Re: [SOGo] Button to expand LDAP groups in mail editor is not shown

Mon, 20 Jan 2020 09:34:09 -0800 

On 20/01/2020 16:31, Lars Liedtke (lied...@punkt.de) wrote:


No,

neither

(&(|(samaccountname=Team-mOps)(mail=Team-mOps)(userPrincipalName=Team-mOps))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))

nor

(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))


do return a result, but with Team-Pi it seems to do another query 
afterwards, which returns the Team for u:


Jan 20 17:15:47 sogod [1076]: <0x0x80bcc9418[NGLdapConnection]> Using 
ldap_initialize for LDAP URL:ldap://127.0.0.1:389
2020-01-20 17:15:47.782 sogod[1076:100238] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'ou=mitarbeiter,dc=intern,dc=punkt, dc=de' filter 
'(&(|(samaccountname=Team-Pi)(mail=Team-Pi)(userPrincipalName=Team-Pi))(|(&(&(ObjectClass=user)(|(memberOf=CN=OX-Test-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)(memberOf=CN=OX-Users,OU=Mitarbeiter,DC=intern,DC=punkt,DC=de)))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))(ObjectClass=group)))'
 for attrs '*'                                                                              
                                                                    │
Jan 20 17:15:47 sogod [1076]: <0x0x80bccb538[NGLdapConnection]> Using 
ldap_initialize for LDAP URL:ldap://127.0.0.1:389
2020-01-20 17:15:47.810 sogod[1076:100238] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'ou=mitarbeiter,dc=intern,dc=punkt,dc=de' filter '(samaccountname=Team-Pi)' for 
attrs '*'

and with Team-mOps it seems not to do the second query


But when I change the sAmAccountName of Team-mOps, this group is 
working, too. So I must havce been wrong with the difference between 
CN and sAMAccountName. So thank you for your help. I will change all 
sAMAccountNames.


Lars


If the software relies on the 'CN' == 'sAMAccountName' then it is a bug, 
there is nothing in AD that specifies that they must be the same, in 
fact, they are very often different.


Rowland


--
users@sogo.nu
https://inverse.ca/sogo/lists






















					Reply via email to