Group sync from LDAP

[Buliwif]

Hi,
I successfully synchronized my AD from an OU.
Here is my configuration :

Key Value
default-authentication-method ldap
ldap-authentication true ldap-authentication-password MYPASSWORD
ldap-authentication-userdn CN=kanbansyncad,OU=syncusers,DC=intra,DC=DOMAIN,DC=TLD
ldap-background-sync true ldap-background-sync-import-new-users true
ldap-background-sync-interval every 1 minute ldap-background-sync-keep-existant-users-updated true
ldap-basedn OU=usersbase,DC=intra,DC=DOMAIN,DC=TLD
ldap-connect-timeout 10000
ldap-enable true
ldap-encryption false
ldap-fullname-field cn
ldap-host 192.168.XXX.XXX
ldap-idle-timeout 10000
ldap-log-enabled true
ldap-login-fallback true
ldap-port 389
ldap-reconnect true
ldap-timeout 10000
ldap-user-search-field sAMAccountName
ldap-username-field sAMAccountName
mail-from kanban <[email protected]>
mail-url smtp://mail.XXXXXXX.fr:25
port 80
root-url http://kanban.XXXXXXXXX.xx

But I prefer to authorize only the users of a group.
I used a rule that I used to put but it doesn't work :
sudo snap set wekan ldap-user-search-filter='LDAP_USER_FILTER=(&(objectClass=user)(sAMAccountname=${user})(|(memberOf:1.2.840.113556.1.4.1941:=CN=KANBAN_Users,OU=syncgroups,DC=intra,DC=DOMAIN,DC=TLD)))'

Can someone help me ?

Thanks

[Wyrrrd]

This could be caused by the underscore in group name.

I am dealing with a search filter similar to this:
(&(objectCategory=person)(objectclass=user)(memberof=cn=wekan,ou=web_groups,dc=sub,dc=domain,dc=tld))
and I am having the same issue. Every combination of filter terms are working fine, but as soon as I add the memberof=, no users are found.

This changed recently, the group was located in a OU without underscore before, and it was working fine.

[xet7]

Please note that in-use LDAP code is here https://github.com/wekan/wekan/tree/master/packages , pull requests should be added to that repo. Not this wekan/ldap. I have not looked is some PR of this wekan/ldap repo is missing from wekan/wekan repo, because I don't have any LDAP server.