Group sync from LDAP

[Buliwif]

Hi, I successfully synchronized my AD from an OU. Here is my configuration :

Key Value default-authentication-method ldap ldap-authentication true ldap-authentication-password MYPASSWORD ldap-authentication-userdn CN=kanbansyncad,OU=syncusers,DC=intra,DC=DOMAIN,DC=TLD ldap-background-sync true ldap-background-sync-import-new-users true ldap-background-sync-interval every 1 minute ldap-background-sync-keep-existant-users-updated true ldap-basedn OU=usersbase,DC=intra,DC=DOMAIN,DC=TLD ldap-connect-timeout 10000 ldap-enable true ldap-encryption false ldap-fullname-field cn ldap-host 192.168.XXX.XXX ldap-idle-timeout 10000 ldap-log-enabled true ldap-login-fallback true ldap-port 389 ldap-reconnect true ldap-timeout 10000 ldap-user-search-field sAMAccountName ldap-username-field sAMAccountName mail-from kanban <kanban@XXXXXXXX.xx> mail-url smtp://mail.XXXXXXX.fr:25 port 80 root-url http://kanban.XXXXXXXXX.xx

But I prefer to authorize only the users of a group. I used a rule that I used to put but it doesn't work : sudo snap set wekan ldap-user-search-filter='LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname=${user})(|(memberOf:1.2.840.113556.1.4.1941:=CN=KANBAN_Users,OU=syncgroups,DC=intra,DC=DOMAIN,DC=TLD)))'

Can someone help me ?

Thanks

[Wyrrrd]

This could be caused by the underscore in group name.

I am dealing with a search filter similar to this: (&(objectCategory=person)(objectclass=user)(memberof=cn=wekan,ou=web_groups,dc=sub,dc=domain,dc=tld)) and I am having the same issue. Every combination of filter terms are working fine, but as soon as I add the memberof=, no users are found.

This changed recently, the group was located in a OU without underscore before, and it was working fine.

[xet7]

Please note that in-use LDAP code is here https://github.com/wekan/wekan/tree/master/packages , pull requests should be added to that repo. Not this wekan/ldap. I have not looked is some PR of this wekan/ldap repo is missing from wekan/wekan repo, because I don't have any LDAP server.