LDAP, roundcube, GAB

[IronWill]

Добрый день подскажите в чем может быть проблема не получется получить Global address book в roundcube,

Код: [Выделить]

$config['ldap_public'] = array(
//Имя массива, в котором выполняется поиск
    'AD' =>array (
        'name' => 'GAB', //Отображаемое имя в интерфейсе WEBMail Roundcube
        'hosts' => array('localhost'), //IP адрес или ДНС имя
        'sizelimit' => 600,
        'port' => 3286,
        'use_tls' => false,
        'user_specific' => false,
        'base_dn' => 'OU=Domain Users,DC=example,DC=com', //Где выполнять поиск
        'bind_dn' => 'user@example.com', //Авторизация на контроллере домена
        'bind_pass' => 'password', //Авторизация на контроллере домена
        'writable' => false,
        'ldap_version' => 3,
        'search_fields' => array(
           'mail',
           'cn',
        ),
        'name_field' => 'cn',
        'email_field' => 'mail',
        'surname_field' => 'sn',
        'firstname_field' => 'givenName',
        //Можно добавить немного дополнительной информации в адресной книге
        'organization_field'     => 'company',
        'jobtitle_field'    => 'title',
        'department_field'   => 'department',
        //Порядок сортировки
        'sort' => 'sn',
        'scope' => 'sub', //Выполнять поиск по всему каталогу LDAP // search mode: sub|base|list
        'filter' => '(&(mail=*)(|(&(objectClass=user)(!(objectClass=computer)))(objectClass=group)))',
        //'filter' => '(&(mail=*)(|(&(objectcategory=person)(!(objectClass=computer)))(objectClass=group)))',
        'global_search' => true,
        'fuzzy_search' => true
    ),
);

// Type of LDAP cache. Supported values: 'db', 'apc' and 'memcache'.
$config['ldap_cache'] = 'db';
// Lifetime of LDAP cache. Possible units: s, m, h, d, w
$config['ldap_cache_ttl'] = '10m';
// when populating address autocomplete fields server-side. ex: array('sql','Verisign');
$config['debug_level'] = 4;

// Log SQL queries
$config['sql_debug'] = true;

// Log IMAP conversation
$config['imap_debug'] = true;

// Log LDAP conversation
$config['ldap_debug'] = true;

// Log SMTP conversation
$config['smtp_debug'] = true;
логи roundcube

Код: [Выделить]

[09-Jul-2022 14:32:20 +0300]: <01hbof7p> C: Connect [localhost:3286]
[09-Jul-2022 14:32:20 +0300]: <01hbof7p> S: OK
[09-Jul-2022 14:32:20 +0300]: <01hbof7p> C: Close
пробовались различные порты подключения  389, 3268, 636 везде ошибка одинаковая
буду благодарен за любую помощь
OS ubuntu 20.04

[AnrDaemon]

Начните с ldapsearch. И только когда увидите ответ в консоли, переносите его в приложение.

[IronWill]

Начните с ldapsearch. И только когда увидите ответ в консоли, переносите его в приложение.

ldapsearch выдает пользователей но после установки тех же самых настроек в domain\config\config.inc.php ничего не происходит

[AnrDaemon]

Показывайте строку ldapsearch

[IronWill]

root@mx1:/home/administrator# ldapsearch -xLLL -H ldap://dc1.example.com:389 -D user@example.com -W -b "OU=Domain Users,DC=example,DC=com"
Enter LDAP Password:

Код: [Выделить]

dn: OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: Domain Users
distinguishedName: OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220512173012.0Z
whenChanged: 20220621180938.0Z
uSNCreated: 12853
uSNChanged: 196776
name: Domain Users
objectGUID:: /aFKxAz1xEKGmpqlMPUvtg==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
gPLink: [LDAP://cn={8C3B0307-8443-4826-BC7D-F76F246BDB0D},cn=policies,cn=syste
 m,DC=example,DC=com;0][LDAP://cn={43F292EE-6E05-4F27-A8D6-319D6F5BB200},cn=poli
 cies,cn=system,DC=example,DC=com;0][LDAP://cn={4549A4D6-D492-43F7-B88C-9F9E626F
 D4A5},cn=policies,cn=system,DC=example,DC=com;0][LDAP://cn={14BF39C6-41B2-48F8-
 B0F0-42E5C40A05D4},cn=policies,cn=system,DC=example,DC=com;0]
dSCorePropagationData: 20220512173031.0Z
dSCorePropagationData: 20220512173012.0Z
dSCorePropagationData: 16010101000000.0Z

dn: CN=1 1,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: contact
cn: 1 1
sn: 1
givenName: 1
distinguishedName: CN=1 1,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220707231815.0Z
whenChanged: 20220707231815.0Z
displayName: 1
uSNCreated: 226340
uSNChanged: 226340
name: 1 1
objectGUID:: HfGTRrWRjkyPWsFYkNiAKg==
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 16010101000000.0Z

dn: OU=Users,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: Users
distinguishedName: OU=Users,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220512173031.0Z
whenChanged: 20220512174522.0Z
uSNCreated: 12855
uSNChanged: 12901
name: Users
objectGUID:: G97yc1aZTUudl6X5qpOW8g==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
dSCorePropagationData: 20220512174522.0Z
dSCorePropagationData: 20220512173031.0Z
dSCorePropagationData: 20220512173031.0Z
dSCorePropagationData: 16010101000000.0Z

dn: OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: KHA
distinguishedName: OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220512174522.0Z
whenChanged: 20220512174522.0Z
uSNCreated: 12899
uSNChanged: 12900
name: KHA
objectGUID:: mawuHE/fqkCbmupL+ftVow==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
dSCorePropagationData: 20220512174522.0Z
dSCorePropagationData: 20220512174522.0Z
dSCorePropagationData: 16010101000000.0Z

dn: CN=Roman Users,OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Roman Users
sn: Users
st: 20480000
title: President
description: user
telephoneNumber: +00000000000
givenName: Roman
distinguishedName: CN=Roman Users,OU=KHA,OU=Users,OU=Domain Users,DC=example,D
 C=com
instanceType: 4
whenCreated: 20220606152558.0Z
whenChanged: 20220707151048.0Z
displayName: Users, Roman
uSNCreated: 172209
memberOf: CN=DFS Users,CN=Users,DC=example,DC=com
memberOf: CN=Spam,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
memberOf: CN=Admins Ubuntu Server,OU=Domain Groups,DC=example,DC=com
memberOf: CN=Access Ubuntu Servers,OU=Domain Groups,DC=example,DC=com
memberOf: CN=Postmaster,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
memberOf: CN=Alert,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
memberOf: CN=OV.Allow,OU=Domain Groups,DC=example,DC=com
uSNChanged: 224774
department: IT
name: Roman Users
objectGUID:: tJdYE8DdaU6P7LTRmwDU1w==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 133020953206306968
lastLogoff: 0
lastLogon: 133021334834287060
pwdLastSet: 133016802485221765
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66aQQAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 348
sAMAccountName: user
sAMAccountType: 805306368
otherMailbox: Roman.Users@example.com
userPrincipalName: Roman.Users@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20220613210444.0Z
dSCorePropagationData: 20220606152610.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 133016034108184821
mail: Roman.Users@example.com

dn: CN=Sergei User,OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Sergei User
sn: User
st: 20480000
description: user1
telephoneNumber: +000000000000
givenName: Sergei
distinguishedName: CN=Sergei User,OU=KHA,OU=Users,OU=Domain Users,DC=example,D
 C=com
instanceType: 4
whenCreated: 20220606152558.0Z
whenChanged: 20220628120504.0Z
displayName: User, Sergei
uSNCreated: 172219
memberOf: CN=OV.Allow,OU=Domain Groups,DC=example,DC=com
uSNChanged: 198318
directReports: CN=Flex ItService,OU=Service Accounts,OU=Domain Users,DC=example,
 DC=com
name: Sergei User
objectGUID:: ra8HQvs65UCGC9yPQD8aDQ==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 133008924304405563
lastLogoff: 0
lastLogon: 133008924765814798
pwdLastSet: 132990027584084595
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66agQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: user1
sAMAccountType: 805306368
otherMailbox: Sergei.User@example.com
userPrincipalName: Sergei.User@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20220606152610.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 133008915040503240
mail: Sergei.User@example.com

dn: OU=Admins,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: Admins
distinguishedName: OU=Admins,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220512173045.0Z
whenChanged: 20220512174545.0Z
uSNCreated: 12858
uSNChanged: 12905
name: Admins
objectGUID:: x50smYLkEkylQPXv7pstiA==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
dSCorePropagationData: 20220512174545.0Z
dSCorePropagationData: 20220512173045.0Z
dSCorePropagationData: 16010101000000.0Z

dn: OU=KHA,OU=Admins,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: KHA
distinguishedName: OU=KHA,OU=Admins,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220512174545.0Z
whenChanged: 20220512174545.0Z
uSNCreated: 12903
uSNChanged: 12904
name: KHA
objectGUID:: Ryzs2AWhp0i6YEJOwJPTeA==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
dSCorePropagationData: 20220512174545.0Z
dSCorePropagationData: 20220512174545.0Z
dSCorePropagationData: 16010101000000.0Z

dn: CN=Users Roman,OU=KHA,OU=Admins,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Users Roman
sn: Roman
description: useradm
givenName: Users
distinguishedName: CN=Users Roman,OU=KHA,OU=Admins,OU=Domain Users,DC=example,
 DC=com
instanceType: 4
whenCreated: 20220512174743.0Z
whenChanged: 20220707151418.0Z
displayName: Users Roman - ADM
uSNCreated: 12906
memberOf: CN=DFS Admins,CN=Users,DC=example,DC=com
memberOf: CN=DFS Users,CN=Users,DC=example,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=example,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=example,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=example,DC=com
uSNChanged: 224785
name: Users Roman
objectGUID:: UeaHWi+VW0izwyjR1NEQLw==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 133021020546633304
lastLogoff: 0
lastLogon: 133021343858191367
pwdLastSet: 133016804583967226
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66UQQAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 786
sAMAccountName: useradm
sAMAccountType: 805306368
userPrincipalName: useradm@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20220512151535.0Z
dSCorePropagationData: 20220512174821.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 133016803461936541

dn: OU=Shared Mail Box,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: Shared Mail Box
distinguishedName: OU=Shared Mail Box,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220512173106.0Z
whenChanged: 20220512173106.0Z
uSNCreated: 12860
uSNChanged: 12861
name: Shared Mail Box
objectGUID:: y5bh3Hm0206K2I3KPzlYyg==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
dSCorePropagationData: 20220512173106.0Z
dSCorePropagationData: 16010101000000.0Z

dn: OU=Service Accounts,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: organizationalUnit
ou: Service Accounts
distinguishedName: OU=Service Accounts,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220524231913.0Z
whenChanged: 20220531103732.0Z
uSNCreated: 73904
uSNChanged: 143485
name: Service Accounts
objectGUID:: j6vRHf48v0W+wCFjieZyBA==
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=example,DC=
 com
dSCorePropagationData: 20220531103732.0Z
dSCorePropagationData: 20220524231913.0Z
dSCorePropagationData: 16010101000000.0Z

dn: CN=Postmaster,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: Postmaster
member: CN=Roman Users,OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
distinguishedName: CN=Postmaster,OU=Service Accounts,OU=Domain Users,DC=example,
 DC=com
instanceType: 4
whenCreated: 20220531103811.0Z
whenChanged: 20220607105108.0Z
uSNCreated: 143489
uSNChanged: 172491
name: Postmaster
objectGUID:: /z75yLXUd0uZi9lwhU6TgQ==
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66XAQAAA==
sAMAccountName: Postmaster
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 16010101000000.0Z
mail: postmaster@example.com

dn: CN=Flex ItService,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Flex ItService
sn: ItService
st: 20480000
description: flexitservice
givenName: Flex
distinguishedName: CN=Flex ItService,OU=Service Accounts,OU=Domain Users,DC=it
 kha,DC=com
instanceType: 4
whenCreated: 20220606152928.0Z
whenChanged: 20220606201012.0Z
displayName: ItService, Flex
uSNCreated: 172235
uSNChanged: 172310
name: Flex ItService
objectGUID:: aS+A0m/GnU6XrY1CUqPX3Q==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
pwdLastSet: 132990029682795940
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66awQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: flexitservice
sAMAccountType: 805306368
otherMailbox: Flex.ItService@example.com
userPrincipalName: FlexItService@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20220606171443.0Z
dSCorePropagationData: 16010101000000.0Z
mail: FlexItService@example.com
manager: CN=Sergei User,OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com

dn: CN=Spam,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: Spam
member: CN=Roman Users,OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
distinguishedName: CN=Spam,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
instanceType: 4
whenCreated: 20220614120445.0Z
whenChanged: 20220614120550.0Z
uSNCreated: 180948
uSNChanged: 180955
name: Spam
objectGUID:: PIIiFaKyaUewuuxiCMcGUw==
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66dAQAAA==
sAMAccountName: Spam
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 16010101000000.0Z
mail: spam@example.com

dn: CN=No Reply,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: No Reply
sn: Reply
st: 0
givenName: No
distinguishedName: CN=No Reply,OU=Service Accounts,OU=Domain Users,DC=example,DC
 =com
instanceType: 4
whenCreated: 20220524231119.0Z
whenChanged: 20220704060005.0Z
displayName: No Reply
uSNCreated: 73892
uSNChanged: 210217
name: No Reply
objectGUID:: 9WRwdEB2hU6KQ9ThPPiv1A==
userAccountControl: 66048
badPwdCount: 1
codePage: 0
countryCode: 0
badPasswordTime: 132993319197968190
lastLogoff: 0
lastLogon: 132990915723027431
pwdLastSet: 132979074792472748
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66WQQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: noreply
sAMAccountType: 805306368
otherMailbox: noreply@example.com
userPrincipalName: noreply@example.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20220531103732.0Z
dSCorePropagationData: 20220524231917.0Z
dSCorePropagationData: 20220524231308.0Z
dSCorePropagationData: 20220524231119.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 133013880055821829
mail: noreply@example.com

dn: CN=Alert,OU=Service Accounts,OU=Domain Users,DC=example,DC=com
objectClass: top
objectClass: group
cn: Alert
member: CN=Roman Users,OU=KHA,OU=Users,OU=Domain Users,DC=example,DC=com
distinguishedName: CN=Alert,OU=Service Accounts,OU=Domain Users,DC=example,DC=co
 m
instanceType: 4
whenCreated: 20220524232129.0Z
whenChanged: 20220606215159.0Z
uSNCreated: 73908
uSNChanged: 172382
name: Alert
objectGUID:: DBTr+J0GfEu8EVHq6Sp5JA==
objectSid:: AQUAAAAAAAUVAAAAH8UmcZmyIEES4y66WgQAAA==
sAMAccountName: Alert
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
dSCorePropagationData: 20220531103732.0Z
dSCorePropagationData: 16010101000000.0Z
mail: alert@example.com
даже пробовал назначать данному пользователю права доменного админа - не помогло (знаю что для нужны лишь права на чтения)

[AnrDaemon]

Скорее всего, ldapsearch запускает StartTLS. Потому что АД, будь то Самба, будь то Microsoft, без SSL тебе ничего не отдадут. Попробуйте ldaps:// (порт не указывать, либо 636).

[IronWill]

Скорее всего, ldapsearch запускает StartTLS. Потому что АД, будь то Самба, будь то Microsoft, без SSL тебе ничего не отдадут. Попробуйте ldaps:// (порт не указывать, либо 636).

попробовал, без рельтатно список пользователь до сих пор не появился

[AnrDaemon]

Да, а в логах что?

[IronWill]

Да, а в логах что?

roundcube/logs/ldap.log

Код: [Выделить]

[13-Jul-2022 15:36:18 +0300]: <pj9behgk> C: Connect [ldaps://dc1.example.com:3286]
[13-Jul-2022 15:36:18 +0300]: <pj9behgk> S: OK
[13-Jul-2022 15:36:19 +0300]: <pj9behgk> C: Close
заметил такую вещь если через thunderbird задать  параметры вручную для ldap то все работает

[Karl500]

Попробуйте в конфиге сменить строку

Код: [Выделить]

        'use_tls' => false,

на

Код: [Выделить]

        'use_tls' => true,


[IronWill]

на
        'use_tls' => true,

при 'use_tls' => true,
логи  содержат :

Код: [Выделить]

[13-Jul-2022 19:38:59 +0300]: <tgnfrj1q> C: Connect [ldaps://dc1.example.com:389]
[13-Jul-2022 19:38:59 +0300]: <tgnfrj1q> S: Could not start TLS. Can't contact LDAP server

[Karl500]

порт нужен 636 для ldaps

[AnrDaemon]

Без порта. Сказал же. Каждый протокол имеет свой стандартный порт, и программы, если не написаны идиотами, это учитывают.
Либо указывайте порт правильно.

ldaps://dc1.example.com:3286

Бред.

ldaps://dc1.example.com:389

Ещё больший бред.