You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Which feature or improvement would you like to request?
Groups are not working without memberOf and objectClass
Is your feature request related to a problem?
We are experiencing several challenges while configuring the Stalwart Mail Server with both OpenLDAP and Active Directory, particularly concerning group management. Below are the details of the issues we have encountered:
OpenLDAP Integration (useless without memberOf):
We are encountering difficulties utilizing the memberOf overlay when employing slapadd to construct our LDAP from scratch using an LDIF feed. This approach fails to populate the memberOf attribute, which is crucial for effective group management, as Stalwart currently relies on this attribute for determining group membership instead of retrieving all groups from LDAP.
Active Directory Integration: (useless without groups):
Stalwart is misidentifying groups as individual users, which causes significant complications in access control and group management. All groups listed in the memberOf attribute are being treated as users instead of distinct groups. In Active Directory, users are identified by their cn (Common Name) format, which typically includes their first and last names, rather than by uid (Login). As a result, the directory.ad.filter.email functionality does not work for groups, since it relies on the uid attribute for filtering.
Operation not allowed
LDAP directory cannot be managed. Only internal directories support inserts and update operations.
Additionally, email addresses are not retrieved from LDAP during the login process. It's unfortunate that mixed authentication—both local and LDAP—is not supported. This limitation prevents the creation of internal groups that can include LDAP users. Furthermore, I find it concerning that Stalwart returns a 500 error when an incorrect password is entered.
Which feature or improvement would you like to request?
Groups are not working without memberOf and objectClass
Is your feature request related to a problem?
We are experiencing several challenges while configuring the Stalwart Mail Server with both OpenLDAP and Active Directory, particularly concerning group management. Below are the details of the issues we have encountered:
OpenLDAP Integration (useless without memberOf):
https://www.openldap.org/lists/openldap-technical/201112/msg00074.html
Active Directory Integration: (useless without groups):
Additionally, email addresses are not retrieved from LDAP during the login process. It's unfortunate that mixed authentication—both local and LDAP—is not supported. This limitation prevents the creation of internal groups that can include LDAP users. Furthermore, I find it concerning that Stalwart returns a 500 error when an incorrect password is entered.
Logs are not very useful even in trace mode:
Code of Conduct
The text was updated successfully, but these errors were encountered: