[PR #1312] [MERGED] Simplify LDAP filters and fix outdated roundcube mounts in mailserver example #1249

New issue

Closed

opened 2026-02-27 09:11:29 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 09:11:29 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/lldap/lldap/pull/1312
Author: @Copilot
Created: 10/4/2025
Status: ✅ Merged
Merged: 10/18/2025
Merged by: @nitnelave

Base: main ← Head: copilot/fix-3b5307c8-bfa1-484a-b25f-e6be6eb5ed43

---

📝 Commits (5)

• 419352d Initial plan
• 5a0e0c1 Fix LDAP filter domain confusion in mailserver example
• b0cc440 Fix outdated roundcube mounts (issue #1304)
• 47bb2ff Simplify LDAP filters to use mail attribute only
• 74081ee Adjust template variables

📊 Changes

1 file changed (+8 additions, -4 deletions)

View changed files

📝 example_configs/mailserver.md (+8 -4)

📄 Description

Problem

The docker-mailserver example configuration had two issues:

1. LDAP Filter Complexity: The LDAP query filters used OR logic with both uid and mail attributes, which was unnecessarily complex for the mailserver use case.

2. Outdated Roundcube Mounts: The generic volume mount for roundcube caused symbolic link errors and prevented static files from being served properly, breaking the roundcube webmail interface.

Root Causes

LDAP Filter Issue

The LDAP filters were using OR logic with both uid and mail attributes:

- LDAP_QUERY_FILTER_USER=(&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u)))

This was overly complex for mailserver lookups which only need to match against the mail attribute.

Roundcube Mount Issue

The generic volume mount roundcube_data:/var/www/html was causing symbolic link errors and breaking static file serving, as documented in roundcube/roundcubemail-docker#337.

Solution

LDAP Filter Simplification

Simplified the LDAP filters to only match against the mail attribute:

- LDAP_QUERY_FILTER_USER=(&(objectClass=inetOrgPerson)(mail=%u))
- LDAP_QUERY_FILTER_ALIAS=(&(objectClass=inetOrgPerson)(mail=%s))
- DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u))

This removes the unnecessary OR logic and focuses on mail-based lookups only, making the configuration simpler and more maintainable.

Roundcube Mount Fix

Replaced the generic volume mount with specific mounts and added plugin configuration:

volumes:
  - roundcube_config:/var/roundcube/config
  - roundcube_plugins:/var/www/html/plugins
environment:
  - ROUNDCUBEMAIL_COMPOSER_PLUGINS=roundcube/carddav
  - ROUNDCUBEMAIL_PLUGINS=carddav

This resolves the symbolic link errors and allows roundcube to load properly while supporting the carddav plugin for contact synchronization.

Testing

Users following this configuration will now be able to:

• Use simplified LDAP filters that are easier to understand and maintain
• Access the roundcube webmail interface without symbolic link or static file errors
• Use the carddav plugin for contact synchronization

Fixes #1304

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[BUG] uid domain confusion in the example mailserver</issue_title>
<issue_description>Describe the bug

You want to send an email from user@domain1.com to user@domain2.com. The email get sent from user@domain1.com to user@domain1.com instead of user@domain2.com. The search filters are wrong

https://github.com/lldap/lldap/blob/main/example_configs/mailserver.md?plain=1#L63

To Reproduce
Steps to reproduce the behavior:

1. Create an email that send to the same userid but different domains.
2. Click Send
3. The emails ends up in the sender's inbox.

Expected behavior
I expected the email to be sent from domain1 to domain2

Logs

Return-Path: <ted@soundprediction.com>
Delivered-To: ted@soundprediction.com
Received: from mail.soundprediction.com
    by mail.soundprediction.com with LMTP
    id MAiiKucV12gjBQAADj/Lkw
    (envelope-from <ted@soundprediction.com>)
    for <ted@soundprediction.com>; Fri, 26 Sep 2025 22:38:31 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=soundprediction.com;
    s=mail; t=1758926311;
    bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; h=From:To:Subject;
    b=P9Y235v56G4sRLfyJWdxZE8ZPp1w5LZ8VZPEC/Wf+1QFh8I9Oob9oguoSdTC9N4Ma
    iCSU04bx3P4fYlXLEpIwSgFZ+PdKiAMQcR76K9EsZ2JfTvhV4X3FzxgVbsSiARr5Va
    Bapzq/I03XhrU/qF6XDjoEs8pAoz77oJ+dI0hn0L9iVxLnKgvDXpe7b8FkUTDntXbg
    tTFpEPaSxA8L/Kxbv4UJJS4/hhajeSgtpEBM8emdXU1aJrmdjLG+KWNy2ABEJ8dFlm
    Paxb5GiPfCni99BvQsEp+QYdgRsicddqL1rQo2bGQG6jn2HuJza9hINPlmqU0H8YWO
    Bl5CVLrl/BdKA==
MIME-Version: 1.0
Date: Fri, 26 Sep 2025 18:38:31 -0400
From: ted@soundprediction.com
To: Ted <ted@mederrata.com>
Subject: test
Message-ID: <5ea65d792139177d839110030fa04a10@soundprediction.com>
X-Sender: ted@soundprediction.com
Content-Type: text/plain; charset=US-ASCII;
    format=flowed
Content-Transfer-Encoding: 7bit

Additional context

Possible solution

      - LDAP_SERVER_HOST=ldap://lldap:3890
      - LDAP_SEARCH_BASE=ou=people,dc=example,dc=com
      - LDAP_BIND_DN=uid=admin,ou=people,dc=example,dc=com
      - LDAP_BIND_PW=<adminpass>
      - LDAP_QUERY_FILTER_USER=(&(objectClass=inetOrgPerson)(mail=%u))
      - LDAP_QUERY_FILTER_GROUP=(&(objectClass=groupOfUniqueNames)(uid=%s))
      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=inetOrgPerson)(mail=%s))
      - LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)

</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes lldap/lldap#1305

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/lldap/lldap/pull/1312 **Author:** [@Copilot](https://github.com/apps/copilot-swe-agent) **Created:** 10/4/2025 **Status:** ✅ Merged **Merged:** 10/18/2025 **Merged by:** [@nitnelave](https://github.com/nitnelave) **Base:** `main` ← **Head:** `copilot/fix-3b5307c8-bfa1-484a-b25f-e6be6eb5ed43` --- ### 📝 Commits (5) - [`419352d`](https://github.com/lldap/lldap/commit/419352dc45c5bb888cecdd78295580f0210e1cce) Initial plan - [`5a0e0c1`](https://github.com/lldap/lldap/commit/5a0e0c19d5cdd4ffeca059d71cb676a4b3b3cff4) Fix LDAP filter domain confusion in mailserver example - [`b0cc440`](https://github.com/lldap/lldap/commit/b0cc44028786382e28e53109efb6d444a7ed6bf9) Fix outdated roundcube mounts (issue #1304) - [`47bb2ff`](https://github.com/lldap/lldap/commit/47bb2fff8aee1fa66c5fe41bab72619ca979cab7) Simplify LDAP filters to use mail attribute only - [`74081ee`](https://github.com/lldap/lldap/commit/74081ee80679c5cf10e4657a6ff6ebc60eed9463) Adjust template variables ### 📊 Changes **1 file changed** (+8 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `example_configs/mailserver.md` (+8 -4) </details> ### 📄 Description ## Problem The docker-mailserver example configuration had two issues: 1. **LDAP Filter Complexity**: The LDAP query filters used OR logic with both `uid` and `mail` attributes, which was unnecessarily complex for the mailserver use case. 2. **Outdated Roundcube Mounts**: The generic volume mount for roundcube caused symbolic link errors and prevented static files from being served properly, breaking the roundcube webmail interface. ## Root Causes ### LDAP Filter Issue The LDAP filters were using OR logic with both `uid` and `mail` attributes: ```yaml - LDAP_QUERY_FILTER_USER=(&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u))) ``` This was overly complex for mailserver lookups which only need to match against the mail attribute. ### Roundcube Mount Issue The generic volume mount `roundcube_data:/var/www/html` was causing symbolic link errors and breaking static file serving, as documented in [roundcube/roundcubemail-docker#337](https://github.com/roundcube/roundcubemail-docker/issues/337). ## Solution ### LDAP Filter Simplification Simplified the LDAP filters to only match against the mail attribute: ```yaml - LDAP_QUERY_FILTER_USER=(&(objectClass=inetOrgPerson)(mail=%u)) - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=inetOrgPerson)(mail=%s)) - DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(mail=%u)) ``` This removes the unnecessary OR logic and focuses on mail-based lookups only, making the configuration simpler and more maintainable. ### Roundcube Mount Fix Replaced the generic volume mount with specific mounts and added plugin configuration: ```yaml volumes: - roundcube_config:/var/roundcube/config - roundcube_plugins:/var/www/html/plugins environment: - ROUNDCUBEMAIL_COMPOSER_PLUGINS=roundcube/carddav - ROUNDCUBEMAIL_PLUGINS=carddav ``` This resolves the symbolic link errors and allows roundcube to load properly while supporting the carddav plugin for contact synchronization. ## Testing Users following this configuration will now be able to: - Use simplified LDAP filters that are easier to understand and maintain - Access the roundcube webmail interface without symbolic link or static file errors - Use the carddav plugin for contact synchronization Fixes #1304 <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[BUG] uid domain confusion in the example mailserver</issue_title> > <issue_description>**Describe the bug** > > You want to send an email from user@domain1.com to user@domain2.com. The email get sent from user@domain1.com to user@domain1.com instead of user@domain2.com. The search filters are wrong > > > https://github.com/lldap/lldap/blob/main/example_configs/mailserver.md?plain=1#L63 > > **To Reproduce** > Steps to reproduce the behavior: > 1. Create an email that send to the same userid but different domains. > 2. Click Send > 3. The emails ends up in the sender's inbox. > > > **Expected behavior** > I expected the email to be sent from domain1 to domain2 > > **Logs** > ``` > > Return-Path: <ted@soundprediction.com> > Delivered-To: ted@soundprediction.com > Received: from mail.soundprediction.com > by mail.soundprediction.com with LMTP > id MAiiKucV12gjBQAADj/Lkw > (envelope-from <ted@soundprediction.com>) > for <ted@soundprediction.com>; Fri, 26 Sep 2025 22:38:31 +0000 > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=soundprediction.com; > s=mail; t=1758926311; > bh=g3zLYH4xKxcPrHOD18z9YfpQcnk/GaJedfustWU5uGs=; h=From:To:Subject; > b=P9Y235v56G4sRLfyJWdxZE8ZPp1w5LZ8VZPEC/Wf+1QFh8I9Oob9oguoSdTC9N4Ma > iCSU04bx3P4fYlXLEpIwSgFZ+PdKiAMQcR76K9EsZ2JfTvhV4X3FzxgVbsSiARr5Va > Bapzq/I03XhrU/qF6XDjoEs8pAoz77oJ+dI0hn0L9iVxLnKgvDXpe7b8FkUTDntXbg > tTFpEPaSxA8L/Kxbv4UJJS4/hhajeSgtpEBM8emdXU1aJrmdjLG+KWNy2ABEJ8dFlm > Paxb5GiPfCni99BvQsEp+QYdgRsicddqL1rQo2bGQG6jn2HuJza9hINPlmqU0H8YWO > Bl5CVLrl/BdKA== > MIME-Version: 1.0 > Date: Fri, 26 Sep 2025 18:38:31 -0400 > From: ted@soundprediction.com > To: Ted <ted@mederrata.com> > Subject: test > Message-ID: <5ea65d792139177d839110030fa04a10@soundprediction.com> > X-Sender: ted@soundprediction.com > Content-Type: text/plain; charset=US-ASCII; > format=flowed > Content-Transfer-Encoding: 7bit > ``` > > **Additional context** > > Possible solution > > ``` > - LDAP_SERVER_HOST=ldap://lldap:3890 > - LDAP_SEARCH_BASE=ou=people,dc=example,dc=com > - LDAP_BIND_DN=uid=admin,ou=people,dc=example,dc=com > - LDAP_BIND_PW=<adminpass> > - LDAP_QUERY_FILTER_USER=(&(objectClass=inetOrgPerson)(mail=%u)) > - LDAP_QUERY_FILTER_GROUP=(&(objectClass=groupOfUniqueNames)(uid=%s)) > - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=inetOrgPerson)(mail=%s)) > - LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s) > ``` > </issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes lldap/lldap#1305 <!-- START COPILOT CODING AGENT TIPS --> --- 💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click [here](https://survey3.medallia.com/?EAHeSx-AP01bZqG0Ld9QLQ) to start the survey. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-27 09:11:29 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#1249

No description provided.