Hello,
I am facing an issue with LDAP integration on my Fess server. The configuration works perfectly for users whose sAMAccountName does not contain a dot (e.g., doe), but fails for users with a dot in their username (e.g., j.doe).
Environment
- Fess version: [Insert your Fess version]
- LDAP Server: Active Directory
- LDAP URL:
ldap://192.168.8.12:389 - Base DN:
OU=Users,OU=SUB,DC=test-domain,DC=de - User DN:
%s@test-domain.com - Account Filter:
(&(objectClass=user)(sAMAccountName=%s)) - Group Filter:
(objectClass=group)
Issue Description
- Users with
sAMAccountNameasdoecan successfully log in and their permissions are retrieved:
action:LOGIN user:doe permissions:2Drucker Verteiler GAT|... time:2025-02-10T10:50:38.048882367Z
- However, users with
sAMAccountNameasj.doecannot retrieve permissions and see no search results:
action:LOGIN user:j.doe permissions:1j.doe time:2025-02-10T10:51:10.406688595Z
It seems that the dot (.) in the username is causing the issue.
- Even after modifying the LDAP filters (e.g., allowing
userPrincipalNameor escaping the dot insAMAccountName), the problem persists. The groups and permissions are not loaded for these users.
Expected Behavior
Users with a dot in their username (e.g., j.doe) should be able to log in and their group permissions should be correctly retrieved.
Actual Behavior
Users with a dot in their username can log in but their group permissions are not retrieved, resulting in no search results being shown.
Question
Is there a known issue with Fess handling usernames containing dots (.) when using LDAP? How can I ensure that users with such usernames can log in and have their permissions correctly loaded?
Thank you for your support!