Hello everyone, hello Xeams Support,

First of all i would like to say thank you for all developers who created such nice software as Xeams! Well done!

Currently, I'm trying to setup a freeipa <-> xeams configuration.

At this point, I succeeded in adding my FreeIPA in the Active Directory Integration Menu.

My opts:

- Enable AD Integration checked

- Integrate Users checked

- Autosync associated emails checked

my configured AD (Generic): 

- I can successfully connect to the freeipa server

- The base DN is working as it should

- Same for User Name Attr, User Name RDN

- I can pull the users to AD via the button (and I see them all)

My problem lie here: 

the "User Object Filter" field. What ever I can fill in this field, I have the feeling it is just ignored by your algorithm.

Here is my test case.

FreeIPA part:

1. I have a default freeipa installation.

2. I create three users in freeipa ( "xeams_app", "test_access" , "test_denied" )

3. I create a group in a freeipa called "xeams"

4. I attached xeams_app and test_access users to my group "xeams"

Xeams part:

1. logged into Xeams

2. go in Active Directory Integration menu

3. check : Enable AD, Integrate Users, and AutoSync emails

4. +Add Directory Generic

- FriendlyName "whatever"

- hostname : my.domain.local

- base DN : cn=users,cn=accounts,dc=my,dc=domain,dc=local

- UserName Attr: uid

- User Name RDV : uid (or blank, doesn't matter)

- User Object Filter : (memberof=cn=xeams,cn=groups,cn=accounts,dc=my,dc=domain,dc=local)

- Admin ID: xeams_app (tried with admin, same outcome)

- Pwd: *****

Then going on Xeams Login screen on another private session.

- I could log-in with all three users.

I expected to be able to log with only "xeams_app" and "test_access", and I expected to be rejected by login with "test_denied" user. but that's the problem, I can log-in with "test_denied"

my User Object Filter is tested on other platform (and via ldapsearch) and it is working, so the problem doesn't lie in the filter string itself. But It is as if the User Object Filter isn't used.

Secondly, each time I edit the AD config on xeams, it replace me in the UI (not on the config file adConfig.xml) by the default string, that made me think there is a problem somewhere.

Lastly, when I hit the restart button of Xeams server, it looses the AD configuration in the Xeams LDAP menu (despite still existing in adConfig.xml).

So could you enlight me if I'm doing something wrong or if there is a small bug in this wonderful app ;-)

Thanks for reading and investigating. I can provide any further information if needed.

Best Regards,

Ashitaka

Ashitaka,

Thank you for letting us know about this problem. We confirm this to be a bug in the currently published build. It will get fixed in the next update. Let us know if you need an update before a public release is made available.