1 / 17
Oct 2020

EGroupware\Api\Contacts\Ldap::save() 648 update of uid=test,ou=People,dc=test,dc=com failed errorcode: 2

I’m trying to modify an account in admin and have this issue in error logs

Using version 20.1.20200901
Apache server
PHP 7.4
mariadb
archive installation

  • created

    Oct '20
  • last reply

    Jul '24
  • 16

    replies

  • 2.3k

    views

  • 3

    users

  • 2

    likes

  • 3

    links

I upgraded to the latest version new-maintenance-release-20-1-20201005 just now, but still see the same issue while modifying an account in admin

Error saving the contact! Invalid syntax: EGroupware\Api\Contacts\Ldap: 681

[Wed Oct 07 18:51:59.493231 2020] [php7:notice] [pid 1731364] [client 142.182.37.219:38544] EGroupware\Api\Contacts\Ldap::save() 680 update of uid=test,ou=People,dc=test,dc=com failed errorcode:2

Ok, that means you have an other issue :frowning:

Problem is LDAP is very generic, you need to give a lot more information like type of LDAP server, used schemata, …

At the end it usually comes down to debugging:

  • add an error_log of what the ldap_modify is trying to set, eg. before here7
  • if there’s nothing directly suspicious, start with unsetting the first half of the entries and retry
  • still failing, try the second half
  • and so on, until you find which attribute and value is causing the problem
  • check the schema of the attribute to find out what’s wrong with the value
  • it could be all sort of things: not updatable, ACL issues, value is not allowed, …
  • if you know what the problem is, it’s usually easy to fix :wink:

If you need help with figuring out what the problem between your LDAP and EGroupware is, we’re happy to help via our commercial support: https://www.egroupware.org/en/egroupware-support/2

Don’t get me wrong, the support is for finding out what’s wrong, adding a fix to EGroupware code-base is not charged.

Ralf

8 months later

I’m circling back on this old issue.
Turns out only the logged in admin user can modify his/her own account without having this issue

Error saving the contact! Invalid syntax: EGroupware\Api\Contacts\Ldap: 681

[Wed Oct 07 18:51:59.493231 2020] [php7:notice] [pid 1731364] [client 142.182.37.219:38544] EGroupware\Api\Contacts\Ldap::save() 680 update of uid=test,ou=People,dc=test,dc=com failed errorcode:2

If the admin user modifies any other account, we get this issue.
Could there be issue because of permissions set in the slapd.conf for ldap config

Yes, it can be an ACL issue. In OpenLDAP you can eg. set an attribute only be modifyable by the owner, thought the RootDN user can always modify unless violating some contrains.

Ralf

Maybe that’s why I’m getting insufficient access while writing and editing

As it’s your ACL you should know what it allows :wink:

Write access only to your own entry and read access by everyone (plus twice and unnecessary read by group test).

I’m happy to help to a certain degree, but you’re starting to exceed it. LDAP is a complicated topic and needs a lot of knowledge. That’s why we don’t recommend and don’t support it in the CE version for free!

Ralf

okay thank you for giving some information, I agree LDAP is a lot complicated

Thank you for your debugging tips, I found that the address,city,postal code, these information attributes are causing the issue, not sure why though yet

The home postal address when entered gives the issue and I see “$” sign in the ldapContact array besides the city,state,zip values.
Is this normal,maybe that’s where the invalid syntax is coming from.
The weird thing is it still saves the information despite giving this issue.
If this information is blank,it saves without giving any issue

"homepostaladdress":"Street$City, $zipcode$$"

"homepostaladdress":"Street$City, Array$zipcode$$"

That’s from the evolutionOrgPerson schema:

What LDAP server and schemas do you use?

Ralf

On deleting an account from egroupware, it gives the error "Unknown account"
Is it because egroupware can’t delete accounts from LDAP and this is trying to find this account in egroupware db ?

3 years later

Hi,
I found another problem that prevents the modification of accounts stored on LDAP. On line 263 of the file api/src/Contacts/Ldap.php, you have to change ‘freeBusyuri’ to all lowercase, otherwise the OpenLDAP server responds: “freeBusyuri: attribute type undefined”