[GH-ISSUE #1199] [BUG] Erroneous warnings from queries in logs #425

New issue

Closed

opened 2026-02-27 08:17:14 +03:00 by kerem · 4 comments

kerem commented 2026-02-27 08:17:14 +03:00

Owner

Copy link

Originally created by @xenorites on GitHub (Jul 6, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1199

There are frequent incorrect warnings on query filters:

Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.774299298+00:00  INFO     ｉ [info]: LDAP session start: e074588b-bbe7-4ea0-b56e-73a43ee91a53
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.774321798+00:00  INFO     LDAP request [ 45.7ms | 100.00% ] session_id: e074588b-bbe7-4ea0-b56e-73a43ee91a53
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.774636506+00:00  INFO     ┕━ ｉ [info]: Login attempt for "svc_nextcloud"
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.820838656+00:00  INFO     LDAP request [ 499µs | 100.00% ] session_id: e074588b-bbe7-4ea0-b56e-73a43ee91a53
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.822745061+00:00  WARN     ┕━ 🚧 [warn]: Ignoring unrecognized group attribute: \n\
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]:                       To disable this warning, add it to "ignored_user_attributes" in the config.
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.878411715+00:00  INFO     LDAP request [ 2.63µs | 100.00% ] session_id: e074588b-bbe7-4ea0-b56e-73a43ee91a53
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.878431386+00:00  INFO     ｉ [info]: LDAP session end: e074588b-bbe7-4ea0-b56e-73a43ee91a53
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.937025466+00:00  INFO     ｉ [info]: LDAP session start: 95b81461-e710-462c-98a4-4e95a084134b
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.937047965+00:00  INFO     LDAP request [ 46.4ms | 100.00% ] session_id: 95b81461-e710-462c-98a4-4e95a084134b
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.937360512+00:00  INFO     ┕━ ｉ [info]: Login attempt for "svc_nextcloud"
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.984301393+00:00  INFO     LDAP request [ 696µs | 100.00% ] session_id: 95b81461-e710-462c-98a4-4e95a084134b
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.986580789+00:00  WARN     ┝━ 🚧 [warn]: Ignoring unknown group attribute "enabled" in filter.\n\
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]:                                 To disable this warning, add it to "ignored_group_attributes" in the config.
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.986582249+00:00  WARN     ┕━ 🚧 [warn]: Ignoring unknown group attribute "memberof" in filter.\n\
Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]:                                 To disable this warning, add it to "ignored_group_attributes" in the config.
Jul 06 05:24:50 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:50.028802433+00:00  INFO     LDAP request [ 3.26µs | 100.00% ] session_id: 95b81461-e710-462c-98a4-4e95a084134b
Jul 06 05:24:50 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:50.028887963+00:00  INFO     ｉ [info]: LDAP session end: 95b81461-e710-462c-98a4-4e95a084134b

I am currently working with Nextcloud, and these are the queries for user filtering:

Users:
(&(|(objectclass=person))(|(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com)))

Login Attributes:
(&(&(objectclass=person)(enabled=1)(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com))(uid=%uid))

The queries work as expected. E.g. setting enabled to 2 or 0 prevents the user from logging in, and the users filter only sees the 4 users that are members of the Nextcloud Users group.

Originally created by @xenorites on GitHub (Jul 6, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1199 There are frequent incorrect warnings on query filters: ``` Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.774299298+00:00 INFO ｉ [info]: LDAP session start: e074588b-bbe7-4ea0-b56e-73a43ee91a53 Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.774321798+00:00 INFO LDAP request [ 45.7ms | 100.00% ] session_id: e074588b-bbe7-4ea0-b56e-73a43ee91a53 Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.774636506+00:00 INFO ┕━ ｉ [info]: Login attempt for "svc_nextcloud" Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.820838656+00:00 INFO LDAP request [ 499µs | 100.00% ] session_id: e074588b-bbe7-4ea0-b56e-73a43ee91a53 Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.822745061+00:00 WARN ┕━ 🚧 [warn]: Ignoring unrecognized group attribute: \n\ Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: To disable this warning, add it to "ignored_user_attributes" in the config. Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.878411715+00:00 INFO LDAP request [ 2.63µs | 100.00% ] session_id: e074588b-bbe7-4ea0-b56e-73a43ee91a53 Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.878431386+00:00 INFO ｉ [info]: LDAP session end: e074588b-bbe7-4ea0-b56e-73a43ee91a53 Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.937025466+00:00 INFO ｉ [info]: LDAP session start: 95b81461-e710-462c-98a4-4e95a084134b Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.937047965+00:00 INFO LDAP request [ 46.4ms | 100.00% ] session_id: 95b81461-e710-462c-98a4-4e95a084134b Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.937360512+00:00 INFO ┕━ ｉ [info]: Login attempt for "svc_nextcloud" Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.984301393+00:00 INFO LDAP request [ 696µs | 100.00% ] session_id: 95b81461-e710-462c-98a4-4e95a084134b Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.986580789+00:00 WARN ┝━ 🚧 [warn]: Ignoring unknown group attribute "enabled" in filter.\n\ Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: To disable this warning, add it to "ignored_group_attributes" in the config. Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:49.986582249+00:00 WARN ┕━ 🚧 [warn]: Ignoring unknown group attribute "memberof" in filter.\n\ Jul 06 05:24:49 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: To disable this warning, add it to "ignored_group_attributes" in the config. Jul 06 05:24:50 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:50.028802433+00:00 INFO LDAP request [ 3.26µs | 100.00% ] session_id: 95b81461-e710-462c-98a4-4e95a084134b Jul 06 05:24:50 hv01.in.xenorites.com systemd-xenorites-lldap[29509]: 2025-07-06T09:24:50.028887963+00:00 INFO ｉ [info]: LDAP session end: 95b81461-e710-462c-98a4-4e95a084134b ``` I am currently working with Nextcloud, and these are the queries for user filtering: Users: `(&(|(objectclass=person))(|(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com)))` Login Attributes: `(&(&(objectclass=person)(enabled=1)(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com))(uid=%uid))` The queries work as expected. E.g. setting `enabled` to `2` or `0` prevents the user from logging in, and the users filter only sees the 4 users that are members of the `Nextcloud Users` group.

kerem 2026-02-27 08:17:14 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-27 08:17:15 +03:00

Author

Owner

Copy link

@xenorites commented on GitHub (Jul 6, 2025):

The LDAP config from NextCloud

+-------------------------------+----------------------------------------------------------------------------------------------------------+
| Configuration                 | s01                                                                                                      |
+-------------------------------+----------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport      | 1                                                                                                        |
| homeFolderNamingRule          |                                                                                                          |
| lastJpegPhotoLookup           | 0                                                                                                        |
| ldapAdminGroup                |                                                                                                          |
| ldapAgentName                 | uid=svc_nextcloud,ou=people,dc=xenorites,dc=com                                                            |
| ldapAgentPassword             | ***                                                                                                      |
| ldapAttributeAddress          |                                                                                                          |
| ldapAttributeAnniversaryDate  |                                                                                                          |
| ldapAttributeBiography        |                                                                                                          |
| ldapAttributeBirthDate        |                                                                                                          |
| ldapAttributeFediverse        |                                                                                                          |
| ldapAttributeHeadline         |                                                                                                          |
| ldapAttributeOrganisation     |                                                                                                          |
| ldapAttributePhone            |                                                                                                          |
| ldapAttributePronouns         |                                                                                                          |
| ldapAttributeRole             |                                                                                                          |
| ldapAttributeTwitter          |                                                                                                          |
| ldapAttributeWebsite          |                                                                                                          |
| ldapAttributesForGroupSearch  |                                                                                                          |
| ldapAttributesForUserSearch   |                                                                                                          |
| ldapBackgroundHost            |                                                                                                          |
| ldapBackgroundPort            |                                                                                                          |
| ldapBackupHost                |                                                                                                          |
| ldapBackupPort                | 6360                                                                                                     |
| ldapBase                      | dc=xenorites,dc=com                                                                                        |
| ldapBaseGroups                | dc=xenorites,dc=com                                                                                        |
| ldapBaseUsers                 | dc=xenorites,dc=com                                                                                        |
| ldapCacheTTL                  | 600                                                                                                      |
| ldapConfigurationActive       | 1                                                                                                        |
| ldapConnectionTimeout         | 15                                                                                                       |
| ldapDefaultPPolicyDN          |                                                                                                          |
| ldapDynamicGroupMemberURL     |                                                                                                          |
| ldapEmailAttribute            | mail                                                                                                     |
| ldapExperiencedAdmin          | 0                                                                                                        |
| ldapExpertUUIDGroupAttr       |                                                                                                          |
| ldapExpertUUIDUserAttr        |                                                                                                          |
| ldapExpertUsernameAttr        | user_id                                                                                                  |
| ldapExtStorageHomeAttribute   |                                                                                                          |
| ldapGidNumber                 | gidnumber                                                                                                |
| ldapGroupDisplayName          | cn                                                                                                       |
| ldapGroupFilter               | (&(objectclass=groupOfUniqueNames)(|(cn=Members)(cn=Nextcloud Admins))                                   |
| ldapGroupFilterGroups         | Members;Nextcloud Admins                                                                                 |
| ldapGroupFilterMode           | 1                                                                                                        |
| ldapGroupFilterObjectclass    | groupOfUniqueNames                                                                                       |
| ldapGroupMemberAssocAttr      | uniquemember                                                                                             |
| ldapHost                      | ldaps://lldap.in.in.xenorites.com                                                                     |
| ldapIgnoreNamingRules         |                                                                                                          |
| ldapLoginFilter               | (&(&(objectclass=person)(enabled=1)(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com))(uid=%uid)) |
| ldapLoginFilterAttributes     |                                                                                                          |
| ldapLoginFilterEmail          | 0                                                                                                        |
| ldapLoginFilterMode           | 1                                                                                                        |
| ldapLoginFilterUsername       | 1                                                                                                        |
| ldapMatchingRuleInChainState  | unknown                                                                                                  |
| ldapNestedGroups              | 0                                                                                                        |
| ldapOverrideMainServer        |                                                                                                          |
| ldapPagingSize                | 500                                                                                                      |
| ldapPort                      | 6360                                                                                                     |
| ldapQuotaAttribute            |                                                                                                          |
| ldapQuotaDefault              |                                                                                                          |
| ldapTLS                       | 0                                                                                                        |
| ldapUserAvatarRule            | default                                                                                                  |
| ldapUserDisplayName           | displayname                                                                                              |
| ldapUserDisplayName2          |                                                                                                          |
| ldapUserFilter                | (&(|(objectclass=person))(|(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com)))                   |
| ldapUserFilterGroups          | Nextcloud Users                                                                                          |
| ldapUserFilterMode            | 1                                                                                                        |
| ldapUserFilterObjectclass     | person                                                                                                   |
| ldapUuidGroupAttribute        | auto                                                                                                     |
| ldapUuidUserAttribute         | auto                                                                                                     |
| markRemnantsAsDisabled        | 0                                                                                                        |
| turnOffCertCheck              | 0                                                                                                        |
| turnOnPasswordChange          | 0                                                                                                        |
| useMemberOfToDetectMembership | 1                                                                                                        |
+-------------------------------+----------------------------------------------------------------------------------------------------------+

<!-- gh-comment-id:3041256987 --> @xenorites commented on GitHub (Jul 6, 2025): The LDAP config from NextCloud ``` +-------------------------------+----------------------------------------------------------------------------------------------------------+ | Configuration | s01 | +-------------------------------+----------------------------------------------------------------------------------------------------------+ | hasMemberOfFilterSupport | 1 | | homeFolderNamingRule | | | lastJpegPhotoLookup | 0 | | ldapAdminGroup | | | ldapAgentName | uid=svc_nextcloud,ou=people,dc=xenorites,dc=com | | ldapAgentPassword | *** | | ldapAttributeAddress | | | ldapAttributeAnniversaryDate | | | ldapAttributeBiography | | | ldapAttributeBirthDate | | | ldapAttributeFediverse | | | ldapAttributeHeadline | | | ldapAttributeOrganisation | | | ldapAttributePhone | | | ldapAttributePronouns | | | ldapAttributeRole | | | ldapAttributeTwitter | | | ldapAttributeWebsite | | | ldapAttributesForGroupSearch | | | ldapAttributesForUserSearch | | | ldapBackgroundHost | | | ldapBackgroundPort | | | ldapBackupHost | | | ldapBackupPort | 6360 | | ldapBase | dc=xenorites,dc=com | | ldapBaseGroups | dc=xenorites,dc=com | | ldapBaseUsers | dc=xenorites,dc=com | | ldapCacheTTL | 600 | | ldapConfigurationActive | 1 | | ldapConnectionTimeout | 15 | | ldapDefaultPPolicyDN | | | ldapDynamicGroupMemberURL | | | ldapEmailAttribute | mail | | ldapExperiencedAdmin | 0 | | ldapExpertUUIDGroupAttr | | | ldapExpertUUIDUserAttr | | | ldapExpertUsernameAttr | user_id | | ldapExtStorageHomeAttribute | | | ldapGidNumber | gidnumber | | ldapGroupDisplayName | cn | | ldapGroupFilter | (&(objectclass=groupOfUniqueNames)(|(cn=Members)(cn=Nextcloud Admins)) | | ldapGroupFilterGroups | Members;Nextcloud Admins | | ldapGroupFilterMode | 1 | | ldapGroupFilterObjectclass | groupOfUniqueNames | | ldapGroupMemberAssocAttr | uniquemember | | ldapHost | ldaps://lldap.in.in.xenorites.com | | ldapIgnoreNamingRules | | | ldapLoginFilter | (&(&(objectclass=person)(enabled=1)(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com))(uid=%uid)) | | ldapLoginFilterAttributes | | | ldapLoginFilterEmail | 0 | | ldapLoginFilterMode | 1 | | ldapLoginFilterUsername | 1 | | ldapMatchingRuleInChainState | unknown | | ldapNestedGroups | 0 | | ldapOverrideMainServer | | | ldapPagingSize | 500 | | ldapPort | 6360 | | ldapQuotaAttribute | | | ldapQuotaDefault | | | ldapTLS | 0 | | ldapUserAvatarRule | default | | ldapUserDisplayName | displayname | | ldapUserDisplayName2 | | | ldapUserFilter | (&(|(objectclass=person))(|(memberOf=cn=Nextcloud Users,ou=groups,dc=xenorites,dc=com))) | | ldapUserFilterGroups | Nextcloud Users | | ldapUserFilterMode | 1 | | ldapUserFilterObjectclass | person | | ldapUuidGroupAttribute | auto | | ldapUuidUserAttribute | auto | | markRemnantsAsDisabled | 0 | | turnOffCertCheck | 0 | | turnOnPasswordChange | 0 | | useMemberOfToDetectMembership | 1 | +-------------------------------+----------------------------------------------------------------------------------------------------------+ ```

kerem commented 2026-02-27 08:17:15 +03:00

Author

Owner

Copy link

@xenorites commented on GitHub (Jul 6, 2025):

Wow, totally clicked the wrong button. Please reopen.

<!-- gh-comment-id:3041257368 --> @xenorites commented on GitHub (Jul 6, 2025): Wow, totally clicked the wrong button. Please reopen.

kerem commented 2026-02-27 08:17:15 +03:00

Author

Owner

Copy link

@nitnelave commented on GitHub (Jul 6, 2025):

You can silence these warnings by setting the LDAP base for groups to be "ou=groups,dc=..." and same for users "ou=people,dc=..."

<!-- gh-comment-id:3041402421 --> @nitnelave commented on GitHub (Jul 6, 2025): You can silence these warnings by setting the LDAP base for groups to be "ou=groups,dc=..." and same for users "ou=people,dc=..."

kerem commented 2026-02-27 08:17:15 +03:00

Author

Owner

Copy link

@xenorites commented on GitHub (Jul 7, 2025):

Ahh, that looks to have been the problem. My mistake, sorry for the noise. Thanks for the assist!

<!-- gh-comment-id:3043165749 --> @xenorites commented on GitHub (Jul 7, 2025): Ahh, that looks to have been the problem. My mistake, sorry for the noise. Thanks for the assist!

kerem referenced this issue 2026-02-27 09:09:33 +03:00

[PR #425] [MERGED] server: update sea-orm dependency #734

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/github_actions/codecov/codecov-action-6

copilot/fix-equality-filters-list-attributes

dependabot/github_actions/docker/build-push-action-7

dependabot/github_actions/docker/metadata-action-6

dependabot/github_actions/docker/setup-buildx-action-4

dependabot/github_actions/docker/login-action-4

copilot/update-download-artifact-action

copilot/fix-opensuse-warnings

copilot/fix-1268

copilot/fix-727

copilot/fix-898

copilot/fix-1256

copilot/fix-1251

copilot/fix-1249

copilot/fix-1206

user-attribute-form

user-ui

group-ui

server-user-attribute-schema

crates

haveibeenpwned

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.0.1

Labels

Clear labels   

backend

  

blocked

  

bug

  

cleanup

  

dependencies

  

docker

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

frontend

  

github_actions

  

good first issue

  

help wanted

  

help wanted

  

integration

  

invalid

  

ldap

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

rust

  

rust

  

tests

  

wontfix

No labels

backend

blocked

bug

cleanup

dependencies

docker

documentation

duplicate

enhancement

enhancement

frontend

github_actions

good first issue

help wanted

help wanted

integration

invalid

ldap

pull-request

question

rust

rust

tests

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/lldap-lldap#425

No description provided.