Can't connect to ldap backend Invalid filter syntax

Infos:

  • Used Zammad version: 5.2.x
  • Used Zammad installation type: (source, package, docker-compose, …)package
  • Operating system: Ubuntu 20.04.4 LTS
  • Browser + version: Brave [Version 1.42.97 Chromium: 104.0.5112.102], Microsoft Edge (Version 104.0.1293.63)

Expected behavior:

after updating ubuntu and renewing the ssl certificate, the login should work as usual
*

Actual behavior:

LDAP synchronization works, but you cannot log in with these users. The following error appears:
“Sign-in failed. Have you checked your sign-in details and completed the email verification step?”
LDAP synchronization reports: failed tcp bind → USERLOGIN
“Can’t connect to ldap backend Invalid filter syntax.”
*

Steps to reproduce the behavior:

My SSL certificate has expired, so I wanted to renew it. In this context, UBUNTU reported me some update (20.04.2 LTS → 20.04.4 LTS). And also Zammad, Elastics etc., so I launched these updates.

After the updates the login didn’t work anymore. I keep getting the above error.
*
here the production.log

I, [2022-08-26T07:55:49.727211 #799-110900]  INFO -- : ended Channel.fetch took: 0.362394446 seconds.
I, [2022-08-26T07:55:49.739082 #777-109420]  INFO -- : Completed 200 OK in 54ms (Views: 30.4ms | ActiveRecord: 7.5ms | Allocations: 33202)
I, [2022-08-26T07:55:54.679314 #777-109360]  INFO -- : Started GET "/api/v1/integration/ldap/job_start?_=1661491728010" for 10.255.255.13 at 2022-08-26 07:55:54 +0200
I, [2022-08-26T07:55:54.688633 #777-109360]  INFO -- : Processing by Integration::LdapController#job_start_index as JSON
I, [2022-08-26T07:55:54.688729 #777-109360]  INFO -- :   Parameters: {"_"=>"1661491728010"}
I, [2022-08-26T07:55:54.720577 #777-109360]  INFO -- : Completed 200 OK in 32ms (Views: 0.4ms | ActiveRecord: 16.1ms | Allocations: 6262)
I, [2022-08-26T07:55:58.106852 #799-108940]  INFO -- : Running job thread for 'Check channels.' (Channel.fetch) status is: sleep
I, [2022-08-26T07:56:00.675605 #777-108920]  INFO -- : Started GET "/api/v1/integration/ldap/job_start?_=1661491728011" for 10.255.255.13 at 2022-08-26 07:56:00 +0200
I, [2022-08-26T07:56:00.686617 #777-108920]  INFO -- : Processing by Integration::LdapController#job_start_index as JSON
I, [2022-08-26T07:56:00.686717 #777-108920]  INFO -- :   Parameters: {"_"=>"1661491728011"}
I, [2022-08-26T07:56:00.717367 #777-108920]  INFO -- : Completed 200 OK in 31ms (Views: 0.4ms | ActiveRecord: 13.4ms | Allocations: 6262)
I, [2022-08-26T07:56:06.675060 #777-109660]  INFO -- : Started GET "/api/v1/integration/ldap/job_start?_=1661491728012" for 10.255.255.13 at 2022-08-26 07:56:06 +0200
I, [2022-08-26T07:56:06.684878 #777-109660]  INFO -- : Processing by Integration::LdapController#job_start_index as JSON
I, [2022-08-26T07:56:06.684955 #777-109660]  INFO -- :   Parameters: {"_"=>"1661491728012"}
I, [2022-08-26T07:56:06.716503 #777-109660]  INFO -- : Completed 200 OK in 31ms (Views: 0.4ms | ActiveRecord: 16.4ms | Allocations: 6262)
I, [2022-08-26T07:56:10.689607 #777-112400]  INFO -- : Started GET "/api/v1/http_logs/ldap?limit=50&_=1661491728013" for 10.255.255.13 at 2022-08-26 07:56:10 +0200
I, [2022-08-26T07:56:10.701530 #777-112400]  INFO -- : Processing by HttpLogsController#index as JSON
I, [2022-08-26T07:56:10.701681 #777-112400]  INFO -- :   Parameters: {"limit"=>"50", "_"=>"1661491728013", "facility"=>"ldap"}
I, [2022-08-26T07:56:10.752823 #777-112400]  INFO -- : Completed 200 OK in 51ms (Views: 28.9ms | ActiveRecord: 7.2ms | Allocations: 33199)
I, [2022-08-26T07:56:12.685105 #777-109420]  INFO -- : Started GET "/api/v1/integration/ldap/job_start?_=1661491728014" for 10.255.255.13 at 2022-08-26 07:56:12 +0200
I, [2022-08-26T07:56:12.694201 #777-109420]  INFO -- : Processing by Integration::LdapController#job_start_index as JSON
I, [2022-08-26T07:56:12.694323 #777-109420]  INFO -- :   Parameters: {"_"=>"1661491728014"}
I, [2022-08-26T07:56:12.726727 #777-109420]  INFO -- : Completed 200 OK in 32ms (Views: 0.5ms | ActiveRecord: 15.7ms | Allocations: 6265)
I, [2022-08-26T07:56:18.097114 #799-193160]  INFO -- : execute Job.run (try_count 0)...
I, [2022-08-26T07:56:18.099449 #799-193160]  INFO -- : ended Job.run took: 0.007642715 seconds.
I, [2022-08-26T07:56:18.681189 #777-109360]  INFO -- : Started GET "/api/v1/integration/ldap/job_start?_=1661491728015" for 10.255.255.13 at 2022-08-26 07:56:18 +0200
I, [2022-08-26T07:56:18.690582 #777-109360]  INFO -- : Processing by Integration::LdapController#job_start_index as JSON
I, [2022-08-26T07:56:18.690691 #777-109360]  INFO -- :   Parameters: {"_"=>"1661491728015"}
I, [2022-08-26T07:56:18.722270 #777-109360]  INFO -- : Completed 200 OK in 31ms (Views: 0.6ms | ActiveRecord: 15.1ms | Allocations: 6262)
I, [2022-08-26T07:56:19.731689 #799-110900]  INFO -- : execute Channel.fetch (try_count 0)...
I, [2022-08-26T07:56:19.734216 #799-110900]  INFO -- : fetching imap (owa.tutuuuuu.com/tutuuuu\it-support port=993,ssl=true,starttls=false,folder=INBOX,keep_on_server=false,auth_type=LOGIN)
I, [2022-08-26T07:56:20.027332 #799-110900]  INFO -- :  - no message
I, [2022-08-26T07:56:20.039236 #799-110900]  INFO -- : ended Channel.fetch took: 0.310624872 seconds.
I, [2022-08-26T07:56:24.681035 #777-108920]  INFO -- : Started GET "/api/v1/integration/ldap/job_start?_=1661491728016" for 10.255.255.13 at 2022-08-26 07:56:24 +0200
I, [2022-08-26T07:56:24.690403 #777-108920]  INFO -- : Processing by Integration::LdapController#job_start_index as JSON
I, [2022-08-26T07:56:24.690525 #777-108920]  INFO -- :   Parameters: {"_"=>"1661491728016"}
I, [2022-08-26T07:56:24.721967 #777-108920]  INFO -- : Completed 200 OK in 31ms (Views: 0.4ms | ActiveRecord: 15.6ms | Allocations: 6262)

Are you sure your DC allows unencrypted ldap connections?

Otherwise that would be ldaps://

Yes I am sure.
Sync works, new AD users show up in Zammad.
As I said, it worked before, but not anymore after the update and the new SSL certificate. The DC is unchanged.

hello,

does anyone have any tips? Can I help you with logs or other information to help me?

Try putting parentheses around the user filter expression, i.e. “(memberOf=…=local)”.

You are my hero :slight_smile:

i write the Syntax in () and now it works. Thanks a lot.