View Issue Details

IDProjectCategoryView StatusLast Update
0005012SOGoBackend Generalpublic2020-05-11 05:54
Reporterchaos_prevails Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformLinuxOSUbuntuOS Version18.04 LTS
Product Version4.3.0 
Summary0005012: Cannot share to primary group
Description

Hello,
I encounter the same problem as described here:
https://sogo.nu/bugs/bug_relationship_graph.php?bug_id=3857&graph=relation
and
https://sogo.nu/bugs/view.php?id=2456

the problem persist with 4.0.7, and also with 4.3.0 nightly (updated yesterday). I've had this problem also with previous version (I started to use sogo with version 3.x, I don't remember)

I authenticate against Active Directory Windows 2012 R2. My LDAP config is:

SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = sAMAccountName;
IDFieldName = cn;
baseDN = "CN=Users,dc=ad,dc=domain,dc=TLD";
bindDN = "CN=auth_sogo,CN=Users,DC=ad,DC=domain,DC=TLD";
bindFields = (sAMAccountName);
bindPassword = XZXXXX;
canAuthenticate = YES;
displayName = "XXX";
hostname = "ldaps://dc1.fqdn.TLD:636 ldaps://dc2.fqdn.TLD:636";
filter = "memberOf = 'CN=access_sogo,CN=Users,DC=ad,DC=domain,DC=TLD' AND UserAccountControl:1.2.840.113556.1.4.803: <> 2";
id = directory;
//isAddressBook = YES;
isAddressBook = NO;
}
);

Steps To Reproduce
  1. create users and set their primary group to foo
  2. share a calendar to group foo
  3. users in group foo cannot access calendar, and are not subscribed to

workaround:

  1. unshare calendar from group foo
  2. set primary group of all users to another group
  3. share calendar again to group foo
  4. users in group foo can now access the calendar (and are subscribed too)
TagsNo tags attached.

Activities

francis

francis

2020-05-08 12:06

administrator   ~0014310

Is the primary group dynamic (memberOf attribute)? If so, SOGo doesn't support dynamic groups (see 0001324).

chaos_prevails

chaos_prevails

2020-05-11 03:38

reporter   ~0014321

Hi Francis,

it is not a dynamic group

But the default group type when a group is created in AD Windows 2012 R2:
Group type: Security
Group scope: Global
Member of: access_sogo (this is the group all sogo users/groups need to be member of to have access to sogo)

E.g.
-) user user1:
member of: access_sogo, sogo_sharinggroup1, groupX, groupY, ...

-) group sogo_sharinggroup1:
Group type: Security
Group scope: Global
member of: access_sogo

-) group access sogo:
Group type: Security
Group scope: Global
member of: <empty>

Christian Mack

Christian Mack

2020-05-11 05:43

developer   ~0014325

SOGo dose not support nested groups.
No members in access_sogo, therefore no one to use.

chaos_prevails

chaos_prevails

2020-05-11 05:54

reporter   ~0014326

Hello Christian,

access_sogo has members: all users + groups which need to access sogo.

It works when the primary group is not used to share:
e.g.
1) WORKS:
user2:
member of: access_sogo, group1, Domain User
primary group: Domain User
--> sharing of a calendar to group1 DOES work

2) DOES NOT WORK:
user3:
member of: access_sogo, group1
primary group: group1
--> sharing of a calendar to group group1 does not work

3) THIS AGAIN DOES WORK
user4:
member of: access_sogo, group1, primary-group-placeholder
primary group: primary-group-placeholder
--> sharing of a calendar to group1 DOES work

there no nesting deeper than "share to members of a group which is used in sogo" (but not "share to members of a group which is again member of a group which is then used in sogo")

Issue History

Date Modified Username Field Change
2020-04-27 09:22 chaos_prevails New Issue
2020-05-08 12:06 francis Note Added: 0014310
2020-05-11 03:38 chaos_prevails Note Added: 0014321
2020-05-11 05:43 Christian Mack Note Added: 0014325
2020-05-11 05:54 chaos_prevails Note Added: 0014326