[SOGo] BTS activities for Wednesday, March 21 2018
Title: BTS activities for Wednesday, March 21 2018 BTS Activities Home page: http://www.sogo.nu/bugs Project: SOGo For the period covering: Wednesday, March 21 2018 idlast updatestatus (resolution)categorysummary 4429 2018-03-21 08:31:56 updated (open) GUI Password update doesn't work correctly in multidomain enviorement 4430 2018-03-21 08:33:34 updated (open) GUI Password update doesn't work correctly in multidomain enviorement 4428 2018-03-21 05:54:25 updated (open) Web Calendar Allow multipleBookings on Resources when creating a recurring event 4427 2018-03-21 12:56:28 closed (not a bug) GUI No spam report button -- users@sogo.nuhttps://inverse.ca/sogo/lists
Re: [SOGo] missing option to add additional imap account/error: "no mailbox selected"
Wow thank you. Have a nice day. Von meinem iPhone gesendet > Am 21.03.2018 um 14:31 schrieb Christian Mack > (christian.m...@uni-konstanz.de) : > > Hello > > You have to uncomment options in sogo.conf, in order to make them active ;-) > Comments are the two slashes at the beginning of the line. > > SOGoMailAuxiliaryUserAccountsEnabled is therefore not active in your > configuration. > > > Kind regards, > Christian Mack > > Am 18.03.2018 um 21:45 schrieb Jason Daigo (m...@jasondaigo.de): >>> >>> sorry if i do this wriong; never used a mailing list before; after days of >>> frustraion i got a sogo >>> instance running here at home; i was only thinking about setting up >>> caldav,carddav and wanted to use gmail imap; >>> so i have no dovecot or postfix instance running; i hope that is not the >>> reason i cannot see any options to add additional imap accounts. however >>> when i use the sogo-tool i can add an account with MailAuxiliary. it is >>> also losted in the web interface. but on the email tab i only get the >>> message "no mailbox selected". is there any command i have to type in to >>> select my gmail account or something? >>> thanks for ur time; >>> below my conf >>> >>> { >>> /* * Main SOGo configuration file >>> ** >>> * >>> * >>> * Since the content of this file is a dictionary in OpenStep plist format, >>> * >>> * the curly braces enclosing the body of the configuration are mandatory. >>> * >>> * See the Installation Guide for details on the format. >>> * >>> * >>> * >>> * C and C++ style comments are supported. >>> * >>> * >>> * >>> * This example configuration contains only a subset of all available >>> * >>> * configuration parameters. Please see the installation guide more >>> details. * >>> * >>> * >>> * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file, >>> * >>> * make sure to move it away to avoid unwanted parameter overrides. >>> * >>> * >>> * >>> * >>> **/ >>> >>> /* Database configuration (mysql:// or postgresql://) */ >>> >>> SOGoProfileURL = "mysql://sogo:**@localhost/sogo/sogo_user_profile"; >>> OCSFolderInfoURL = "mysql://sogo:**@localhost/sogo/sogo_folder_info"; >>> OCSSessionsFolderURL = >>> "mysql://sogo:**@localhost/sogo/sogo_sessions_folder"; >>> >>> >>> /* Mail */ >>> //SOGoDraftsFolderName = Drafts; >>> //SOGoSentFolderName = Sent; >>> //SOGoTrashFolderName = Trash; >>> //SOGoIMAPServer = localhost; >>> //SOGoSieveServer = sieve://127.0.0.1:4190; >>> //SOGoSMTPServer = 127.0.0.1; >>> //SOGoMailDomain = jasondaigo.de; >>> //SOGoMailingMechanism = smtp; >>> //SOGoForceExternalLoginWithEmail = NO; >>> //SOGoMailSpoolPath = /var/spool/sogo; >>> //NGImap4ConnectionStringSeparator = "/"; >>> >>> /* Notifications */ >>> //SOGoAppointmentSendEMailNotifications = NO; >>> //SOGoACLsSendEMailNotifications = NO; >>> //SOGoFoldersSendEMailNotifications = NO; >>> >>> /* Authentication */ >>> //SOGoPasswordChangeEnabled = YES; >>> SOGoUserSources = >>> ( >>> { >>> type = sql; >>> id = directory; >>> viewURL = "mysql://sogo:**@127.0.0.1:3306/sogo/sogo_users"; >>> canAuthenticate = YES; >>> isAddressBook = YES; >>> displayName = "directory"; >>> userPasswordAlgorithm = md5; >>> } >>> ); >>> >>> /* SQL authentication example */ >>> /* These database columns MUST be present in the view/table: >>> *c_uid - will be used for authentication - it's the username or >>> usern...@domain.tld) >>> *c_name - which can be identical to c_uid - will be used to uniquely >>> identify entries >>> *c_password - password of the user, plain-text, md5 or sha encoded for >>> now >>> *c_cn - the user's common name - such as "John Doe" >>> *mail - the user's mail address >>> * See the installation guide for more details >>> */ >>> /* Web Interface */ >>> //SOGoPageTitle = SOGo; >>> //SOGoVacationEnabled = YES; >>> //SOGoForwardEnabled = YES; >>> //SOGoSieveScriptsEnabled = YES; >>> //SOGoMailAuxiliaryUserAccountsEnabled = YES; >>> //SOGoTrustProxyAuthentication = NO; >>> //SOGoXSRFValidationEnabled = YES; >>> >>> /* General - SOGoTimeZone *MUST* be defined */ >>> //SOGoLanguage = German; >>> //SOGoTimeZone = Europe/Berlin; >>> //SOGoCalendarDefaultRoles = ( >>> // PublicDAndTViewer, >>> // ConfidentialDAndTViewer >>> //); >>> //SOGoSuperUsernames
Re: [SOGo] SOGoWebAuthenticator, wrong passwords
On 03/21/2018 02:09 PM, Christian Mack (christian.m...@uni-konstanz.de) wrote: Someone is trying to authenticate with an invalid user password pair. We have those too. It is always a base64 encoded string. I read somewhere, that the big chinese firewall is using such strings to test services with encrypted communication. Not sure if that is true, but we get those all the time. Nothing to worry about. Good, thanks! MJ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] sogod child exited due to signal 6
On Fri, 16 Mar 2018, Christian Mack wrote: Am 14.03.2018 um 12:53 schrieb Henk van Oers (hvo...@xs4all.nl): I use Apache 2.4, Dovecot, postfix, Postgresql and SOGo 3.2.9, all installed via FreeBSD 11.1 "ports". My users are in a PG table, so I use a "sogo_view" as per install guide. Pointing my browser to the webserver I get the login page, but submitting the username/password I get a "red" screen. How do I debug this? sogo.log: Mar 14 12:13:44 sogod [765]: |SOGo| starting method 'POST' on uri '/SOGo/connect' Mar 14 12:13:44 sogod [765]: <0x0x80d734b30[SOGoCache]> Cache cleanup interval set every 300.00 seconds Mar 14 12:13:44 sogod [765]: <0x0x80d734b30[SOGoCache]> Using host(s) '/var/run/memcached/memcached.sock' as server(s) 2018-03-14 12:13:44.596 sogod[765:100090] PostgreSQL72 connection established: <0x0x811d7da30[PGConnection]:? connection=0x0x80bf12600> 2018-03-14 12:13:44.596 sogod[765:100090] PostgreSQL72 channel 0x0x80bca4e30 opened (connection=<0x0x811d7da30[PGConnection]: connection=0x0x80bf12600>) 2018-03-14 12:13:44.596 sogod[765:100090] PG0x0x80bca4e30 SQL: SELECT c_password FROM sogo_view WHERE c_uid = 'henk' Mar 14 12:13:44 sogod [651]: <0x0x80d67efb0[WOWatchDogChild]> child 765 exited < cut > What errors does your postgresql log? None. Can you do that SELECT from psql as user sogo? Yes I can. (And get the right password from the right user.) What do you get with PGDebugEnabled = YES; in sogo.conf? I have turned on all Debug flags weeks ago :-( -- Henk -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo and samba 4 AD authentification
El 20/03/18 a les 19:05, Goetz Reinicke (goetz.reini...@filmakademie.de) ha escrit: Am 20.03.2018 um 18:30 schrieb Luca Olivetti (l...@wetron.es) : El 20/03/18 a les 18:02, Goetz Reinicke (goetz.reini...@filmakademie.de) ha escrit: I did that and it works, but disabling encryption as i understand that, is notes good option. use ldap server require strong auth = allow_sasl_over_tls (I suppose you already enabled tls in samba) Not yet, as i was not aware that I have to need it. Tls enable etc are the options?! https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007 -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo and samba 4 AD authentification - SOLVED
Thanks to all, I got it up and running. (For now with TLS_REQCERT never). Regards . Götz -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo and samba 4 AD authentification
Am 20.03.2018 um 15:56 schrieb Götz Reinicke (goetz.reini...@filmakademie.de): > Hi, > > I try to use our samba 4 ad as the user source but looks like I miss an point > or option. > > I have added a dedicated user to the ad, edited the config and restarted > SOGo&memcached. > > From the logs so far I guess it’s a SSL problem. Yes it is. You need to install the certificates at the distro level (localtion can be specified in /etc/openldap/ldap.conf) or configure /etc/openldap/ldap.conf to not check the certificates with: TLS_REQCERT never Location of the files may vary. This is for Centos. Sogo.conf looks like this: SOGoUserSources = ( { CNFieldName = displayName; IDFieldName = sAMAccountName; UIDFieldName = sAMAccountName; bindAsCurrentUser =YES; baseDN = "cn=xx,dc=xx,dc=xx,dc=xx"; bindDN = "CN=xx,CN=xx,DC=xx,DC=xx,DC=xx"; bindFields = ( sAMAccountName ); bindPassword = "xx"; listRequiresDot = NO; canAuthenticate = YES; displayName = xx; hostname = "ldaps://xx.xx.xx"; id = xx; isAddressBook = YES; SearchFieldNames = (sAMAccountName,displayName,mail); } As you can see we have the domain name as ldap server this des a "crude" load balancing as the DNS returns the IPs of all DCs in the ActiveDirectory. regards > > May be someone has already a working set and can share the hints and doc how > to use that? > > Thanks & Regards . Götz > > -- Dr. Christian Naumer Research Scientist Plattform-Koordinator Bioprozesstechnik B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail c...@brain-biotech.de, homepage www.brain-biotech.de fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel Aufsichtsratsvorsitzender: Dr. Ludger Mueller -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] SOGo4, LDAP Groups and Free/Busy Time - Web UI not showing up as expected
Hi, I configured LDAP groups and wanted to check the invitation and free/busy time visual web interface. The group shows up. As I’m and a college are in that group too I can confirm that I’m busy at that time slot in question for the new event. So is the college. But in the Web UI for the group it shows no busy at that time for the group and expands just me to the attendees list. If I remove the group (-)-button my name is also removed. Any hints/suggestions? Regards . Götz -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] missing option to add additional imap account/error: "no mailbox selected"
Hello You have to uncomment options in sogo.conf, in order to make them active ;-) Comments are the two slashes at the beginning of the line. SOGoMailAuxiliaryUserAccountsEnabled is therefore not active in your configuration. Kind regards, Christian Mack Am 18.03.2018 um 21:45 schrieb Jason Daigo (m...@jasondaigo.de): >> >> sorry if i do this wriong; never used a mailing list before; after days of >> frustraion i got a sogo >> instance running here at home; i was only thinking about setting up >> caldav,carddav and wanted to use gmail imap; >> so i have no dovecot or postfix instance running; i hope that is not the >> reason i cannot see any options to add additional imap accounts. however >> when i use the sogo-tool i can add an account with MailAuxiliary. it is also >> losted in the web interface. but on the email tab i only get the message "no >> mailbox selected". is there any command i have to type in to select my gmail >> account or something? >> thanks for ur time; >> below my conf >> >> { >> /* * Main SOGo configuration file >> ** >> * >> * >> * Since the content of this file is a dictionary in OpenStep plist format, >> * >> * the curly braces enclosing the body of the configuration are mandatory. >> * >> * See the Installation Guide for details on the format. >> * >> * >> * >> * C and C++ style comments are supported. >> * >> * >> * >> * This example configuration contains only a subset of all available >> * >> * configuration parameters. Please see the installation guide more >> details. * >> * >> * >> * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file, >> * >> * make sure to move it away to avoid unwanted parameter overrides. >> * >> * >> * >> * >> **/ >> >> /* Database configuration (mysql:// or postgresql://) */ >> >>SOGoProfileURL = "mysql://sogo:**@localhost/sogo/sogo_user_profile"; >>OCSFolderInfoURL = "mysql://sogo:**@localhost/sogo/sogo_folder_info"; >>OCSSessionsFolderURL = >> "mysql://sogo:**@localhost/sogo/sogo_sessions_folder"; >> >> >> /* Mail */ >> //SOGoDraftsFolderName = Drafts; >> //SOGoSentFolderName = Sent; >> //SOGoTrashFolderName = Trash; >> //SOGoIMAPServer = localhost; >> //SOGoSieveServer = sieve://127.0.0.1:4190; >> //SOGoSMTPServer = 127.0.0.1; >> //SOGoMailDomain = jasondaigo.de; >> //SOGoMailingMechanism = smtp; >> //SOGoForceExternalLoginWithEmail = NO; >> //SOGoMailSpoolPath = /var/spool/sogo; >> //NGImap4ConnectionStringSeparator = "/"; >> >> /* Notifications */ >> //SOGoAppointmentSendEMailNotifications = NO; >> //SOGoACLsSendEMailNotifications = NO; >> //SOGoFoldersSendEMailNotifications = NO; >> >> /* Authentication */ >> //SOGoPasswordChangeEnabled = YES; >> SOGoUserSources = >>( >> { >>type = sql; >>id = directory; >>viewURL = "mysql://sogo:**@127.0.0.1:3306/sogo/sogo_users"; >>canAuthenticate = YES; >>isAddressBook = YES; >>displayName = "directory"; >>userPasswordAlgorithm = md5; >> } >>); >> >> /* SQL authentication example */ >> /* These database columns MUST be present in the view/table: >> *c_uid - will be used for authentication - it's the username or >> usern...@domain.tld) >> *c_name - which can be identical to c_uid - will be used to uniquely >> identify entries >> *c_password - password of the user, plain-text, md5 or sha encoded for >> now >> *c_cn - the user's common name - such as "John Doe" >> *mail - the user's mail address >> * See the installation guide for more details >> */ >> /* Web Interface */ >> //SOGoPageTitle = SOGo; >> //SOGoVacationEnabled = YES; >> //SOGoForwardEnabled = YES; >> //SOGoSieveScriptsEnabled = YES; >> //SOGoMailAuxiliaryUserAccountsEnabled = YES; >> //SOGoTrustProxyAuthentication = NO; >> //SOGoXSRFValidationEnabled = YES; >> >> /* General - SOGoTimeZone *MUST* be defined */ >> //SOGoLanguage = German; >> //SOGoTimeZone = Europe/Berlin; >> //SOGoCalendarDefaultRoles = ( >> // PublicDAndTViewer, >> // ConfidentialDAndTViewer >> //); >> //SOGoSuperUsernames = (sogo1, sogo2, jason); // This is an array - keep >> the parens! >> //SxVMemLimit = 384; >> //WOPidFile = "/var/run/sogo/sogo.pid"; >> //SOGoMemcachedHost = "/var/run/memcached.sock"; >> >> /* Debug */ >> //SOGoDebugReque
Re: [SOGo] SOGoWebAuthenticator, wrong passwords
Am 20.03.2018 um 10:33 schrieb lists (li...@merit.unu.edu): > Hi, > > We are getting log lines like this: > >> <158>1 2018-03-20T10:17:49.544178+01:00 sogoserver sogo - - Mar 20 >> 10:17:45 sogod [28582]: <0x0x7fbcb177c880[SOGoWebAuthenticator]> tried >> wrong password for user >> 'ZawE0cMY4hOVWGhBgt/ycpig2IavEcsEme1EYTs/cd/HOQOWgHmO/00WKsUyK0nfiR/gYKnhjMDavlYVTZjgKvYkwHj0bisq5F9JbiPmN1Y04wFbgUC/TBTZJLphMeSVqL7WXKipUSxb71mlYYDVe8F5Tpr3/77PLlsEM9bg=='! >> > > The above is just a sample, there are more lines like that, but with > different strings. > > Could anyone explain what that means? > > As you can perhaps guess, this is not a username on our systems. > > (this is sogo 2.3.23 on wheezy) > Someone is trying to authenticate with an invalid user password pair. We have those too. It is always a base64 encoded string. I read somewhere, that the big chinese firewall is using such strings to test services with encrypted communication. Not sure if that is true, but we get those all the time. Nothing to worry about. Kind regards, Christian Mack -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung Basisdienste 78457 Konstanz +49 7531 88-4416 smime.p7s Description: S/MIME Cryptographic Signature
Re: [SOGo] Sogo and samba 4 AD authentification
Hi, On 03/20/2018 06:05 PM, Goetz Reinicke (goetz.reini...@filmakademie.de) wrote: So haproxy is Talking encrypted to the samba servers? With the option of failover this sounds interesting. How hard is the haproxy configuration? Yes, like that. Config not very complicated, and it works very nicely. In fact we do this on all servers that require ldap connections. Relevant bits from haproxy.cfg: frontend ldap_service_front mode tcp bind localhost:389 description LDAP Service optionsocket-stats optiontcpka timeout client5s default_backend ldaps_service_back backend ldaps_service_back mode tcp balance roundrobin serverdc2 ldap.server.ip.1:636 check fall 1 rise 1 inter 2s verify none check check-ssl ssl serverdc3 ldap.server.ip.2:636 check fall 1 rise 1 inter 2s verify none check check-ssl ssl serverdc4 ldap.server.ip.3:636 check fall 1 rise 1 inter 2s verify none check check-ssl ssl optionlog-health-checks optionldap-check timeout server2s timeout connect 2s As you can see, we are currently not checking the certificates, which is not good. This is still on our to-do list. MJ -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Sogo and samba 4 AD authentification
> Am 20.03.2018 um 18:30 schrieb Luca Olivetti (l...@wetron.es) : > > El 20/03/18 a les 18:02, Goetz Reinicke (goetz.reini...@filmakademie.de) ha > escrit: >> I did that and it works, but disabling encryption as i understand that, is >> notes good option. > > use > > ldap server require strong auth = allow_sasl_over_tls > > (I suppose you already enabled tls in samba) Not yet, as i was not aware that I have to need it. Tls enable etc are the options?! Thanks and regards . Götz -- users@sogo.nu https://inverse.ca/sogo/lists