LDAP integration with group filter

Community Support
1

Description

I have connected Rocket.Chat to an OpenLDAP server with the LAM (LDAP Account Manager) frontend. I was able to login a LDAP user so in general it works. But now I am in struggle with the group filter.

I use uid and mail as valid fields for the username. On the other hand I have a posixGroup that uses the memberUid field filled with the uid of the user. Now I dont know how to set the LDAP_Group_Filter_Group_Member_Format. Currently its set to #{username} only. This works fine if the user logs in with its uid because this matches exactly to the memberUid value of the group. But it doesnt if the user logs in with its mail. Is there a way to always use the uid for the filter, regardless if the user logs in with uid or mail?

Here you can see a user and the group:

dn: cn=Max Mustermann,ou=users,dc=example,dc=com
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
homeDirectory: /home/mmustermann
uid: mmustermann
cn: Max Mustermann
uidNumber: 10000
gidNumber: 10000
userPassword:: <removed>
sn: Mustermann
givenName: Max
mail: max.mustermann@example.com
structuralObjectClass: inetOrgPerson
entryUUID: 1a3fe862-c207-103c-976a-b7a5d2169a2a
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 20220906081023Z
entryCSN: 20220906081023.859476Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20220906081023Z

dn: cn=rocketchat_user,ou=groups,dc=example,dc=com
objectClass: posixGroup
gidNumber: 10001
cn: rocketchat_user
structuralObjectClass: posixGroup
entryUUID: 0992e3cc-c20a-103c-976b-b7a5d2169a2a
creatorsName: cn=admin,dc=example,dc=com
createTimestamp: 20220906083124Z
memberUid: mmustermann
entryCSN: 20220906083151.005005Z#000000#000#000000
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20220906083151Z

Server Setup Information

  • Version of Rocket.Chat Server: 5.0.5
  • Operating System: Debian 10
  • Deployment Method: tar
  • Number of Running Instances: 1
  • DB Replicaset Oplog: activated
  • NodeJS Version: v14.18.3
  • MongoDB Version: 5.0.11 / wiredTiger
  • Proxy: apache
  • Firewalls involved: none

Any additional Information

Here you can see some slapd log entries. First login with uid which succeeds with the group filter:

Sep  6 13:29:49 ldap slapd[1970706]: conn=1083 op=5 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=mmustermann)(cn=rocketchat_user))"

Second a log entry with mail which fails because of it can not be matched to the memberUid:

Sep  6 13:29:37 ldap slapd[1970706]: conn=1082 op=5 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=posixGroup)(memberUid=max.mustermann@example.com)(cn=rocketchat_user))"