search

RocketChat / Rocket.Chat

The communications platform that puts data protection first.
https://rocket.chat/
Other
40.08k stars 10.34k forks source link

openldap: LDAP Sync User button does not apply LDAP user group filter #6915

Open knarf-hackatal2016 opened 7 years ago

knarf-hackatal2016 commented 7 years ago

I've just set up a rocket.chat with LDAP authentication. I'm using openLDAP. I've set openLDAP up with the basic official ubuntu tutorial and ldapscripts.

Users that can log in to rocket.chat must belong to the group chat.

My LDAP does not have memberOf filter, so I used the option:

"Enable LDAP user group filter"

I've set it up accordingly with this option. Indeed, users in the group chat can log in, whereas users that are not in this group cannot.

Nevertheless, when I use the Sync User option, all my LDAP users are synced, whether they belong to chat or not.

It seems to me that the option "Enable LDAP user group filter" works but it does not apply to "Sync User", at least with openLDAP.

(Fortunately I have only a few users and I could delete them by hand, but for a moment it made me think my config was wrong. It's still very possible as I'm a LDAP first time user).

gauburti commented 6 years ago

Hi,

On RocketChat 0.69.1, with OpenLDAP, I have exactly the same behaviour. It seems like the bug is still pending. Is there any workaround on the User Search (memberOf filter ?)