Infos:
- Used Zammad version: 6.1
- Used Zammad installation type: package
- Operating system: Debian Bookworm
- Browser + version: N/A
Trying to configure LDAP integration fails with an “invalid search filter syntax”.
Expected behavior:
No error for the filter
(&(objectClass=posixaccount)(info=internal)(!(mail="DEPRECATED*")))
as it works without issue when used on command line with “ldapsearch”.
Actual behavior:
- Error from logs:
I, [2023-11-18T11:09:09.967765#151243-3863580] INFO -- : Processing by Integration::LdapController#job_try_create as JSON
I, [2023-11-18T11:09:09.967872#151243-3863580] INFO -- : Parameters: {"host_url"=>"ldap://id.example.com", "name"=>"LDAP", "active"=>"true", "options"=>{"dc=example,dc=com"=>"dc=example,dc=com"}, "option"=>"dc=example,dc=com", "base_dn"=>"dc=example,dc=com", "bind_user"=>"cn=bind1,cn=users,dc=example,dc=com", "bind_pw"=>"[FILTERED]", "user_uid"=>"uid", "user_filter"=>"(&(objectClass=posixaccount)(info=internal)(!(mail=\"DEPRECATED*\")))", "group_uid"=>"dn", "group_filter"=>"(objectClass=groupOfNames)", "user_attributes"=>{"givenname"=>"firstname", "sn"=>"lastname", "mail"=>"email", "samaccountname"=>"login", "telephonenumber"=>"phone"}, "group_role_map"=>{}, "unassigned_users"=>"sigup_roles"}
I, [2023-11-18T11:09:09.998715#151243-3863580] INFO -- : Completed 200 OK in 31ms (Views: 0.3ms | ActiveRecord: 10.1ms | Allocations: 7524)
I, [2023-11-18T11:09:10.026613#151243-3743540] INFO -- : Started GET "/api/v1/integration/ldap/job_try?finished=true&_=1700302056616" for 172.27.227.148 at 2023-11-18 11:09:10 +0000
I, [2023-11-18T11:09:10.034851#151243-3743540] INFO -- : Processing by Integration::LdapController#job_try_index as JSON
I, [2023-11-18T11:09:10.034939#151243-3743540] INFO -- : Parameters: {"finished"=>"true", "_"=>"1700302056616"}
I, [2023-11-18T11:09:10.054882#151243-3743540] INFO -- : Completed 200 OK in 20ms (Views: 0.5ms | ActiveRecord: 4.2ms | Allocations: 5903)
I, [2023-11-18T11:09:12.357912#164153-64860] INFO -- : 2023-11-18T11:09:12+0000: [Worker(host:zammad pid:164153)] Job AsyncImportJob [e9050fba-cc28-4a8c-bf11-958373313172] from DelayedJob(default) with arguments: [{"_aj_globalid"=>"gid://zammad/ImportJob/5"}] (id=15402) (queue=default) RUNNING
W, [2023-11-18T11:09:12.392727#164153-64860] WARN -- : Scoped order is ignored, it's forced to be batch order.
E, [2023-11-18T11:09:12.436545#164153-64860] ERROR -- : ImportJob 'Import::Ldap' failed: Invalid filter syntax.
E, [2023-11-18T11:09:12.436648#164153-64860] ERROR -- : Invalid filter syntax. (Net::LDAP::FilterSyntaxInvalidError)
lib/ldap.rb:66:in `search'
lib/ldap.rb:105:in `count'
lib/sequencer/unit/import/ldap/users/total.rb:23:in `total'
lib/sequencer/unit/import/ldap/users/total.rb:11:in `block in process'
lib/sequencer/state.rb:43:in `provide'
lib/sequencer/unit/import/ldap/users/total.rb:9:in `process'
lib/sequencer/unit/base.rb:247:in `process'
lib/sequencer.rb:76:in `block (4 levels) in process'
lib/mixin/start_finish_logger.rb:9:in `log_start_finish'
lib/sequencer.rb:75:in `block (3 levels) in process'
lib/sequencer/state.rb:151:in `process'
lib/sequencer.rb:73:in `block (2 levels) in process'
lib/sequencer/units.rb:27:in `block in each'
lib/sequencer/units.rb:26:in `each'
lib/sequencer/units.rb:26:in `each'
lib/sequencer.rb:71:in `each_with_index'
lib/sequencer.rb:71:in `block in process'
lib/mixin/start_finish_logger.rb:9:in `log_start_finish'
lib/sequencer.rb:69:in `process'
lib/sequencer.rb:24:in `process'
lib/sequencer/unit/import/common/sub_sequence/mixin/base.rb:26:in `sequence_resource'
lib/sequencer/unit/import/ldap/sources/sub_sequence.rb:12:in `block in process'
lib/sequencer/unit/import/ldap/sources/sub_sequence.rb:11:in `each'
lib/sequencer/unit/import/ldap/sources/sub_sequence.rb:11:in `process'
lib/sequencer/unit/base.rb:247:in `process'
lib/sequencer.rb:76:in `block (4 levels) in process'
lib/mixin/start_finish_logger.rb:9:in `log_start_finish'
lib/sequencer.rb:75:in `block (3 levels) in process'
lib/sequencer/state.rb:151:in `process'
lib/sequencer.rb:73:in `block (2 levels) in process'
lib/sequencer/units.rb:27:in `block in each'
lib/sequencer/units.rb:26:in `each'
lib/sequencer/units.rb:26:in `each'
lib/sequencer.rb:71:in `each_with_index'
lib/sequencer.rb:71:in `block in process'
lib/mixin/start_finish_logger.rb:9:in `log_start_finish'
lib/sequencer.rb:69:in `process'
lib/sequencer.rb:24:in `process'
lib/import/mixin/sequence.rb:17:in `process'
lib/import/integration_base.rb:94:in `start'
app/models/import_job.rb:26:in `start'
app/jobs/async_import_job.rb:11:in `perform'
lib/background_services/service/process_delayed_jobs.rb:25:in `block (2 levels) in launch'
lib/background_services/service/process_delayed_jobs.rb:23:in `block in launch'
lib/background_services/service/process_delayed_jobs.rb:20:in `loop'
lib/background_services/service/process_delayed_jobs.rb:20:in `launch'
lib/background_services/service.rb:27:in `block in run'
lib/application_handle_info.rb:19:in `use'
lib/background_services/service.rb:33:in `block in run_in_service_context'
lib/background_services/service.rb:32:in `run_in_service_context'
lib/background_services/service.rb:26:in `run'
lib/background_services.rb:67:in `block in start_as_thread'
Steps to reproduce the behavior:
- Put the following search filter into the user filter value field:
(&(objectClass=posixaccount)(info=internal)(!(mail="DEPRECATED*")))
- Save config => error… and unfortunately the complete integration routine is stopped and you have to start from scratch.
Thanks for assistance… or any hint where to file it as bug (if it’s required).
Cheers, Schweigi
