1

Topic: group query returns group as member of itself

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend : LDAP (AD)
- Linux/BSD distribution name and version: Debian Squeeze
- Related log if you're reporting an issue:
====

Whenever I query a group in AD for a list of members (as a distribution group), the values I get returned are as expected, with the unwanted addition of the group itself (so it returns sam@xxx.com,joe@xxx.com,team@xxx.com).  So whenever I send a message to the DL, I get a bounce back that says team@xxx.com doesn't exist as a user (to be expected).  I've set up iRedMail before and I don't remember encountering this issue.

Here is a copy of my ad_virtual_group_maps:

server_host     = xxx.yyy.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = mail
bind_pw         = -------------
search_base     = ou=zzz,dc=yyy,dc=local
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
#leaf_result_attribute = mail
result_attribute = mail
debuglevel      = 0

I checked to make sure that the DL wasn't a member of itself, and it's not.  The only members that AD and ADExplorer list in that group are the correct ones.

Any ideas?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: group query returns group as member of itself

crawleyinc wrote:

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend : LDAP (AD)
- Linux/BSD distribution name and version: Debian Squeeze
- Related log if you're reporting an issue:
====

Whenever I query a group in AD for a list of members (as a distribution group), the values I get returned are as expected, with the unwanted addition of the group itself (so it returns sam@xxx.com,joe@xxx.com,team@xxx.com).  So whenever I send a message to the DL, I get a bounce back that says team@xxx.com doesn't exist as a user (to be expected).  I've set up iRedMail before and I don't remember encountering this issue.

Here is a copy of my ad_virtual_group_maps:

server_host     = xxx.yyy.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = mail
bind_pw         = -------------
search_base     = ou=zzz,dc=yyy,dc=local
scope           = sub
query_filter    = (&(objectClass=group)(mail=%s))
special_result_attribute = member
#leaf_result_attribute = mail
result_attribute = mail
debuglevel      = 0

I checked to make sure that the DL wasn't a member of itself, and it's not.  The only members that AD and ADExplorer list in that group are the correct ones.

Any ideas?

Answered my own question:  As far as I can tell, the special_result_attribute will return all users plus the group itself, the leaf_result_attribute will return just the members (which kind of makes sense).  This will probably mostly affect people whose internal domain isn't a TLD/doesn't match their mail domain so they have to change the LDAP queries around to make it work (hence me breaking it).

Hope this is able to help someone else out in the future.