======== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version: Ubuntu Server 16.04.2 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): AD
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: syslog
====

Dear Community,

I got an problem with my address book. The authentication against AD works well. But if I want use the addressbook, I got ldap search error. The bind to the AD directory works, but the search not. Always tell me, there is an "operation error". If I change the bind user and PW, always show me the same error (why??). Who can help me? I tested ldapsearch, works also fine. I have no idea why not for the roundcube addressbook.

Postfix and Dovecot are fine.

----------------------------------
syslog:

May 10 10:10:19 mail roundcube: <v60q90mg> C: Connect [IP-Server:3268]
May 10 10:10:19 mail roundcube: <v60q90mg> S: OK
May 10 10:10:19 mail roundcube: <v60q90mg> C: Search base dn: [OU=Benutzerkonten,DC=domain,DC=de] scope [sub] with filter [mail=*]
May 10 10:10:19 mail roundcube: <v60q90mg> Using function ldap_search on scope sub ($ns_function is ldap_search)
May 10 10:10:19 mail roundcube: <v60q90mg> C: (Without VLV) Setting a filter of mail=*
May 10 10:10:19 mail roundcube: <v60q90mg> Executing search with return attributes: array (#012  0 => 'mail',#012  1 => 'displayname',#012  2 => 'objectClass',#012)
May 10 10:10:19 mail roundcube: <v60q90mg> PHP Error: LDAP: ldap_search failed for dn=OU=Benutzerkonten,DC=domain,DC=de. Operations error (GET /mail/?_task=addressbook&_action=list&_source=Adressbuch&_remote=1&_unlock=loading1494403819506&_=1494403817896)
May 10 10:10:19 mail roundcube: <v60q90mg> C: Search base dn: [OU=Benutzerkonten,DC=domain,DC=de] scope [sub] with filter [mail=*]
May 10 10:10:19 mail roundcube: <v60q90mg> Using function ldap_search on scope sub ($ns_function is ldap_search)
May 10 10:10:19 mail roundcube: <v60q90mg> C: (Without VLV) Setting a filter of mail=*
May 10 10:10:19 mail roundcube: <v60q90mg> Executing search with return attributes: array (#012  0 => 'dn',#012)
May 10 10:10:19 mail roundcube: <v60q90mg> PHP Error: LDAP: ldap_search failed for dn=OU=Benutzerkonten,DC=domain,DC=de. Operations error (GET /mail/?_task=addressbook&_action=list&_source=Adressbuch&_remote=1&_unlock=loading1494403819506&_=1494403817896)
May 10 10:10:19 mail ool www: <v60q90mg> C: Close

---------------------------
ldapsearch:

ldapsearch -x -h IP-Server -p 3268 (or 389) -D "cn=AD User,ou=Dienstkonten,dc=Domain,dc=de" -w PW -b "ou=Benutzerkonten,dc=Domain,dc=de" -s Sub "(objectClass=user)" mail

# LDAPv3
# base <ou=Benutzerkonten,dc=domain,dc=de> with scope subtree
# filter: (objectClass=user)
# requesting: mail
#

# test, Benutzerkonten, domain.de
dn: CN=test,OU=Benutzerkonten,DC=domain,DC=de

# xxxx, Benutzerkonten, domain.de
dn: CN=xxxx,OU=Benutzerkonten,DC=domain,DC=de
mail: xxxx@domain.de

Config roundcubemail:

// Global LDAP address book.
$config['ldap_public']['Adressbuch'] = array(
    'name'              => 'Adressbuch',
    'encoding'          => 'utf8',
    'hosts'             => array('IP-Server'),
    'port'              => 3268,
    #'port'              => 389,
    'use_tls'           => false,
    'ldap_version'      => '3',
    'network_timeout'   => 10,
    'user_specific'     => false,

    // Search mail users under same domain.
    'base_dn'       => 'OU=Benutzerkonten,DC=domain,DC=de',
    #'bind_dn'       => "ldapuser@domain.de",
    'bind_dn'       => 'CN=ldapuser,OU=Dienstkonten,DC=domain,DC=de',
    'bind_pw'       => 'PW',
    #'hidden'        => false,
    #'searchonly'    => false,
    'writable'      => false,

    #'search_fields' => array('mail', 'cn', 'sAMAccountName', 'sn', 'givenName'),
    'search_fields' => array('mail'),

    // mapping of contact fields to directory attributes
    #'fieldmap' => array(
     #   'name'          => 'cn',
     #   'surname'       => 'sn',
     #   'firstname'     => 'givenName',
     #   'title'         => 'title',
     #   'email'         => 'mail:*',
     #   'phone:work'    => 'telephoneNumber',
     #   'phone:mobile'  => 'mobile',
     #   'phone:workfax' => 'facsimileTelephoneNumber',
     #   'street'        => 'street',
     #   'zipcode'       => 'postalCode',
     #   'locality'      => 'l',
     #   'department'    => 'departmentNumber',
     #   'notes'         => 'description',
     #   'photo'         => 'jpegPhoto',
    #),
    #'sort'          => 'cn',
    'email_field'   => 'mail',
    'surname_field' => 'displayName',
    'scope'         => 'sub',
    #'filter'        => "(&(mail=%s)(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))",
    'filter'        => 'mail=*',
    'fuzzy_search'  => true,
    'vlv'           => false,   // Enable Virtual List View to more efficiently fetch paginated data (if server supports it)
    'sizelimit'     => '0',     // Enables you to limit the count of entries fetched. Setting this to 0 means no limit.
    'timelimit'     => '0',     // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit.
    'referrals'     => false,  // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups

);

...

best regards

Swen