LDAP Search Intermittently Returns All Users

Brought to you by: mguessan

#727 LDAP Search Intermittently Returns All Users

Milestone: v5.5.1

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2020-07-06

Created: 2020-07-06

Creator: Q Li

Private: No

I am currently using your software to link up some photocopiers to Office 365 to pull our email info for scanning purposes (ie. via LDAP). However, once in a while, the photocopier returns all records (up to 10 max) instead of the searched person. (eg. I search for Q, and it sometimes returns my name, sometimes return many of my coworkers whose name or email start with A).

I have enabled DEBUG logging and find the following scenarios. This one works fine:

2020-07-06 16:25:47,732 DEBUG [LdapConnection-57086-Search-2] davmail  - LDAP_REQ_SEARCH 2 base=ou=people scope: 2 sizelimit: 10 timelimit: 5 filter: (&(cn=q*)(mail=*)) returning attributes: [st, facsimiletelephonenumber, mail, telephonenumber, company, cn, department]
2020-07-06 16:25:48,033 DEBUG [LdapConnection-57086-Search-2] davmail.exchange.ExchangeSession  - ResolveNames(q) returned 1 results
2020-07-06 16:25:48,235 DEBUG [LdapConnection-57086-Search-2] davmail.exchange.ExchangeSession  - ResolveNames(smtp:a) returned 24 results
2020-07-06 16:25:48,238 DEBUG [LdapConnection-57086-Search-2] davmail  - LDAP_REQ_SEARCH 2 found 1 results
2020-07-06 16:25:48,239 DEBUG [LdapConnection-57086-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=qli, ou=people {uid=qli, st=Ontario, facsimiletelephonenumber=[removed], mail=[removed], telephonenumber=[removed], cn=Q Li, department=IT}
2020-07-06 16:25:48,240 DEBUG [LdapConnection-57086-Search-2] davmail  - LDAP_REQ_SEARCH 2 end
2020-07-06 16:25:48,241 DEBUG [LdapConnection-57086-Search-2] davmail  - LDAP_REQ_SEARCH 2 success
2020-07-06 16:25:48,284 DEBUG [LdapConnection-57086] davmail  - LDAP_REQ_UNBIND 3

This one returns all users:

2020-07-06 16:25:57,115 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 base=ou=people scope: 2 sizelimit: 10 timelimit: 5 filter: (&(mail=*)(cn=q*)) returning attributes: [st, facsimiletelephonenumber, mail, telephonenumber, company, cn, department]
2020-07-06 16:25:57,462 DEBUG [LdapConnection-57087-Search-2] davmail.exchange.ExchangeSession  - ResolveNames(smtp:a) returned 24 results
2020-07-06 16:25:57,607 DEBUG [LdapConnection-57087-Search-2] davmail.exchange.ExchangeSession  - ResolveNames(q) returned 1 results
2020-07-06 16:25:57,608 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 found 10 results
2020-07-06 16:25:57,608 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=AppointmentSchedule_4a310e07-661f-457e-b89a-effe228f0c7d, ou=people {uid=AppointmentSchedule_4a310e07-661f-457e-b89a-effe228f0c7d, mail=[removed], cn=Appointment Schedule}
2020-07-06 16:25:57,616 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Adrian [removed]}
2020-07-06 16:25:57,616 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Ab [removed]}
2020-07-06 16:25:57,617 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Alex [removed]}
2020-07-06 16:25:57,617 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Amir [removed]}
2020-07-06 16:25:57,624 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Anastasia [removed]}
2020-07-06 16:25:57,625 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Alan [removed]}
2020-07-06 16:25:57,625 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Amanda [removed]}
2020-07-06 16:25:57,626 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Angela [removed]}
2020-07-06 16:25:57,626 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 send uid=[removed], ou=people {uid=[removed], mail=[removed], cn=Anthony [removed]}
2020-07-06 16:25:57,627 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 end
2020-07-06 16:25:57,627 DEBUG [LdapConnection-57087-Search-2] davmail  - LDAP_REQ_SEARCH 2 size limit exceeded
2020-07-06 16:25:57,635 DEBUG [LdapConnection-57087] davmail  - LDAP_REQ_UNBIND 3

If you look at the search parameters, the difference is (&(cn=q*)(mail=*)) vs (&(mail=*)(cn=q*)). However, a tcpdump of the communication indicates that the photocopier is consistently sending the first, never the second. Even then, the search operation is requesting to logical and of both cn=q and mail=, so either search terms should return the same information.

Hope this is enough to help diagnose the issue. If not, please let me know.

LDAP Search Intermittently Returns All Users

Group

Searches

Help

#727 LDAP Search Intermittently Returns All Users

Discussion