View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002090 | SOGo | Web Calendar | public | 2012-11-05 15:02 | 2013-01-28 13:36 |
Reporter | ryacketta | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.0.2 | ||||
Summary | 0002090: Unable to share Calendar with LDAP Group | ||||
Description | One can select a LDAP Group when sharing a calendar but once added and you double click the LDAP Group to manage permissions an error messages is displayed: An error occurred during object publishing No such user. If you close the sharing pop-up window and re-open you will notice an empty entry above 'Any Authenticated User' | ||||
Additional Information | Attached screen shot, left image is that of adding the group and then double clicking the group to set perms. The image to the left is after closing the left pop-up and re-opening. | ||||
Tags | No tags attached. | ||||
2012-11-05 15:02
|
|
Does your group have an email address? Could you give us an LDIF of your group? |
|
dn: ou=TestGroup,ou=Departments,o=** |
|
Don't use "objectClass: groupOfUniqueNames". As you use "objectClass: posixGroup" and the corresponding "memberUid" attributes, this is also superfluous. BTW: |
|
I'll speak with our LDAP guy, regardless of the issues mentioned Groups work for searches as well as inviting to meetings but fail when sharing. Something must be different in the way groups are handled for searches, invitations and sharing. |
|
Per 389 Directory Server : NOTE: There is one very important deviation from the LDAP standard:there is a bug in the standard definition of groupOfNames andgroupOfUniqueNames - the member/uniqueMember attribute is in the MUSTlist, not the MAY list, which means you cannot have an empty group.Until the LDAP community figures out how to do grouping properly, wehave put the member/uniqueMember attribute into the MAY list, to allowempty groups. |
|
Any traction on this ticket? |
|
Normally, with your group definition, it should have worked. Are you sure this group can actually be found by your SOGoUserSources? |
|
'TestGroup' is returned when doing an Address Book search of Groups (we label them Departments), adding to an event as well as when modifying share aci's. here is our SOGoUserSource for Departments (groups)
and ldapsearch results for TestGroup ldapsearch -x -W -D "cn=*" -b "ou=Departments,o=***" ou=test extended LDIF# LDAPv3base <ou=Departments,o=***> with scope subtreefilter: ou=testrequesting: ALL# dn: ou=TestGroup,ou=Departments,o=** |
|
I think your group definition is broken. ou=TestGroup should be an organization unit, but within it, you should have entries that are groups. For example, I have in my test environment: dn: ou=groups,dc=inverse,dc=ca and: dn: cn=inverse,ou=groups,dc=inverse,dc=ca |
|
Departments in our case are groups, every Department has the following objectclass's objectClass: top according to http://www.sogo.nu/english/support/faq/article/how-are-groups-handled-in-sogo-2.html If one of the objectClass attribute is equal to group, groupOfNames, groupOfUniqueNames or posixGroup, the entry is considered to be a group. What confuses me is that groups work perfectly fine when inviting to an event as well as searching the Address Book but fall flat on its face (in our case) when trying to use them for sharing. I mean, if our groups are not configured as you mention then how are they working at all? |
|
Here is one of our 'real' (sanitized) groups from LDAP ldapsearch -x -W -D "cn=Manager" -b "ou=Departments,o=**" ou='Computing & Technology Services' extended LDIF# LDAPv3base <ou=Departments,o=***> with scope subtreefilter: ou=Computing & Technology Servicesrequesting: ALL# dn: ou=Computing & Technology Services,ou=Departments,o=**** memberUid: Bob search resultsearch: 2 If I add this group to an event it is parsed out on submit and each memberUid is added to the Event. This group can also be searched via Address Book, just unable to be used for sharing. |
|
Ok, I saw that you've specified:
which should work with the structure you have, because you have ou= attributes. I guess we would need ssh/gdb access to determine why it fails. |
|
I'll have to speak with my manager and get back to you, might be able to re-configure our pilot (dev) server for such access. |
|
what exactly do you need installed for gdb (SOGo wise that is)? |
|
current list of installed RPM's [root@sogodev ~]# rpm -qa | grep sogo |
|
For us to connect and diagnose in detail, you'll need a proper support contract. Either an incident-based one, or a small timebank. |
|
Okay, filled out the form for a quote. Passed along the info to my manager to see if we can get at least a silver support contract. |
|
I remember i've seen this error as well. On my side it was an problem with how dovecot userdb resolved usernames. sogo config looked like this at first On the dovecot side group userid are resolved as the user part of the e-mail address. But sogo asked to resolve with cn. An group entry looks like this here: DG Email, Users, gsg.localdn: CN=DG Email,CN=Users,DC=gsg,DC=local My workaround was to add the user part of the email as description and use this as UIDField in sogo's configuration description: info ... |
|
Problem found it's line 804 in SoObjects/SOGo/SOGoUserManager.m
If I comment out that last line searching for spaces it works without the above workaround. |
|
This was added relatively recently: https://github.com/inverse-inc/sogo/commit/37b9aca9408ab3704ae2431bcafdafa7c7b57017 |
|
ludovic, Looks like we now have a Silver Support Agreement. When can we move forward with the investigation of the issue in detail as mentioned on 2013-01-09? -Ron |
|
Yes, contact me privately so we can setup some time to check this. |
|
Culprit code was removed: https://github.com/inverse-inc/sogo/commit/c066136a06dc0cb63deb3001c4c8db5cdda41f9d We'll launch the nightly builds shortly. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2012-11-05 15:02 | ryacketta | New Issue | |
2012-11-05 15:02 | ryacketta | File Added: group_share_aACL.png | |
2012-11-08 13:21 | Christian Mack | Note Added: 0004797 | |
2012-11-08 13:37 | ryacketta | Note Added: 0004799 | |
2012-11-09 09:28 | Christian Mack | Note Added: 0004807 | |
2012-11-09 09:33 | Christian Mack | Note Edited: 0004807 | |
2012-11-09 09:33 | Christian Mack | Note Edited: 0004807 | |
2012-11-13 14:04 | ryacketta | Note Added: 0004838 | |
2012-11-13 16:12 | ryacketta | Note Added: 0004841 | |
2012-12-21 16:10 | ryacketta | Note Added: 0005081 | |
2013-01-09 17:52 | ludovic | Note Added: 0005107 | |
2013-01-09 19:16 | ryacketta | Note Added: 0005114 | |
2013-01-09 19:37 | ludovic | Note Added: 0005115 | |
2013-01-09 20:01 | ryacketta | Note Added: 0005116 | |
2013-01-09 20:07 | ryacketta | Note Added: 0005117 | |
2013-01-09 20:24 | ludovic | Note Added: 0005118 | |
2013-01-09 20:31 | ryacketta | Note Added: 0005119 | |
2013-01-09 20:34 | ryacketta | Note Added: 0005120 | |
2013-01-09 20:58 | ryacketta | Note Added: 0005121 | |
2013-01-09 21:03 | ludovic | Note Added: 0005122 | |
2013-01-09 21:13 | ryacketta | Note Added: 0005123 | |
2013-01-12 09:26 | achim71 | Note Added: 0005159 | |
2013-01-12 09:27 | achim71 | Note Edited: 0005159 | |
2013-01-12 09:28 | achim71 | Note Edited: 0005159 | |
2013-01-12 12:10 | achim71 | Note Added: 0005161 | |
2013-01-12 12:23 | achim71 | Note Edited: 0005161 | |
2013-01-23 15:13 | ludovic | Note Added: 0005249 | |
2013-01-24 17:18 | ryacketta | Note Added: 0005251 | |
2013-01-24 17:52 | ludovic | Note Added: 0005252 | |
2013-01-28 13:36 | ludovic | Note Added: 0005261 | |
2013-01-28 13:36 | ludovic | Status | new => closed |
2013-01-28 13:36 | ludovic | Resolution | open => fixed |