Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » LDAP query - LDAP groups missing and cn used instead of actual username
  •  
twhitehouse

Messages: 3
Karma: 0
Send a private message to this user
Hello all,

I am using Softerra LDAP Browser to run LDAP queries against our Kerio 7 server. The Kerio 7 server has Kerio connect also. I am new to administering the server, so if I am stating something incorrectly, please let me know.

Anyways, in the results I don't see any of the groups I have created. Also, the usernames are not listed. Instead, the users are listed in the left side results pane like so:

"cn=00000001"

Normally, from using other LDAP servers in the past like Active Directory for Microsoft Exchange server, Softerra would list the users by the usernames like:

"user1"

I know "cn" is an LDAP attribute for common name. I have seen that before. But, normally, that is something you enter into a BaseDN field. You don't normally see the users listed by their "cn". If I click on a user in Softerra, I can see the actual users name for the "cn" field in the right side results pane. So, the LDAP Search was successful.

Also, when I refresh the LDAP search in Softerra it fails. Softerra lists a "COM error". The description of this error is that there are "RootDSE content problems".

Regardless of the specific error, I believe the LDAP information is not set up correctly on the Kerio 7 Server.

Furthermore, no groups show up in the Softerra LDAP search either. I have a group created with users in it. Normally, on other LDAP Servers like Active Directory for Exchange, I can see the groups listed.

I think we can bundle this in with the same reason as the other incorrect behavior and say that something also is not set up correctly causing the groups to not be displayed in the LDAP search.

So, the point of my post is to find out where the LDAP attributes on the Kerio 7 Server / Kerio connect are located so that I can see if everything is set up correctly?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
LDAP server in Kerio Connect is serving user's contacts to email clients for address autocomplete. It is not a directory service for general use. There are no users or groups from product configuration.
If you need to use LDAP I recommend to use Active Directory as a primary source, map users from AD to Kerio Connect and then you can do lookups against AD's LDAP server.
  •  
twhitehouse

Messages: 3
Karma: 0
Send a private message to this user
I understand what you have said and I thank you for your response.

I would like to ask about the following to make sure I understand what is occurring. How was Softerra able to execute an LDAP query against our Kerio server and get results returned then? Was it just finding the contacts somehow? I thought LDAP was pretty strict with the basedn and attributes you had to give in a request in order to get results back? For example, with other mail server like Microsoft Exchange ( using Active Directory ), if I entered incorrect basedn, attributes, etc., Softerra would not return any users in the LDAP search. Since that was true, if we apply the same to this situation I would expect to retrieve zero users from the LDAP search since true LDAP is not even a part of the Kerio server. What do you think?
  •  
twhitehouse

Messages: 3
Karma: 0
Send a private message to this user
It actually does not matter any longer as to why any of this is working. Through some discussion on our end, we realize that the native Kerio behavior is not going to suffice for what we want. If we choose, like you said, we will set up an Active Directory server and point to it for LDAP functionality.
Previous Topic: Ressouce Sharing with KC
Next Topic: New Webmail Design of Kerio Connect Next Release
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 23:31:12 CEST 2017

Total time taken to generate the page: 0.00428 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.