SOGo LDAP user authentication problem when using multiple groups filter

Hello SOGo guru’s.

I have a really strange issue logging into SOGo when adding multiple groups in the filter.

currently my expanded template contains

        id = users;
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = uid;
        IDFieldName = mail;
        bindFields = (
        IMAPLoginFieldName = mail;
        baseDN = "$userDN";
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        scope = ONE;
        MailFieldNames = ("mail");
        canAuthenticate = YES;
        displayName = "DOMAIN users";
        hostname = $ldapURI;
        isAddressBook = YES;
        filter = "(memberOf='cn=GROUP_ONE,ou=Groups,dc=domain,dc=lan')";

and this works… only users that are a member of this group can login.

But when I try to add an additional group every member is logged in as the same user that exists in GROUP_TWO

        filter = "(|(memberOf='cn=GROUP_ONE,ou=Groups,dc=domain,dc=lan')(memberOf='cn=GROUP_TWO,ou=Groups,dc=domain,dc=lan'))";

Interestingly, every user (no matter what group they are a member of, is logged in as the first user of GROUP_TWO with all the rights and permissions, even tho the credentials do not match.

If my filter is correctly formatted, this could be a bug??

Has anyone successfully changed filters in the custom templates to allow login only from specific groups?


edit… I have managed to get this working by creating a new id as a usersource and only the single group in the filter…

Is this the way it is supposed to be done?? or should multiple groups in a filter work??

@stephdl Some idea here?

1 Like