod[31483] buf-length: 118 2011-12-13 10:13:25.928 sogod[31483] length: 14 2011-12-13 10:13:25.928 sogod[31483] char[length]: 'A' (65) 'AND (objectClass=uidObject and mail=*)' Dec 13 10:13:25 sogod [31494]: SOGoRootPage Login for user 'username' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 localhost - - [13/Dec/2011:10:13:25 GMT] POST /SOGo/connect HTTP/1.1 403 34/39 0.008 - - 456K Thanks, Ben -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] ldap filter problem (mail=*)
attribute mail , like: filter = (objectClass=uidObject and mail=* ); This works great for me: keyfilter/key string(objectClass='PostfixBookMailAccount' AND mailEnabled='TRUE' AND sogoEnabled='TRUE')/string Right, I believe the problem is the '*' wildcard I'm using. If there is another way to filter ldap based on the existence of an attribute (mail in this case), that would be a solution as well. I'm trying to avoid editing all my ldap entries to put a redundant field (sogoEnabled=True) for every entry that has mail= attribute. Thanks, Ben -- users@sogo.nu https://inverse.ca/sogo/lists