No, neither
(&(|(samaccountname=Team-mOps)(mail=Team-mOps)(userPrincipalName=Team-mOps))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group))) nor (&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group))) do return a result, but with Team-Pi it seems to do another query afterwards, which returns the Team for u: Jan 20 17:15:47 sogod [1076]: <0x0x80bcc9418[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389 2020-01-20 17:15:47.782 sogod[1076:100238] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'ou=mitarbeiter,dc=intern,dc=punkt, dc=de' filter '(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))' for attrs '*' │ Jan 20 17:15:47 sogod [1076]: <0x0x80bccb538[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389 2020-01-20 17:15:47.810 sogod[1076:100238] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'ou=mitarbeiter,dc=intern,dc=punkt,dc=de' filter '(samaccountname=Team-Pi)' for attrs '*' and with Team-mOps it seems not to do the second query But when I change the sAmAccountName of Team-mOps, this group is working, too. So I must havce been wrong with the difference between CN and sAMAccountName. So thank you for your help. I will change all sAMAccountNames. Lars Am 20.01.20 um 17:06 schrieb Francis Lachapelle (flachape...@inverse.ca): > Can you try to manually perform the LDAP search and make sure it returns the > proper entry? > > (&(|(samaccountname=Team-mOps)(mail=Team-mOps)(userPrincipalName=Team-mOps))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group))) > > > Francis > >> On Jan 20, 2020, at 10:38 AM, Lars Liedtke (lied...@punkt.de) >> <users@sogo.nu> wrote: >> >> Hi Francis, >> >> This is a working group: >> >> version: 1 >> dn: CN=Team-Pi,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> objectClass: group >> objectClass: top >> groupType: -2147483646 >> instanceType: 4 >> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=intern,DC=punkt,DC=de >> cn: Team-Pi >> distinguishedName: CN=Team-Pi,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> dSCorePropagationData: 16010101000000.0Z >> mail: p...@punkt.de >> member: CN=Member1,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member2,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member3,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member4,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member5,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member:: Q049VGhvbWFzIFDDtnR6c2NoLE9VPU1pdGFyYmVpdGVyLERDPWludGVybixEQz1wdW5 >> rdCxEQz1kZQ== >> member: CN=Member6,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member7,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member8,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member9,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member:: Q049QWxleGFuZGVyIELDtmhtLE9VPU1pdGFyYmVpdGVyLERDPWludGVybixEQz1wdW5 >> rdCxEQz1kZQ== >> member: CN=Member10,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member:: Q049SsO8cmdlbiBFZ2VsaW5nLE9VPU1pdGFyYmVpdGVyLERDPWludGVybixEQz1wdW5 >> rdCxEQz1kZQ== >> name: Team-Pi >> objectGUID:: PBbJg3IXH0jvv73vv71mIe+/ve+/ve+/vSc= >> objectSid:: AQUAAAAAAAUVAAAA77+9b9K4G++/vW4/Ngbvv73vv70kCwAA >> sAMAccountName: Team-Pi >> sAMAccountType: 268435456 >> uSNChanged: 11535365 >> uSNCreated: 8727024 >> whenChanged: 20200117093209.0Z >> whenCreated: 20170705091619.0Z >> zarafaAccount: 0 >> <minhadkggmedlnfm.png> >> >> And this is a not working group >> >> version: 1 >> dn: CN=Team-mOps,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> objectClass: group >> objectClass: top >> groupType: -2147483646 >> instanceType: 4 >> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=intern,DC=punkt,DC=de >> cn: Team-mOps >> distinguishedName: CN=Team-mOps,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> dSCorePropagationData: 20101124131241.0Z >> dSCorePropagationData: 16010101000001.0Z >> mail: m...@punkt.de >> member: CN=Member1,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Lars Liedtke,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member:: Q049SsO2cmcgU2Nod2VpemVyLE9VPU1pdGFyYmVpdGVyLERDPWludGVybixEQz1wdW5 >> rdCxEQz1kZQ== >> member: CN=Member2,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member3,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member4,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member5,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> member: CN=Member6,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >> name: Team-mOps >> objectGUID:: 77+9x7wO77+9fWFB77+9De+/vRDvv73vv73vv712 >> objectSid:: AQUAAAAAAAUVAAAA77+9b9K4G++/vW4/Ngbvv73vv717CgAA >> sAMAccountName: Technik >> sAMAccountType: 268435456 >> uSNChanged: 11536349 >> uSNCreated: 8391 >> whenChanged: 20200117141232.0Z >> whenCreated: 20100112101614.0Z >> <mijnimmgbopbghco.png> >> >> I have other groups, which are working with a difference between CN and >> sAMAccountName, so this can't be it. >> >> >> >> Lars >> >> >> >> Am 20.01.20 um 15:02 schrieb Francis Lachapelle (flachape...@inverse.ca): >>> Hi Lars >>> >>> Please share the LDAP entry of a problematic group. >>> >>> >>> Francis >>> >>> >>>> On Jan 17, 2020, at 9:36 AM, Lars Liedtke (lied...@punkt.de) >>>> <users@sogo.nu> >>>> wrote: >>>> >>>> Thank you, that worked. But some groups show a "0" the team and don't >>>> expand. >>>> >>>> In the log I see the following: >>>> >>>> Jan 17 15:31:46 sogod [38517]: <0x0x811ebc598[NGLdapConnection]> Using >>>> ldap_initialize for LDAP URL: >>>> ldap://127.0.0.1:389 >>>> >>>> 2020-01-17 15:31:46.696 sogod[38517:100191] -[NGLdapConnection >>>> _searchAtBaseDN:qualifier:attributes:scope:]: search at base >>>> 'ou=mitarbeiter,dc=intern,dc=punkt,dc=de' filter '(cn=Team-mOps)' for >>>> attrs '*' >>>> Jan 17 15:31:46 sogod [38517]: <0x0x80f2c9858[NGLdapConnection]> Using >>>> ldap_initialize for LDAP URL: >>>> ldap://127.0.0.1:389 >>>> >>>> 2020-01-17 15:31:46.726 sogod[38517:100191] -[NGLdapConnection >>>> _searchAtBaseDN:qualifier:attributes:scope:]: search at base >>>> 'ou=mitarbeiter,dc=intern,dc=punkt,dc=de' filter >>>> '(&(|(samaccountname=Team-mOps)(mail=Team-mOps)(userPrincipalName=Team-mOps))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))' >>>> for attrs '*' >>>> Jan 17 15:31:46 sogod [38517]: |SOGo| request took 0.049511 seconds to >>>> execute >>>> │ >>>> Jan 17 15:31:46 sogod [38517]: 172.17.28.1 "GET >>>> /SOGo/so/ry86/Contacts/punkt.de_directory/Team-mOps/members HTTP/1.1" 405 >>>> 22/0 0.050 - - - >>>> >>>> While with those groups that work there is a 200 there and then it starts >>>> querying for the team members. I can't see a notable difference inside the >>>> AD between the definitions of thos teams. Any Idea? >>>> >>>> Lars >>>> >>>> Am 17.01.20 um 14:44 schrieb Francis Lachapelle ( >>>> flachape...@inverse.ca >>>> ): >>>> >>>>> Hi Lars >>>>> >>>>> When the parameter SOGoLDAPGroupExpansionEnabled is set to YES in >>>>> sogo.conf, a new button should appear to expand groups in the mail editor >>>>> and attendees editor: >>>>> >>>>> <sogo-webmail-group-expansion.png> >>>>> >>>>> >>>>> Francis >>>>> >>>>> >>>>>> On Jan 17, 2020, at 7:54 AM, Lars Liedtke (lied...@punkt.de) >>>>>> <users@sogo.nu> >>>>>> wrote: >>>>>> >>>>>> Hello Christian, >>>>>> >>>>>> did I misinterpret this "mail(js): new button to expand recipients that >>>>>> are LDAP groups" in >>>>>> >>>>>> https://github.com/inverse-inc/sogo/releases/tag/SOGo-4.2.0 >>>>>> then? >>>>>> >>>>>> Best regards >>>>>> >>>>>> Lars >>>>>> >>>>>> Am 17.01.20 um 13:49 schrieb Christian Mack >>>>>> ( >>>>>> christian.m...@uni-konstanz.de >>>>>> ): >>>>>> >>>>>>> Hello >>>>>>> >>>>>>> AFAIK: Those buttons only exist for attendees and privileges, not for >>>>>>> emails. >>>>>>> Emails will be sent to the group email address, which are resolved >>>>>>> into recipients by the SMTP and/or IMAP server. >>>>>>> >>>>>>> >>>>>>> Kind regards, >>>>>>> Christian Mack >>>>>>> >>>>>>> Am 17.01.20 um 11:04 schrieb Lars Liedtke ( >>>>>>> lied...@punkt.de >>>>>>> ): >>>>>>> >>>>>>>> Hello all, >>>>>>>> >>>>>>>> I saw that with SOGo 4.2.0 a button has been added to expand LDAP >>>>>>>> groups >>>>>>>> in the mail editor. >>>>>>>> >>>>>>>> But I seem to be unable to meet the requirements to get the button >>>>>>>> enabled. In the calendar the groups are expanded. So There the >>>>>>>> requirements are met. Which Fields have to set (and how) in the LDAP >>>>>>>> (AD >>>>>>>> in my case) so that this very useful functionality can be activated? >>>>>>>> >>>>>>>> An example of our groups (redacted with privacy things, e.g. the group >>>>>>>> has more members than me): >>>>>>>> >>>>>>>> version: 1 >>>>>>>> >>>>>>>> dn: CN=Team-mOps,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >>>>>>>> objectClass: group >>>>>>>> objectClass: top >>>>>>>> groupType: -2147483646 >>>>>>>> instanceType: 4 >>>>>>>> objectCategory: >>>>>>>> CN=Group,CN=Schema,CN=Configuration,DC=intern,DC=punkt,DC=de >>>>>>>> cn: Team-mOps >>>>>>>> distinguishedName: CN=Team-mOps,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >>>>>>>> dSCorePropagationData: 20101124131241.0Z >>>>>>>> dSCorePropagationData: 16010101000001.0Z >>>>>>>> mail: >>>>>>>> tech...@punkt.de >>>>>>>> >>>>>>>> member: CN=Lars Liedtke,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de >>>>>>>> name: Team-mOps >>>>>>>> sAMAccountName: Technik >>>>>>>> sAMAccountType: 268435456 >>>>>>>> uSNChanged: 11268255 >>>>>>>> uSNCreated: 8391 >>>>>>>> >>>>>>>> >>>>>>>> Best Regards >>>>>>>> >>>>>>>> Lars >>>>>>>> >>>>>>>> --- >>>>>>>> punkt.de GmbH >>>>>>>> Lars Liedtke >>>>>>>> .infrastructure >>>>>>>> >>>>>>>> Kaiserallee 13a >>>>>>>> 76133 Karlsruhe >>>>>>>> >>>>>>>> Tel. +49 721 9109 500 >>>>>>>> >>>>>>>> https://infrastructure.punkt.de >>>>>>>> i...@punkt.de >>>>>>>> >>>>>>>> >>>>>>>> AG Mannheim 108285 >>>>>>>> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein >>>>>>>> >>>>> -- >>>>> >>>>> users@sogo.nu >>>>> https://inverse.ca/sogo/lists >>>> -- >>>> — >>>> >>>> punkt.de >>>> GmbH >>>> Lars Liedtke >>>> .infrastructure >>>> >>>> Kaiserallee 13a >>>> 76133 Karlsruhe >>>> >>>> Tel. +49 721 9109 500 >>>> >>>> >>>> https://infrastructure.punkt.de >>>> i...@punkt.de >>>> >>>> >>>> >>>> AG Mannheim 108285 >>>> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein >>>> >>>> -- >>>> >>>> users@sogo.nu >>>> https://inverse.ca/sogo/lists >>>> >>>> <0xDD6D744EC1628062.asc> >>>> >> -- >> --- >> punkt.de GmbH >> Lars Liedtke >> .infrastructure >> >> Kaiserallee 13a >> 76133 Karlsruhe >> >> Tel. +49 721 9109 500 >> >> https://infrastructure.punkt.de >> i...@punkt.de >> >> >> AG Mannheim 108285 >> Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein >> >> -- >> users@sogo.nu >> https://inverse.ca/sogo/lists >> <0xDD6D744EC1628062.asc> -- --- punkt.de GmbH Lars Liedtke .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109 500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein -- users@sogo.nu https://inverse.ca/sogo/lists
0xDD6D744EC1628062.asc
Description: application/pgp-keys