LDAP contacts

[rcubetrac]

Reported by AnteC on 10 Feb 2015 09:00 UTC as Trac ticket #1490269

I can't see my LDAP contacts in address book in roundcube 1.1. Address book LDAP group is empty.
There is log:
11:43:41 +0300: PHP Error: ldap_search failed for dn=ou=address,dc=m-tisiz,dc=local: Protocol error (GET /new/?_task=addressbook&_source=m-tisiz&_page=1&_action=list&_remote=1&unlock=loading1423557821195&=1423557819759)
11:43:41 +0300: PHP Error: ldap_search failed for dn=ou=address,dc=m-tisiz,dc=local: Can't contact LDAP server (GET /new/?_task=addressbook&_source=m-tisiz&_page=1&_action=list&_remote=1&unlock=loading1423557821195&=1423557819759)

But when i compose new message all contacts from LDAP select normally and no error in log.
Also in roundcube 1.0.5 all work fine.
After upgrade i run indexcontacts.sh, but no luck.

Migrated-From: http://trac.roundcube.net/ticket/1490269

[rcubetrac]

Comment by @alecpl on 15 Feb 2015 12:55 UTC

indexcontacts.sh is not for LDAP addressbook. Please, provide your ldap_public configuration. Enable ldap_debug option and provide the complete log.

[rcubetrac]

Milestone changed by @alecpl on 15 Feb 2015 12:55 UTC

later => 1.1.1

[rcubetrac]

Comment by AnteC on 16 Feb 2015 06:09 UTC

ldap log:

[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: Connect [08:57:00 +0300](altair.m-tisiz.local:389]
[16-Feb-2015): <nkvc1qne> S: OK
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: Bind [m-tisiz\roundcube](dn:)
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> S: OK
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: Search base dn: [scope [sub](ou=address,dc=m-tisiz,dc=local]) with filter [08:57:00 +0300](]
[16-Feb-2015): <nkvc1qne> Using function ldap_search on scope sub ($ns_function is ldap_search)
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: (Without VLV) Setting a filter of
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> Executing search with return attributes: array (
  0 => 'cn',
  1 => 'mail',
  2 => 'sn',
  3 => 'givenname',
  4 => 'telephonenumber',
  5 => 'objectClass',
)
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: Search base dn: [scope [sub](ou=address,dc=m-tisiz,dc=local]) with filter [08:57:00 +0300](]
[16-Feb-2015): <nkvc1qne> Using function ldap_search on scope sub ($ns_function is ldap_search)
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: (Without VLV) Setting a filter of
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> Executing search with return attributes: array (
  0 => 'dn',
)
[08:57:00 +0300](16-Feb-2015): <nkvc1qne> C: Close

config:

$config[= array (
  'm-tisiz' =>
  array (
    'name' => 'm-tisiz',
    'hosts' =>
    array (
      0 => 'altair.m-tisiz.local',
    ),
    'port' => 389,
    'use_tls' => false,
    'user_specific' => false,
    'base_dn' => 'ou=address,dc=m-tisiz,dc=local',
    'bind_dn' => 'm-tisiz\\roundcube',
    'bind_pass' => '*****',
    'search_filter' => '(&(objectClass=posixAccount)(uid=%u))',
    'writable' => false,
    'LDAP_Object_Classes' =>
    array (
      0 => 'top',
      1 => 'inetOrgPerson',
    ),
    'required_fields' =>
    array (
      0 => 'cn',
      1 => 'sn',
      2 => 'mail',
    ),
    'LDAP_rdn' => 'mail',
    'ldap_version' => 3,
    'search_fields' =>
    array (
      0 => 'sn',
      1 => 'mail',
      2 => 'cn',
    ),
    'name_field' => 'cn',
    'email_field' => 'mail',
    'surname_field' => 'sn',
    'firstname_field' => 'gn',
    'phone_field' => 'telephoneNumber',
    'sort' => 'cn',
    'scope' => 'sub',
    'filter' => '',
    'fuzzy_search' => true,
    'sizelimit' => '0',
    'timelimit' => '0',
  ),
);

$config['autocomplete_addressbooks']('ldap_public']) = array('m-tisiz');
$config['addressbook_search_mode'] = 2;

[rcubetrac]

Comment by @alecpl on 16 Feb 2015 15:34 UTC

Please, try with filter => '(objectClass=inetOrgPerson)'.

[rcubetrac]

Comment by aberglund on 16 Feb 2015 16:06 UTC

Alec, adding that to the filter param fixed this in my case.

[rcubetrac]

Comment by AnteC on 17 Feb 2015 07:47 UTC

I change it:
'search_filter' => '(objectClass=inetOrgPerson)',
but no luck.
There is ldap log:

[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: Connect [08:59:48 +0300](altair.m-tisiz.local:389]
[17-Feb-2015): <ioabl7un> S: OK
[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: Bind [m-tisiz\roundcube](dn:)
[08:59:48 +0300](17-Feb-2015): <ioabl7un> S: OK
[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: Search base dn: [scope [sub](ou=address,dc=m-tisiz,dc=local]) with filter [08:59:48 +0300](]
[17-Feb-2015): <ioabl7un> Using function ldap_search on scope sub ($ns_function is ldap_search)
[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: (Without VLV) Setting a filter of
[08:59:48 +0300](17-Feb-2015): <ioabl7un> Executing search with return attributes: array (
  0 => 'cn',
  1 => 'mail',
  2 => 'sn',
  3 => 'givenname',
  4 => 'telephonenumber',
  5 => 'objectClass',
)
[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: Search base dn: [scope [sub](ou=address,dc=m-tisiz,dc=local]) with filter [08:59:48 +0300](]
[17-Feb-2015): <ioabl7un> Using function ldap_search on scope sub ($ns_function is ldap_search)
[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: (Without VLV) Setting a filter of
[08:59:48 +0300](17-Feb-2015): <ioabl7un> Executing search with return attributes: array (
  0 => 'dn',
)
[08:59:48 +0300](17-Feb-2015): <ioabl7un> C: Close

There is httpd_error.log:

[Feb 17 08:59:41 2015](Tue) [Graceful restart requested, doing restart
[Tue Feb 17 08:59:41 2015](notice]) [Digest: generating secret for digest authentication ...
[Tue Feb 17 08:59:41 2015](notice]) [Digest: done
[Tue Feb 17 08:59:42 2015](notice]) [notice] Apache/2.2.29 (FreeBSD) PHP/5.3.29 with Suhosin-Patch mod_ssl/2.2.29 OpenSSL/1.0.1i DAV/2 configured -- resuming normal operations
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /usr/local/etc/openldap/ldap.conf
ldap_init: using /usr/local/etc/openldap/ldap.conf
ldap_init: HOME env is /
ldap_init: trying //ldaprc
ldap_init: trying //.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP altair.m-tisiz.local:389
ldap_new_socket: 18
ldap_prepare_socket: 18
ldap_connect_to_host: Trying 192.168.100.244:389
ldap_pvt_connect: fd: 18 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x2b347b80 msgid 1
wait4msg ld 0x2b347b80 msgid 1 (infinite timeout)
wait4msg continue ld 0x2b347b80 msgid 1 all 1
** ld 0x2b347b80 Connections:
* host: altair.m-tisiz.local  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Feb 17 08:59:48 2015


** ld 0x2b347b80 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x2b347b80 request count 1 (abandoned 0)

** ld 0x2b347b80 Response Queue:
   Empty
  ld 0x2b347b80 response count 0
ldap_chkResponseList ld 0x2b347b80 msgid 1 all 1
ldap_chkResponseList returns ld 0x2b347b80 NULL
ldap_int_select
read1msg: ld 0x2b347b80 msgid 1 all 1
read1msg: ld 0x2b347b80 msgid 1 message type bind
read1msg: ld 0x2b347b80 0 new referrals
read1msg:  mark request completed, ld 0x2b347b80 msgid 1
request done: ld 0x2b347b80 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_search
put_filter: ""
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x2b347b80 msgid 2
wait4msg ld 0x2b347b80 msgid 2 (infinite timeout)
wait4msg continue ld 0x2b347b80 msgid 2 all 1
** ld 0x2b347b80 Connections:
* host: altair.m-tisiz.local  port: 389  (default)
  refcnt: 2  status: Connected
  last used: Tue Feb 17 08:59:48 2015


** ld 0x2b347b80 Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x2b347b80 request count 1 (abandoned 0)
** ld 0x2b347b80 Response Queue:
   Empty
  ld 0x2b347b80 response count 0
ldap_chkResponseList ld 0x2b347b80 msgid 2 all 1
ldap_chkResponseList returns ld 0x2b347b80 NULL
ldap_int_select
read1msg: ld 0x2b347b80 msgid 2 all 1
read1msg: ld 0x2b347b80 msgid 0 message type extended-result
ldap_chase_referrals
read1msg:  V2 referral chased, mark request completed, id = 0
read1msg: ld 0x2b347b80 0 new referrals
read1msg:  mark request completed, ld 0x2b347b80 msgid 0
request done: ld 0x2b347b80 msgid 0
res_errno: 2, res_error: <00000057: LdapErr: DSID-0C0C095E, comment: The server was unable to decode a search request filter, data 0, v1772>, res_matched: <>
ldap_err2string
ldap_err2string
ldap_search
put_filter: ""
ldap_send_initial_request
ldap_send_server_request
ldap_free_request (origid 3, msgid 3)
ldap_free_connection 0 0
ldap_free_connection: refcnt 1
ldap_err2string
ldap_err2string
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

[rcubetrac]

Comment by @alecpl on 17 Feb 2015 08:00 UTC

@antec, it is 'filter' not 'search_filter'.

[rcubetrac]

Comment by AnteC on 17 Feb 2015 09:42 UTC

ldap logs

[12:30:19 +0300](17-Feb-2015): <b6b4flsr> C: Connect [12:30:19 +0300](altair.m-tisiz.local:389]
[17-Feb-2015): <b6b4flsr> S: OK
[12:30:19 +0300](17-Feb-2015): <b6b4flsr> C: Bind [m-tisiz\roundcube](dn:)
[12:30:20 +0300](17-Feb-2015): <b6b4flsr> S: OK
[12:30:20 +0300](17-Feb-2015): <b6b4flsr> C: Search base dn: [scope [sub](ou=address,dc=m-tisiz,dc=local]) with filter [12:30:20 +0300]((objectClass=inetOrgPerson)]
[17-Feb-2015): <b6b4flsr> Using function ldap_search on scope sub ($ns_function is ldap_search)
[12:30:20 +0300](17-Feb-2015): <b6b4flsr> C: (Without VLV) Setting a filter of (objectClass=inetOrgPerson)
[12:30:20 +0300](17-Feb-2015): <b6b4flsr> Executing search with return attributes: array (
  0 => 'cn',
  1 => 'mail',
  2 => 'sn',
  3 => 'givenname',
  4 => 'telephonenumber',
  5 => 'objectClass',
)
[12:30:20 +0300](17-Feb-2015): <b6b4flsr> S: 0 record(s) found
[12:30:20 +0300](17-Feb-2015): <b6b4flsr> C: Close

config

$config['ldap_public'] = array (
  'm-tisiz' =>
  array (
    'name' => 'm-tisiz',
    'hosts' =>
    array (
      0 => 'altair.m-tisiz.local',
    ),
    'port' => 389,
    'use_tls' => false,
    'user_specific' => false,
    'base_dn' => 'ou=address,dc=m-tisiz,dc=local',
    'bind_dn' => 'm-tisiz\\roundcube',
    'bind_pass' => '******',
    'search_filter' => '(&(objectClass=posixAccount)(uid=%u))',

    'writable' => false,
    'LDAP_Object_Classes' =>
    array (
      0 => 'top',
      1 => 'inetOrgPerson',
    ),
    'required_fields' =>
    array (
      0 => 'cn',
      1 => 'sn',
      2 => 'mail',
    ),
    'LDAP_rdn' => 'mail',
    'ldap_version' => 3,
    'search_fields' =>
    array (
      0 => 'sn',
      1 => 'mail',
      2 => 'cn',
    ),
    'name_field' => 'cn',
    'email_field' => 'mail',
    'surname_field' => 'sn',
    'firstname_field' => 'gn',
    'phone_field' => 'telephoneNumber',
    'sort' => 'cn',
    'scope' => 'sub',
    'filter'        => '(objectClass=inetOrgPerson)',
    'fuzzy_search' => true,
    'sizelimit' => '0',
    'timelimit' => '0',
  ),
);

[rcubetrac]

Comment by @alecpl on 20 Feb 2015 08:25 UTC

@antec, do you have still these errors in log? Now the communication with ldap server looks good to me. Do you have log from 1.0.5?

[rcubetrac]

Comment by AnteC on 20 Feb 2015 08:52 UTC

yes, i have these error.
1.0.5 ldap log:

[11:48:21 +0300](20-Feb-2015): C: Connect to altair.m-tisiz.local:389 [11:48:21 +0300](m-tisiz]
[20-Feb-2015): S: OK
[11:48:21 +0300](20-Feb-2015): C: Bind m-tisiz\roundcube, pass: **** [11:48:21 +0300](14]
[20-Feb-2015): S: OK
[11:48:21 +0300](20-Feb-2015): C: Search ou=address,dc=m-tisiz,dc=local for (objectclass=*)
[11:48:22 +0300](20-Feb-2015): S: 218 record(s) found
[11:48:22 +0300](20-Feb-2015): C: Close

1.1 ldap log:

[11:48:04 +0300](20-Feb-2015): <s75ad768> C: Connect [11:48:04 +0300](altair.m-tisiz.local:389]
[20-Feb-2015): <s75ad768> S: OK
[11:48:04 +0300](20-Feb-2015): <s75ad768> C: Bind [m-tisiz\roundcube](dn:)
[11:48:04 +0300](20-Feb-2015): <s75ad768> S: OK
[11:48:04 +0300](20-Feb-2015): <s75ad768> C: Search base dn: [scope [sub](ou=address,dc=m-tisiz,dc=local]) with filter [11:48:04 +0300]((objectClass=inetOrgPerson)]
[20-Feb-2015): <s75ad768> Using function ldap_search on scope sub ($ns_function is ldap_search)
[11:48:04 +0300](20-Feb-2015): <s75ad768> C: (Without VLV) Setting a filter of (objectClass=inetOrgPerson)
[11:48:04 +0300](20-Feb-2015): <s75ad768> Executing search with return attributes: array (
  0 => 'cn',
  1 => 'mail',
  2 => 'sn',
  3 => 'givenname',
  4 => 'telephonenumber',
  5 => 'objectClass',
)
[11:48:04 +0300](20-Feb-2015): <s75ad768> S: 0 record(s) found
[11:48:04 +0300](20-Feb-2015): <s75ad768> C: Close

but there is no any errors in errors log now.

[rcubetrac]

Comment by @alecpl on 20 Feb 2015 09:08 UTC

Your contacts have no inetOrgPerson class assigned, right? Change the 'filter' to '(objectclass=*)'.

[rcubetrac]

Comment by AnteC on 20 Feb 2015 09:17 UTC

Thank you, now all work perfectly.

[rcubetrac]

Comment by @alecpl on 20 Feb 2015 09:49 UTC

So, the issue here is that 1.0 accepted empty filter, but 1.1 does not. I fixed that on Net_LDAP3 side: http://git.kolab.org/pear/Net_LDAP3/commit/?id=7e6148385886be88e891e192d7d1703960a9785e

[rcubetrac]

Status changed by @alecpl on 20 Feb 2015 09:49 UTC

new => closed