Open Buliwif opened 4 years ago
This could be caused by the underscore in group name.
I am dealing with a search filter similar to this:
(&(objectCategory=person)(objectclass=user)(memberof=cn=wekan,ou=web_groups,dc=sub,dc=domain,dc=tld))
and I am having the same issue. Every combination of filter terms are working fine, but as soon as I add the memberof=
, no users are found.
This changed recently, the group was located in a OU without underscore before, and it was working fine.
Please note that in-use LDAP code is here https://github.com/wekan/wekan/tree/master/packages , pull requests should be added to that repo. Not this wekan/ldap. I have not looked is some PR of this wekan/ldap repo is missing from wekan/wekan repo, because I don't have any LDAP server.
Hi, I successfully synchronized my AD from an OU. Here is my configuration :
Key Value
default-authentication-method ldap
ldap-authentication true
ldap-authentication-password MYPASSWORDldap-authentication-userdn CN=kanbansyncad,OU=syncusers,DC=intra,DC=DOMAIN,DC=TLD
ldap-background-sync true
ldap-background-sync-import-new-users trueldap-background-sync-interval every 1 minute
ldap-background-sync-keep-existant-users-updated trueldap-basedn OU=usersbase,DC=intra,DC=DOMAIN,DC=TLD
ldap-connect-timeout 10000
ldap-enable true
ldap-encryption false
ldap-fullname-field cn
ldap-host 192.168.XXX.XXX
ldap-idle-timeout 10000
ldap-log-enabled true
ldap-login-fallback true
ldap-port 389
ldap-reconnect true
ldap-timeout 10000
ldap-user-search-field sAMAccountName
ldap-username-field sAMAccountName
mail-from kanban <kanban@XXXXXXXX.xx>
mail-url smtp://mail.XXXXXXX.fr:25
port 80
root-url http://kanban.XXXXXXXXX.xx
But I prefer to authorize only the users of a group. I used a rule that I used to put but it doesn't work :
sudo snap set wekan ldap-user-search-filter='LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname=${user})(|(memberOf:1.2.840.113556.1.4.1941:=CN=KANBAN_Users,OU=syncgroups,DC=intra,DC=DOMAIN,DC=TLD)))'
Can someone help me ?
Thanks