LDAP sync ignores User Object Filter #3040
Comments
|
Hi @igorehan |
|
In my case (according to the filter that was the result of sniffing), 18818 objects are returned. But absolutely everything gets here: user accounts, contacts, computer accounts, groups, containers, HealthMailbox accounts (from Exchange Server)... I don't think there is anything to optimize here. It is only necessary that "ldap_search" contains the User Object Filter, and not the default one, which requests, roughly speaking, everything that is in AD. Again, why does Teampass need all the objects? It should only be interested in user accounts: In my User Object Filter (members of the same group) should return only 10-15 objects - user accounts. |
Use user provided filter if configured in the LDAP-settings page instead of the default filter. Should fix nilsteampassnet#3040
|
For the time being, I get by with the fact that in the |
This workaround did the trick. Thank you. |
Expected behaviour
After setting up LDAP and subsequent synchronization via LDAP, the User Object Filter is ignored.
Since there are a lot of objects in our domain, after 3-6 minutes the domain controller returns the result of the request, but we get a PHP error (memory_limit = 512M) (url is intentionally hidden):
As a result, synchronization does not occur.
Actual behaviour
Return objects (correct searchRequest) according to the User Object Filter (in this case, only those objects that are in a specific group)
Server configuration
Operating system:
Debian GNU/Linux 11 (bullseye)
Web server:
Apache/2.4.52 (Debian)
Database:
10.5.12-MariaDB-0+deb11u1 Debian 11
PHP version:
7.4.25
Teampass version:
3.0.0.10
LDAP Settings:
Below is the sniffing result that occurs during LDAP synchronization:
The text was updated successfully, but these errors were encountered: