Univention Portal - cannot restrict visibility of entries, disappears for everyone (even admin)

Since I installed UCS (it was 4.3 back then) I couldn’t get the portal entry visibility settings to work.
Whatever groups I set in the entry’s visibility settings, the entry always just disappears for everyone (even for the administrator account) and can be brought back only from accessing the entry directly from management -> domain -> portal by removing the group restrictions.

I read about it and found something related to missing memberOf, but I installed it and it’s still not working.
My domain name is company.intranet, here are the memberof settings:

Output of univention-ldapsearch uid=username membeorf | grep -i memberof:

#requesting: memberof
memberOf: cn=Domain Users,cn=groups,dc=company,dc=intranet
memberOf: cn=IT,cn=groups,dc=company,dc=intranet

However still, it doesn’t work no matter what groups I set, even adding just Domain Guests makes the entry disappear for everyone (including admin)

What can be wrong that it doesn’t detect any groups, even the guest one?

Which version are you currently running? See ucr search --brief version/

Additionally, please post the output of the following commands (replace <PortalEntryName> with the name of the portal entry you’re modifying):

univention-ldapsearch -LLLo ldif-wrap=no -b cn=<PortalEntryName>,cn=portal,cn=univention,$(ucr get ldap/base)|grep -v EntryIcon
univention-check-join-status

ucr search --brief version/:

repository/mirror/version/end: <empty>
repository/mirror/version/start: <empty>
version/erratalevel: 246
version/patchlevel: 1
version/releasename: Blumenthal
version/version: 4.4

Output of ldapsearch:

dn: cn=SysPass,cn=portal,cn=univention,dc=company,dc=intranet
unventionPortalEntryDisplayName: de_DE SysPass
unventionPortalEntryDisplayName: en_US SysPass
univentionPortalEntryAuthRestriction: anonymous
univentionPortalEntryCategory: service
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryDescrpition: ZGVfREUg
univentionPortalEntryDescription: ZW5fVVMg
cn: SysPass
univentionPortalEntryPortal: cn=domain,cn=portal,cn=univention,dc=company,dc=intranet
univentionPortalEntryLink: [http link to my syspass service]
univentionPortalEntryActivate: TRUE
univentionPortalEntryLinkTarget: userportaldefault

It’s not just about one entry, I cannot hide any of them (well I can, but then it will disappear for everyone)

Thanks. You seem to have overlooked this one; please post its output, too:

Next question: when you visit the portal, have you actually logged in? On the top right the button should read either “login” and show a closed lock symbol ( = you’re currently logged out) or “logout” and an opened lock symbol (= you’re indeed logged in).

Hi,
sorry for late reply

Yes, I am logged in. In order to update the portal settings I’m logged in as admin, the entry disappears right after adding groups to visibility restriction and clicking Save. I can’t see nor edit it on the portal or portal edition, I need to remove the groups from Domain -> Portal settings directly

join status: Joined successfully

Updated output of univention-ldapsearch ... when the entry has restricted visibility:

dn: cn=SysPass,cn=portal,cn=univention,dc=company,dc=intranet
unventionPortalEntryDisplayName: de_DE SysPass
unventionPortalEntryDisplayName: en_US SysPass
univentionPortalEntryAuthRestriction: anonymous
univentionPortalEntryCategory: service
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryDescrpition: ZGVfREUg
univentionPortalEntryDescription: ZW5fVVMg
cn: SysPass
univentionPortalEntryPortal: cn=domain,cn=portal,cn=univention,dc=company,dc=intranet
univentionPortalEntryLink: [http link to my syspass service]
univentionPortalEntryActivate: TRUE
univentionPortalEntryLinkTarget: userportaldefault
univentionPortalEntryAllowedUserGroup: cn=Domain Admins,cn=groups,dc=company,dc=intranet
univentionPortalEntryAllowedUserGroup: cn=Domain Users,cn=groups,dc=company,dc=intranet

As you can see, despite having both Domain admins and Domain Users, I cannot see the entry (even when logged in with the administrator account)|
If i remove the groups from visibility restriction, I can see everything, but then also guests can see it (and I’d rather not point unwanted people to our syspass service)

Alright. The LDAP search output looks good to me.

Can you please try restarting the following two services and see whether that makes a difference (you might have to log in again after the restart):

systemctl restart univention-management-console-server.service univention-management-console-web-server.service

If that doesn’t help, you can also try re-initializing the listener modules dealing with portals:

univention-directory-listener-ctrl resync portal
univention-directory-listener-ctrl resync portal_entry
univention-directory-listener-ctrl resync portal_category