Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Group does not display users (OpenLDAP Group in Kerio-Connect group accounts does not show OpenLDAP users.)
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
We are using OpenLDAP.

LDAP users are working correctly.

LDAP groups are displayed but the group does not display the users and it is not possible to send emails to the members of the group. See below screenshot

[img]./fa/3484/0/[/img]

This is the extract of openldap.map showing the group mapping.

[img]./fa/3483/0/[/img]

When sending an email to the group, the server attempts to send the email to jira-developers instead of sending to the members of the group. The error message is

This is an informative message sent by linsvr29. The server was not able to deliver your email message 
to the following addresses:  <jira-developers<_at_>flavia-it.de> (linsvr29: Mailbox does not exist)


The LDAP users have memberOf attribute and there are users with the memberOf=jira-developers
The LDAP groups have member attribute and group jira-developers has LDAP users.

I found these messages in

the warning.log

Address <jira-developers<_at_>flavia-it.de> expanded to zero recipients


the debug.log

[10/Jun/2014 09:48:35][6025] {alias} Alias processing begin, recipient=jira-developers<_at_>flavia-it.de
[10/Jun/2014 09:48:35][6025] {alias} Searching for match to jira-developers<_at_>flavia-it.de at level 0
[10/Jun/2014 09:48:35][6025] {alias} No match for jira-developers<_at_>flavia-it.de found in aliases, expansion finished
[10/Jun/2014 09:48:35][6025] {alias} Searching for address jira-developers in domain flavia-it.de...
[10/Jun/2014 09:48:35][6025] {alias} Alias expansion finished in 0.00 s



Is the openldap map file correct? Should there be a mapping from the LDAP member attribute to a Kerio variable, e.g. users?

Kind regards

Robert

[Updated on: Tue, 10 June 2014 11:37]

  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Any response from Kerio?
  •  
Neil Whiteside (Kerio)

Messages: 318

Karma: 35
Send a private message to this user
Hello Robert,

As you may be aware, Kerio doesn't formally support OpenLDAP - but there may be some pointers in this KnowledgeBase article:

http://kb.kerio.com/294

Best regards,

Neil.

Knowledge Base: http://kb.kerio.com/.
Looking for technical support? http://www.kerio.com/support
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Hello Neil,

thank's for the reply.

Is it possible that someone at Kerio have a look at the mapping files (attached) to see if the mappings look correct:

1. How does a group know which users (user email addresses) belong to a group? In the screenshot (in the first message) the group does not show users.
2. Is the gal_openldap.map file required?

Thank you

Robert.

  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Hi,

Have you mapped groups in Kerio Connect to your LDAP groups?

Create a group in Connect, then click Email Addresses > Add > Type your OpenLDAP group name.

FWIW, I don't think it's possible to display the members of an LDAP group.

This tripped me up at the beginning when I was using OSX server for authentication (which I think also uses OpenLDAP).

Hth,

ft.



[Updated on: Fri, 13 June 2014 18:34]

  •  
Think Fixed

Messages: 464

Karma: 28
Send a private message to this user
I understand how having LDAP based groups can be advantageous, but If Kerio does not yet directly support OpenLDAP, I would advise that you create a non-LDAP group in Kerio Connect. Every time I have had to make a non-supported modification to Connect, I end up having to reimplement it every time a Connect update is released. Furtheremore, I can't get support of rmy hack.

Howie Isaacks
Systems Engineer | Apple Solutions Consultant
Think Fixed LLC, Dallas and Fort Worth

www.thinkfixed.com
  •  
Think Fixed

Messages: 464

Karma: 28
Send a private message to this user
OS X Server does use OpenLDAP, but the way Apple has implemented it is different from the "normal" way it is implemented in Linux.

fishtech wrote on Fri, 13 June 2014 18:33
Hi,

Have you mapped groups in Kerio Connect to your LDAP groups?

Create a group in Connect, then click Email Addresses > Add > Type your OpenLDAP group name.

FWIW, I don't think it's possible to display the members of an LDAP group.

This tripped me up at the beginning when I was using OSX server for authentication (which I think also uses OpenLDAP).

Hth,

ft.





Howie Isaacks
Systems Engineer | Apple Solutions Consultant
Think Fixed LLC, Dallas and Fort Worth

www.thinkfixed.com
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Thanks fishtech,

when I type in the name of the group (e.g. developers) under email addresses, kerio attempts to send an email to e.g. developers<_at_>mydomain.com instead of the members of the group. Sad
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Hello Howie,

good advice: avoid unsupported features Smile

It did try creating a non LDAP group. But I cannot add LDAP users to a non LDAP group. Sad

Thanks for your help!

[Updated on: Mon, 16 June 2014 15:11]

  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Have you done the following on the server:

Create a new group in Connect, then click Email Addresses > Add > Type your OpenLDAP group name.


ft.
  •  
Think Fixed

Messages: 464

Karma: 28
Send a private message to this user
I don't think you can put LDAP users into a local group. I meant that you should abandon using Open LDAP altogether since it is not officially supported.

Howie Isaacks
Systems Engineer | Apple Solutions Consultant
Think Fixed LLC, Dallas and Fort Worth

www.thinkfixed.com
  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Yes, I have tried that.

  1. create new group with name jira-developers (which is a group in ldap)
  2. under email addresses tab, added email and typed "jira-developers"


When I send an email to the group, the kerio server responds "mailbox does not exist"

Thank you for your effort.

  •  
fishtech

Messages: 626
Karma: 14
Send a private message to this user
Thanks for clarification.

When you created the group did you choose "Add from Directory Service..."?

ft.

[Updated on: Mon, 16 June 2014 15:19]

  •  
robertflavia

Messages: 100
Karma: -5
Send a private message to this user
Yes I did. I have tried both "Add local group..." and "Add from directory service...".

Regards, Robert
Think Fixed

Messages: 464

Karma: 28
Send a private message to this user
Unless something has changed that I'm not aware of, you cannot put LDAP users in a local group or vice versa. Why not use a mailing list instead? You'll need to manually update it as you add new users but it's a good compromise if you can't abandon Open LDAP.

Howie Isaacks
Systems Engineer | Apple Solutions Consultant
Think Fixed LLC, Dallas and Fort Worth

www.thinkfixed.com
Previous Topic: Does webmail require apache?
Next Topic: Restrict sending attachment. Dwg! (Solved)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 22:06:44 CEST 2017

Total time taken to generate the page: 0.00502 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.