View Issue Details

IDProjectCategoryView StatusLast Update
0000333SOGoBackend Generalpublic2021-09-16 21:42
Reporterbertails Assigned Tofrancis  
Status closedResolutionreopened 
Product Versionnightly v2 
Summary0000333: No filter for users that can authenticated

There is no way to say so SOGo which users can authenticate against the LDAP server.

A typical usecase is when the LDAP is used with another system and so defines users that don't belong to the calendar system.

Additional Information

The typical way to filter is to use a group.

TagsNo tags attached.




2010-01-15 00:12

administrator   ~0000440

You can use the "filter" attribute. Please see the documentation (page 14):



2010-01-15 00:28

reporter   ~0000441

This filter attribute (in the documentation) seems to be related with the address book. This is not clear.

By the way, I have already tried that:

filter = "(|(|(|(cn=109)(cn=111))(cn=112))(cn=114))";

This kind of query work perfectly using ldapsearch:

$ ldapsearch -x -w **** -D "cn=admin,dc=w3,dc=org" -LLL '(|(|(|(cn=109)(cn=111))(cn=112))(cn=114))'
dn: cn=109,ou=groups,dc=w3,dc=org
objectClass: top
objectClass: groupOfNames
cn: 109
description: W3C Systeam
member: uid=ted,ou=people,dc=w3,dc=org
member: uid=bertails,ou=people,dc=w3,dc=org

But then I have this error:

object not found: SOGo => bertails

Trying something closer to the example in the documentation but without anything filtered:

filter = "(cn=109 OR cn=111 OR cn=112 OR cn=114)";



2010-01-15 02:06

administrator   ~0000442

Try using an indirect bind by defining the bindFields paramater. If you're running a nightly build, it should look like this:

bindFields = (cn);
filter = "(cn=109 OR cn=111 OR cn=112 OR cn=114)";



2010-01-15 04:26

viewer   ~0000446

You may also block access to the Mail or the Calendar module to certain users based on their LDAP entry. See the documentation for this, by searching for the "ModulesConstraints" key.



2010-01-21 21:50

administrator   ~0000493

Various solutions proposed.

This is not a bug.



2010-01-22 23:20

reporter   ~0000508

Actually, none of the proposed answers can solve the reported problem.

SOGo combines the filter with some other attributes before requesting the LDAP server. If the schema is the same as the one I gave in the example, it won't work. Using LDAP filters, it's impossible to get the users such that the user is a member of a particular group. But it is possible to filter on the users such that they are memberOf a particular group.

I solved this problem in OpenLDAP using an overlay (cf. ). But in many other softwares, there is a support for memberOf.

So now, in theory, it should work specifying a filter like this in SOGo:
filter = "(memberOf=cn=109,ou=groups,dc=w3,dc=org)";

But the generated LDAP request I can see in the OpenLDAP logs looks like this:

It seems the problem comes from the several '=' because if I do that in SOGo:
filter = PATTERN;

where PATTERN contains more than one '=', then the generated request for the user "bertails" is:

Issue History

Date Modified Username Field Change
2010-01-14 23:33 bertails New Issue
2010-01-15 00:12 francis Note Added: 0000440
2010-01-15 00:28 bertails Note Added: 0000441
2010-01-15 02:06 francis Note Added: 0000442
2010-01-15 04:26 wsourdeau Note Added: 0000446
2010-01-21 21:50 francis Note Added: 0000493
2010-01-21 21:50 francis Status new => closed
2010-01-21 21:50 francis Resolution open => fixed
2010-01-22 23:20 bertails Note Added: 0000508
2010-01-22 23:20 bertails Status closed => feedback
2010-01-22 23:20 bertails Resolution fixed => reopened
2021-09-16 21:42 francis Assigned To => francis
2021-09-16 21:42 francis Status feedback => closed