I'm testing a 7.1.2 OSE on Ubuntu 10.04.3 LTS server, with multi-server+multi-domain setup.
I've noticed, when testing the GALsync setup, that one of my domains tests fine (this domain has an existing exchange server), i.e. when I type something into the test field, it does retrieve some results.
However, on another two domains (which have never had exchange installed before), when I type something into the test field, even though it says passed, no results are returned.
According to the output of "zmprov gcf zimbraGalLdapFilterDef | grep ad:", the filter used is:
(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(mail=*%s*))(!(msExchHideFromAddressLists=TRUE))(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
So to troubleshoot, I started by building an LDAP query manually, using this:
(&(|(displayName=*)(cn=*)(sn=*)(givenName=*)(mail=*))(!(msExchHideFromAddressLists=TRUE))(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
As expected, this works fine in the 1st domain, and returns an empty set for the other two.
So by trial and error, I found that if I delete these two clauses (not one, not the other, but both), the query works:
(!(msExchHideFromAddressLists=TRUE))
(mailnickname=*)
i.e. the query is now just:
(&(|(displayName=*)(cn=*)(sn=*)(givenName=*)(mail=*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
The values for attribute mailnickname are not populated in my other two domains, so that would explain why the result set is empty, but anybody know why:
1) mailnickname needs to be populated
2) why does the query still not work, by removing just the mailnickname clause?
3) what's a better solution, to populate the mailnickname, or change the zimbraGalLdapFilterDef filter?
4) from some googling, it seems that mailnickname is strictly an MS Exchange attribute, so for non-exchange environments, this would be a bug to be using as a filter?
For better readability, I reformatted the default query so it looks like this (braces matching; you can't use the query like this, so have to replace and
with null):
(&
(|(displayName=*)(cn=*)(sn=*)(givenName=*)(mail=*))
(!(msExchHideFromAddressLists=TRUE))
(mailnickname=*)
(|
(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))
(&(objectCategory=person)(objectClass=contact))
(objectCategory=group)
(objectCategory=publicFolder)
(objectCategory=msExchDynamicDistributionList)
)
)
GALsync LDAP query in AD; mailnickname=Bug?
GALsync LDAP query in AD; mailnickname=Bug?
I found this old bug:
According">https://bugzilla.zimbra.com/show_bug.cgi?id=11562
According to the last updates, it wasn't fixed in 7.1.1 or 7.1.2, but is fixed in 7.1.3?
So looks like the correct fix is to remove the mailnickname clause from the filter, will test...
According">https://bugzilla.zimbra.com/show_bug.cgi?id=11562
According to the last updates, it wasn't fixed in 7.1.1 or 7.1.2, but is fixed in 7.1.3?
So looks like the correct fix is to remove the mailnickname clause from the filter, will test...
GALsync LDAP query in AD; mailnickname=Bug?
To followup, I configured one of the domains as follows:
1) Configure GAL
2) changed Server type from AD to LDAP
3) without touching anything else, changed the LDAP filter to:
(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(mail=*%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
4) without touching anything else, changed the Autocomplete filter to:
(&(|(displayName=%s*)(cn=%s*)(sn=%s*)(givenName=%s*)(mail=%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
4) testing on the next few panels now work (i.e. I can retrieve results)
Note that if I leave "(!(msExchHideFromAddressLists=TRUE))" in the query, it still fails to retrieve anything. So in the end I had to, as per my testing, take out both the mailnickname and msExchHideFromAddressLists clauses out.
1) Configure GAL
2) changed Server type from AD to LDAP
3) without touching anything else, changed the LDAP filter to:
(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(mail=*%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
4) without touching anything else, changed the Autocomplete filter to:
(&(|(displayName=%s*)(cn=%s*)(sn=%s*)(givenName=%s*)(mail=%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
4) testing on the next few panels now work (i.e. I can retrieve results)
Note that if I leave "(!(msExchHideFromAddressLists=TRUE))" in the query, it still fails to retrieve anything. So in the end I had to, as per my testing, take out both the mailnickname and msExchHideFromAddressLists clauses out.
GALsync LDAP query in AD; mailnickname=Bug?
Finally, I modifed the queries to excluded disabled accounts:
LDAP filter:
(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(mail=*%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=contact)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
Autocomplete filter:
(&(|(displayName=%s*)(cn=%s*)(sn=%s*)(givenName=%s*)(mail=%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=contact)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
Not sure if I can take "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" and put it further outside as part of the initial &, so I don't need to write that clause three times... more testing...
LDAP filter:
(&(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(mail=*%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=contact)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
Autocomplete filter:
(&(|(displayName=%s*)(cn=%s*)(sn=%s*)(givenName=%s*)(mail=%s*))(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(&(objectCategory=person)(objectClass=contact)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))(objectCategory=group)(objectCategory=publicFolder)(objectCategory=msExchDynamicDistributionList)))
Not sure if I can take "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" and put it further outside as part of the initial &, so I don't need to write that clause three times... more testing...
GALsync LDAP query in AD; mailnickname=Bug?
[quote user="ypong"]finally, i modifed the queries to excluded disabled accounts:
Ldap filter:
(&(|(displayname=*%s*)(cn=*%s*)(sn=*%s*)(givenname=*%s*)(mail=*%s*))(|(&(objectcategory=person)(objectclass=user)(!(homemdb=*))(!(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=user)(|(homemdb=*)(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=contact)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(objectcategory=group)(objectcategory=publicfolder)(objectcategory=msexchdynamicdistributionlist)))
autocomplete filter:
(&(|(displayname=%s*)(cn=%s*)(sn=%s*)(givenname=%s*)(mail=%s*))(|(&(objectcategory=person)(objectclass=user)(!(homemdb=*))(!(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=user)(|(homemdb=*)(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=contact)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(objectcategory=group)(objectcategory=publicfolder)(objectcategory=msexchdynamicdistributionlist)))
not sure if i can take "(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))" and put it further outside as part of the initial &, so i don't need to write that clause three times... More testing...[/quote]
wow!!! I have been working on this all day. I thought i had something configured wrong. This did the trick!!! Thank you!
Ldap filter:
(&(|(displayname=*%s*)(cn=*%s*)(sn=*%s*)(givenname=*%s*)(mail=*%s*))(|(&(objectcategory=person)(objectclass=user)(!(homemdb=*))(!(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=user)(|(homemdb=*)(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=contact)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(objectcategory=group)(objectcategory=publicfolder)(objectcategory=msexchdynamicdistributionlist)))
autocomplete filter:
(&(|(displayname=%s*)(cn=%s*)(sn=%s*)(givenname=%s*)(mail=%s*))(|(&(objectcategory=person)(objectclass=user)(!(homemdb=*))(!(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=user)(|(homemdb=*)(msexchhomeservername=*))(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(&(objectcategory=person)(objectclass=contact)(!(useraccountcontrol:1.2.840.113556.1.4.803:=2)))(objectcategory=group)(objectcategory=publicfolder)(objectcategory=msexchdynamicdistributionlist)))
not sure if i can take "(!(useraccountcontrol:1.2.840.113556.1.4.803:=2))" and put it further outside as part of the initial &, so i don't need to write that clause three times... More testing...[/quote]
wow!!! I have been working on this all day. I thought i had something configured wrong. This did the trick!!! Thank you!
GALsync LDAP query in AD; mailnickname=Bug?
no worries, glad I could help. I've certainly learnt a lot from the community too.
GALsync LDAP query in AD; mailnickname=Bug?
I'm using for both:
(&(objectClass=person)(|(useraccountcontrol=66048)(useraccountcontrol=512))(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(sAMAccountName=%s*)(mail=*%s*)))
but I don't have Exchange.
(&(objectClass=person)(|(useraccountcontrol=66048)(useraccountcontrol=512))(|(displayName=*%s*)(cn=*%s*)(sn=*%s*)(givenName=*%s*)(sAMAccountName=%s*)(mail=*%s*)))
but I don't have Exchange.