LDAP-Integration :: Problem with spaces in BASE-DN

Hi,

we faced some problems with LDAP/AD-Integration of Seafile.

First we are using Multple BASE which is necessary since our customer has a AD structure with all his departments organized as ou’s directly beyond root-DN. At the beginnign this seemed to work well, as all or at least many users of his AD are visible within Seafile User Administration. But after testing a while he told us that some users were unable to login.

He has a BASE-DN of following structure:
BASE = ou=(01) location1,dc=company,dc=de;ou=(02) location2,dc=company,dc=de;

A user from ou=(02) location2,dc=company,dc=de was unable to log in while user from ou=(01) location1,dc=company,dc=de can log in.

I asked the customer to give us to test user in both ou’s in order to let us do some tests. In our lab tests with multiple BASE worked well, but there were no spaces in any ou.

He created one test user in
ou=user,ou=it department,ou=(02) location2,dc=company,dc=de

I was unable to see this user in user administration and each time I’m clicking to user administration -> LDAP I get the following error in logs/ccnet.log:
[03/05/18 16:13:40] …/common/session.c(398): Accepted a local client
[03/05/18 16:13:44] …/common/session.c(398): Accepted a local client
[03/05/18 16:13:44] user-mgr.c(498): ldap_search user ‘userPrincipalName=*’ failed for base : No such object.
[03/05/18 16:13:44] user-mgr.c(499): Please check BASE setting in ccnet.conf.
[03/05/18 16:14:19] …/common/session.c(398): Accepted a local client

If I use
BASE = ou=(01) location1,dc=company,dc=de;
I can see many user within user administration -> LDAP, but not my test user, albeit I can find this test user via ldapsearch from our seafile server, which proves that there is no AD read access limitation.

Out final test was to change order in BASE to
BASE = ou=(02) location2,dc=company,dc=de;ou=(01) location1,dc=company,dc=de;

and now user from ou=(02) location2,dc=company,dc=de are able to log in but no longer user from ou=(01) location1,dc=company,dc=de

Thus I can only imagine that Seafile has a problem if there are more than only one space within BASE-DN-definition.

Does anyone have an idea what we can do about it? I do not want to suggest to my customer to change all names in his AD in order to remove spaces from DN’s since this might have unexpected side effects in other parts of his environment.

best regards

Heiko

1 Like

I had a similar issue with multiple spaces in our BASE. I’m not sure if this will help, but the solution that worked for me was to add "'s before and after, and \ then the space for the OU. Our OU had multiple spaces tho:

ou="first\ second\ third",dc=company,=dc=local

But, maybe you could try something like this to see if it helps:

BASE = ou="(01)\ location1",dc=company,dc=de;ou="(02)\ location2",dc=company,dc=de;