View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0000333||SOGo||Backend General||public||2010-01-14 23:33||2021-09-16 21:42|
|Product Version||nightly v2|
|Summary||0000333: No filter for users that can authenticated|
There is no way to say so SOGo which users can authenticate against the LDAP server.
A typical usecase is when the LDAP is used with another system and so defines users that don't belong to the calendar system.
The typical way to filter is to use a group.
|Tags||No tags attached.|
You can use the "filter" attribute. Please see the documentation (page 14):
This filter attribute (in the documentation) seems to be related with the address book. This is not clear.
By the way, I have already tried that:
This kind of query work perfectly using ldapsearch:
But then I have this error:
Trying something closer to the example in the documentation but without anything filtered:
Try using an indirect bind by defining the bindFields paramater. If you're running a nightly build, it should look like this:
bindFields = (cn);
You may also block access to the Mail or the Calendar module to certain users based on their LDAP entry. See the documentation for this, by searching for the "ModulesConstraints" key.
Various solutions proposed.
This is not a bug.
Actually, none of the proposed answers can solve the reported problem.
SOGo combines the filter with some other attributes before requesting the LDAP server. If the schema is the same as the one I gave in the example, it won't work. Using LDAP filters, it's impossible to get the users such that the user is a member of a particular group. But it is possible to filter on the users such that they are memberOf a particular group.
I solved this problem in OpenLDAP using an overlay (cf. http://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance ). But in many other softwares, there is a support for memberOf.
So now, in theory, it should work specifying a filter like this in SOGo:
But the generated LDAP request I can see in the OpenLDAP logs looks like this:
It seems the problem comes from the several '=' because if I do that in SOGo:
where PATTERN contains more than one '=', then the generated request for the user "bertails" is:
|2010-01-14 23:33||bertails||New Issue|
|2010-01-15 00:12||francis||Note Added: 0000440|
|2010-01-15 00:28||bertails||Note Added: 0000441|
|2010-01-15 02:06||francis||Note Added: 0000442|
||Note Added: 0000446|
|2010-01-21 21:50||francis||Note Added: 0000493|
|2010-01-21 21:50||francis||Status||new => closed|
|2010-01-21 21:50||francis||Resolution||open => fixed|
|2010-01-22 23:20||bertails||Note Added: 0000508|
|2010-01-22 23:20||bertails||Status||closed => feedback|
|2010-01-22 23:20||bertails||Resolution||fixed => reopened|
|2021-09-16 21:42||francis||Assigned To||=> francis|
|2021-09-16 21:42||francis||Status||feedback => closed|