After upgrading to Seafile Pro 11, I have done many tests to understand what I might have done wrong, but nothing works; the sync of groups and users is not functioning.
./pro/pro.py ldapsync -t # this seems to work, but not
./pro/pro.py ldapsync
Exception in thread Thread-1243:
Traceback (most recent call last):
File "/usr/lib64/python3.9/threading.py", line 980, in _bootstrap_inner
self.run()
File "/opt/seafile/seafile-pro-server-11.0.7/pro/python/seafevents/ldap_syncer/ldap_sync.py", line 165, in run
self.start_sync()
File "/opt/seafile/seafile-pro-server-11.0.7/pro/python/seafevents/ldap_syncer/ldap_sync.py", line 172, in start_sync
data_ldap = self.get_data_from_ldap()
File "/opt/seafile/seafile-pro-server-11.0.7/pro/python/seafevents/ldap_syncer/ldap_sync.py", line 189, in get_data_from_ldap
cur_ret = self.get_data_from_ldap_by_server(config)
File "/opt/seafile/seafile-pro-server-11.0.7/pro/python/seafevents/ldap_syncer/ldap_group_sync.py", line 110, in get_data_from_ldap_by_server
department_data_ldap = self.get_ou_data(ldap_conn, config)
File "/opt/seafile/seafile-pro-server-11.0.7/pro/python/seafevents/ldap_syncer/ldap_group_sync.py", line 361, in get_ou_data
dn, attrs = result[0]
IndexError: list index out of range
Moreover, I can’t find the configuration for the automatic creation and population of groups. Am I making a mistake somewhere? I don’t understand why it is not working."
I have read through the documentation and understood the changes. I have successfully updated the configuration from ccnet to seahub_settings.py. The command /pro/pro.py ldapsync -t works perfectly and displays the modifications I make in the seahub_settings.py file.
However, when I remove the test option -t from the command, errors occur.
I have performed several tests as I misunderstood some creation options initially: For example, the option LDAP_SYNC_GROUP_AS_DEPARTMENT.
I eventually figured out why it was crashing (see the error in the first post):
Previously, I did not use departments. To maintain the same behavior in this new version 11, I left the option LDAP_SYNC_DEPARTMENT_FROM_OU set to True, which causes the LDAP synchronization to crash. By setting this option to False, it works again.
However, I still have an issue with populating the groups. The option LDAP_GROUP_MEMBER_ATTR = 'member' works well with -t but does not seem to work without the -t option.
I am uncertain about the option LDAP_USER_ATTR_IN_MEMBERUID = 'cn'. I have tried ‘uid’ and ‘memberOf’.
but my groups remain desperately empty.
Yes, no problem. Here is part of my configuration.
LDAP_BASE_DN = 'cn=accounts,dc=XXXXX,dc=XX' # The users and groups are in the subordinate OUs of the LDAP hierarchy
LDAP_GROUP_OBJECT_CLASS = 'posixgroup'
LDAP_GROUP_FILTER = 'description=*seafile*'
LDAP_GROUP_MEMBER_ATTR = 'member'
./pro/pro.py ldapsync -t seems to work fine, I find all my groups and all the users that constitute them. However, if I remove -t, I get an empty result.
Please check whether the groups have been synchronized in the Seafile admin page. If the groups already exist, the [0] in the log is normal because the groups have not changed.
Well, I took another look at migrating to Seafile 11 Pro.
After dealing with the bug related to the LDAP_SYNC_GROUP_AS_DEPARTMENT option.
I finally figured out why my LDAP groups were staying desperately empty and it was just by pure chance.
It turns out the issue was with the LDAP_USE_GROUP_MEMBER_RANGE_QUERY option for group syncing.
Once I set it to false, the groups populated normally. It took some time to figure it out. Lucky