[SOGo] BTS activities for Wednesday, March 21 2018

2018-03-21 Thread SOGo reporter 
Title: BTS activities for Wednesday, March 21 2018





  
BTS Activities

  Home page: http://www.sogo.nu/bugs
  Project: SOGo
  For the period covering: Wednesday, March 21 2018

  
  
idlast updatestatus (resolution)categorysummary
	
	
	  
	
4429
	2018-03-21 08:31:56
	updated (open)
	GUI
	Password update doesn't work correctly in multidomain enviorement
	
	  
	
4430
	2018-03-21 08:33:34
	updated (open)
	GUI
	Password update doesn't work correctly in multidomain enviorement
	
	  
	
4428
	2018-03-21 05:54:25
	updated (open)
	Web Calendar
	Allow multipleBookings on Resources when creating a recurring event
	
	  
	
4427
	2018-03-21 12:56:28
	closed (not a bug)
	GUI
	No spam report button
	
	  
	
  
  


-- users@sogo.nuhttps://inverse.ca/sogo/lists

Re: [SOGo] missing option to add additional imap account/error: "no mailbox selected"

2018-03-21 Thread Jason Daigo 
Wow thank you. Have a nice day. 

Von meinem iPhone gesendet

> Am 21.03.2018 um 14:31 schrieb Christian Mack 
> (christian.m...@uni-konstanz.de) :
> 
> Hello
> 
> You have to uncomment options in sogo.conf, in order to make them active ;-)
> Comments are the two slashes at the beginning of the line.
> 
> SOGoMailAuxiliaryUserAccountsEnabled is therefore not active in your
> configuration.
> 
> 
> Kind regards,
> Christian Mack
> 
> Am 18.03.2018 um 21:45 schrieb Jason Daigo (m...@jasondaigo.de):
>>> 
>>> sorry if i do this wriong; never used a mailing list before; after days of 
>>> frustraion i got a sogo 
>>> instance running here at home; i was only thinking about setting up 
>>> caldav,carddav and wanted to use gmail imap;
>>> so i have no dovecot or postfix instance running; i hope that is not the 
>>> reason i cannot see any options to add additional imap accounts. however 
>>> when i use the sogo-tool i can add an account with MailAuxiliary. it is 
>>> also losted in the web interface. but on the email tab i only get the 
>>> message "no mailbox selected". is there any command i have to type in to 
>>> select my gmail account or something?
>>> thanks for ur time; 
>>> below my conf
>>> 
>>> {
>>> /* *  Main SOGo configuration file  
>>> **
>>>  *  
>>>  *   
>>>  * Since the content of this file is a dictionary in OpenStep plist format, 
>>>  *
>>>  * the curly braces enclosing the body of the configuration are mandatory.  
>>>  *   
>>>  * See the Installation Guide for details on the format.
>>>  *   
>>>  *  
>>>  *   
>>>  * C and C++ style comments are supported.  
>>>  *   
>>>  *  
>>>  *   
>>>  * This example configuration contains only a subset of all available   
>>>  *   
>>>  * configuration parameters. Please see the installation guide more 
>>> details. *
>>>  *  
>>>  *   
>>>  * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file,   
>>>  *   
>>>  * make sure to move it away to avoid unwanted parameter overrides. 
>>>  *   
>>>  *  
>>>  *   
>>>  * 
>>> **/
>>> 
>>> /* Database configuration (mysql:// or postgresql://) */
>>> 
>>>   SOGoProfileURL = "mysql://sogo:**@localhost/sogo/sogo_user_profile";
>>>   OCSFolderInfoURL = "mysql://sogo:**@localhost/sogo/sogo_folder_info";
>>>   OCSSessionsFolderURL = 
>>> "mysql://sogo:**@localhost/sogo/sogo_sessions_folder";
>>> 
>>> 
>>> /* Mail */
>>> //SOGoDraftsFolderName = Drafts;
>>> //SOGoSentFolderName = Sent;
>>> //SOGoTrashFolderName = Trash;
>>> //SOGoIMAPServer = localhost;
>>> //SOGoSieveServer = sieve://127.0.0.1:4190;
>>> //SOGoSMTPServer = 127.0.0.1;
>>> //SOGoMailDomain = jasondaigo.de;
>>> //SOGoMailingMechanism = smtp;
>>> //SOGoForceExternalLoginWithEmail = NO;
>>> //SOGoMailSpoolPath = /var/spool/sogo;
>>> //NGImap4ConnectionStringSeparator = "/";
>>> 
>>> /* Notifications */
>>> //SOGoAppointmentSendEMailNotifications = NO;
>>> //SOGoACLsSendEMailNotifications = NO;
>>> //SOGoFoldersSendEMailNotifications = NO;
>>> 
>>> /* Authentication */
>>> //SOGoPasswordChangeEnabled = YES;
>>> SOGoUserSources =
>>>   (
>>> {
>>>   type = sql;
>>>   id = directory;
>>>   viewURL = "mysql://sogo:**@127.0.0.1:3306/sogo/sogo_users";
>>>   canAuthenticate = YES;
>>>   isAddressBook = YES;
>>>   displayName = "directory";
>>>   userPasswordAlgorithm = md5;
>>> }
>>>   );
>>> 
>>> /* SQL authentication example */
>>> /*  These database columns MUST be present in the view/table:
>>>  *c_uid - will be used for authentication -  it's the username or 
>>> usern...@domain.tld)
>>>  *c_name - which can be identical to c_uid -  will be used to uniquely 
>>> identify entries
>>>  *c_password - password of the user, plain-text, md5 or sha encoded for 
>>> now
>>>  *c_cn - the user's common name - such as "John Doe"
>>>  *mail - the user's mail address
>>>  *  See the installation guide for more details
>>>  */
>>> /* Web Interface */
>>> //SOGoPageTitle = SOGo;
>>> //SOGoVacationEnabled = YES;
>>> //SOGoForwardEnabled = YES;
>>> //SOGoSieveScriptsEnabled = YES;
>>> //SOGoMailAuxiliaryUserAccountsEnabled = YES;
>>> //SOGoTrustProxyAuthentication = NO;
>>> //SOGoXSRFValidationEnabled = YES;
>>> 
>>> /* General - SOGoTimeZone *MUST* be defined */
>>> //SOGoLanguage = German;
>>> //SOGoTimeZone = Europe/Berlin;
>>> //SOGoCalendarDefaultRoles = (
>>> //  PublicDAndTViewer,
>>> //  ConfidentialDAndTViewer
>>> //);
>>>

Re: [SOGo] SOGoWebAuthenticator, wrong passwords

2018-03-21 Thread mj 



On 03/21/2018 02:09 PM, Christian Mack (christian.m...@uni-konstanz.de) 
wrote:

Someone is trying to authenticate with an invalid user password pair.
We have those too.
It is always a base64 encoded string.
I read somewhere, that the big chinese firewall is using such strings to
test services with encrypted communication.
Not sure if that is true, but we get those all the time.
Nothing to worry about.


Good, thanks!

MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] sogod child exited due to signal 6

2018-03-21 Thread Henk van Oers 

On Fri, 16 Mar 2018, Christian Mack wrote:


Am 14.03.2018 um 12:53 schrieb Henk van Oers (hvo...@xs4all.nl):


I use Apache 2.4, Dovecot, postfix, Postgresql
and SOGo 3.2.9, all installed via FreeBSD 11.1 "ports".

My users are in a PG table, so I use a "sogo_view" as per install guide.

Pointing my browser to the webserver I get the login page,
but submitting the username/password I get a "red" screen.

How do I debug this?

sogo.log:

Mar 14 12:13:44 sogod [765]: |SOGo| starting method 'POST' on uri
'/SOGo/connect'
Mar 14 12:13:44 sogod [765]: <0x0x80d734b30[SOGoCache]> Cache cleanup
interval set every 300.00 seconds
Mar 14 12:13:44 sogod [765]: <0x0x80d734b30[SOGoCache]> Using host(s)
'/var/run/memcached/memcached.sock' as server(s)
2018-03-14 12:13:44.596 sogod[765:100090] PostgreSQL72 connection
established: <0x0x811d7da30[PGConnection]:? connection=0x0x80bf12600>
2018-03-14 12:13:44.596 sogod[765:100090] PostgreSQL72 channel
0x0x80bca4e30 opened (connection=<0x0x811d7da30[PGConnection]:
connection=0x0x80bf12600>)
2018-03-14 12:13:44.596 sogod[765:100090] PG0x0x80bca4e30 SQL: SELECT
c_password FROM sogo_view WHERE c_uid = 'henk'
Mar 14 12:13:44 sogod [651]: <0x0x80d67efb0[WOWatchDogChild]> child 765
exited

< cut >

What errors does your postgresql log?


None.


Can you do that SELECT from psql as user sogo?


Yes I can. (And get the right password from the right user.)


What do you get with PGDebugEnabled = YES; in sogo.conf?


I have turned on all Debug flags weeks ago :-(


--
Henk
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo and samba 4 AD authentification

2018-03-21 Thread Luca Olivetti 
El 20/03/18 a les 19:05, Goetz Reinicke (goetz.reini...@filmakademie.de) 
ha escrit:




Am 20.03.2018 um 18:30 schrieb Luca Olivetti (l...@wetron.es) :

El 20/03/18 a les 18:02, Goetz Reinicke (goetz.reini...@filmakademie.de) ha 
escrit:

I did that and it works, but disabling encryption as i understand that, is 
notes good option.


use

ldap server require strong auth = allow_sasl_over_tls

(I suppose you already enabled tls in samba)


Not yet, as i was not aware that I have to need it. Tls enable etc are the 
options?!



https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC


Bye
--
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010)  Fax +34 93 5883007
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo and samba 4 AD authentification - SOLVED

2018-03-21 Thread goetz.reini...@filmakademie.de 
Thanks to all, I got it up and running. (For now with TLS_REQCERT never).

Regards . Götz
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo and samba 4 AD authentification

2018-03-21 Thread Christian Naumer 
Am 20.03.2018 um 15:56 schrieb Götz Reinicke
(goetz.reini...@filmakademie.de):
> Hi,
> 
> I try to use our samba 4 ad as the user source but looks like I miss an point 
> or option.
> 
> I have added a dedicated user to the ad, edited the config and restarted 
> SOGo
> 
> From the logs so far I guess it’s a SSL problem.

Yes it is. You need to install the certificates at the distro level
(localtion can be specified in /etc/openldap/ldap.conf) or configure
/etc/openldap/ldap.conf to not check the certificates with:

TLS_REQCERT never


Location of the files may vary. This is for Centos.

Sogo.conf looks like this:

SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
bindAsCurrentUser =YES;
baseDN = "cn=xx,dc=xx,dc=xx,dc=xx";
bindDN = "CN=xx,CN=xx,DC=xx,DC=xx,DC=xx";
bindFields = (
sAMAccountName
);
bindPassword = "xx";
listRequiresDot = NO;
canAuthenticate = YES;
displayName = xx;
hostname = "ldaps://xx.xx.xx";
id = xx;
isAddressBook = YES;
SearchFieldNames =
(sAMAccountName,displayName,mail);
}

As you can see we have the domain name as ldap server this des a "crude"
load balancing as the DNS returns the IPs of all DCs in the ActiveDirectory.


regards



> 
> May be someone has already a working set and can share the hints and doc how 
> to use that?
> 
>   Thanks & Regards . Götz
> 
> 

-- 
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail c...@brain-biotech.de, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller
-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] SOGo4, LDAP Groups and Free/Busy Time - Web UI not showing up as expected

2018-03-21 Thread goetz.reini...@filmakademie.de 
Hi,

I configured LDAP groups and wanted to check the invitation and free/busy time 
visual web interface. The group shows up.

As I’m and a college are in that group too I can confirm that I’m busy at that 
time slot in question for the new event. So is the college.

But in the Web UI for the group it shows no busy at that time for the group and 
expands just me to the attendees list. If I remove the group (-)-button my name 
is also removed.

Any hints/suggestions? Regards . Götz


-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] missing option to add additional imap account/error: "no mailbox selected"

2018-03-21 Thread Christian Mack 
Hello

You have to uncomment options in sogo.conf, in order to make them active ;-)
Comments are the two slashes at the beginning of the line.

SOGoMailAuxiliaryUserAccountsEnabled is therefore not active in your
configuration.


Kind regards,
Christian Mack

Am 18.03.2018 um 21:45 schrieb Jason Daigo (m...@jasondaigo.de):
>>
>> sorry if i do this wriong; never used a mailing list before; after days of 
>> frustraion i got a sogo 
>> instance running here at home; i was only thinking about setting up 
>> caldav,carddav and wanted to use gmail imap;
>> so i have no dovecot or postfix instance running; i hope that is not the 
>> reason i cannot see any options to add additional imap accounts. however 
>> when i use the sogo-tool i can add an account with MailAuxiliary. it is also 
>> losted in the web interface. but on the email tab i only get the message "no 
>> mailbox selected". is there any command i have to type in to select my gmail 
>> account or something?
>> thanks for ur time; 
>> below my conf
>>
>> {
>>  /* *  Main SOGo configuration file  
>> **
>>   *  
>>  *   
>>   * Since the content of this file is a dictionary in OpenStep plist format, 
>>  *
>>   * the curly braces enclosing the body of the configuration are mandatory.  
>>  *   
>>   * See the Installation Guide for details on the format.
>>  *   
>>   *  
>>  *   
>>   * C and C++ style comments are supported.  
>>  *   
>>   *  
>>  *   
>>   * This example configuration contains only a subset of all available   
>>  *   
>>   * configuration parameters. Please see the installation guide more 
>> details. *
>>   *  
>>  *   
>>   * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file,   
>>  *   
>>   * make sure to move it away to avoid unwanted parameter overrides. 
>>  *   
>>   *  
>>  *   
>>   * 
>> **/
>>
>>  /* Database configuration (mysql:// or postgresql://) */
>>
>>SOGoProfileURL = "mysql://sogo:**@localhost/sogo/sogo_user_profile";
>>OCSFolderInfoURL = "mysql://sogo:**@localhost/sogo/sogo_folder_info";
>>OCSSessionsFolderURL = 
>> "mysql://sogo:**@localhost/sogo/sogo_sessions_folder";
>>
>>
>>  /* Mail */
>>  //SOGoDraftsFolderName = Drafts;
>>  //SOGoSentFolderName = Sent;
>>  //SOGoTrashFolderName = Trash;
>>  //SOGoIMAPServer = localhost;
>>  //SOGoSieveServer = sieve://127.0.0.1:4190;
>>  //SOGoSMTPServer = 127.0.0.1;
>>  //SOGoMailDomain = jasondaigo.de;
>>  //SOGoMailingMechanism = smtp;
>>  //SOGoForceExternalLoginWithEmail = NO;
>>  //SOGoMailSpoolPath = /var/spool/sogo;
>>  //NGImap4ConnectionStringSeparator = "/";
>>
>>  /* Notifications */
>>  //SOGoAppointmentSendEMailNotifications = NO;
>>  //SOGoACLsSendEMailNotifications = NO;
>>  //SOGoFoldersSendEMailNotifications = NO;
>>
>>  /* Authentication */
>>  //SOGoPasswordChangeEnabled = YES;
>>  SOGoUserSources =
>>(
>>  {
>>type = sql;
>>id = directory;
>>viewURL = "mysql://sogo:**@127.0.0.1:3306/sogo/sogo_users";
>>canAuthenticate = YES;
>>isAddressBook = YES;
>>displayName = "directory";
>>userPasswordAlgorithm = md5;
>>  }
>>);
>>
>>  /* SQL authentication example */
>>  /*  These database columns MUST be present in the view/table:
>>   *c_uid - will be used for authentication -  it's the username or 
>> usern...@domain.tld)
>>   *c_name - which can be identical to c_uid -  will be used to uniquely 
>> identify entries
>>   *c_password - password of the user, plain-text, md5 or sha encoded for 
>> now
>>   *c_cn - the user's common name - such as "John Doe"
>>   *mail - the user's mail address
>>   *  See the installation guide for more details
>>   */
>>  /* Web Interface */
>>  //SOGoPageTitle = SOGo;
>>  //SOGoVacationEnabled = YES;
>>  //SOGoForwardEnabled = YES;
>>  //SOGoSieveScriptsEnabled = YES;
>>  //SOGoMailAuxiliaryUserAccountsEnabled = YES;
>>  //SOGoTrustProxyAuthentication = NO;
>>  //SOGoXSRFValidationEnabled = YES;
>>
>>  /* General - SOGoTimeZone *MUST* be defined */
>>  //SOGoLanguage = German;
>>  //SOGoTimeZone = Europe/Berlin;
>>  //SOGoCalendarDefaultRoles = (
>>  //  PublicDAndTViewer,
>>  //  ConfidentialDAndTViewer
>>  //);
>>  //SOGoSuperUsernames = (sogo1, sogo2, jason); // This is an array - keep 
>> the parens!
>>  //SxVMemLimit = 384;
>>  //WOPidFile = "/var/run/sogo/sogo.pid";
>>  //SOGoMemcachedHost = "/var/run/memcached.sock";
>>
>>  /* Debug */
>>

Re: [SOGo] SOGoWebAuthenticator, wrong passwords

2018-03-21 Thread Christian Mack 
Am 20.03.2018 um 10:33 schrieb lists (li...@merit.unu.edu):
> Hi,
> 
> We are getting log lines like this:
> 
>> <158>1 2018-03-20T10:17:49.544178+01:00 sogoserver sogo  - - Mar 20
>> 10:17:45 sogod [28582]: <0x0x7fbcb177c880[SOGoWebAuthenticator]> tried
>> wrong password for user
>> 'ZawE0cMY4hOVWGhBgt/ycpig2IavEcsEme1EYTs/cd/HOQOWgHmO/00WKsUyK0nfiR/gYKnhjMDavlYVTZjgKvYkwHj0bisq5F9JbiPmN1Y04wFbgUC/TBTZJLphMeSVqL7WXKipUSxb71mlYYDVe8F5Tpr3/77PLlsEM9bg=='!
>>
> 
> The above is just a sample, there are more lines like that, but with
> different strings.
> 
> Could anyone explain what that means?
> 
> As you can perhaps guess, this is not a username on our systems.
> 
> (this is sogo 2.3.23 on wheezy)
> 

Someone is trying to authenticate with an invalid user password pair.
We have those too.
It is always a base64 encoded string.
I read somewhere, that the big chinese firewall is using such strings to
test services with encrypted communication.
Not sure if that is true, but we get those all the time.
Nothing to worry about.


Kind regards,
Christian Mack

-- 
Christian Mack
Universität Konstanz
Kommunikations-, Informations-, Medienzentrum (KIM)
Abteilung Basisdienste
78457 Konstanz
+49 7531 88-4416



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [SOGo] Sogo and samba 4 AD authentification

2018-03-21 Thread mj 

Hi,

On 03/20/2018 06:05 PM, Goetz Reinicke (goetz.reini...@filmakademie.de) 
wrote:

So haproxy is Talking encrypted to the samba servers? With the option of 
failover this sounds interesting. How hard is the haproxy configuration?


Yes, like that. Config not very complicated, and it works very nicely. 
In fact we do this on all servers that require ldap connections.


Relevant bits from haproxy.cfg:


frontend ldap_service_front
  mode  tcp
  bind  localhost:389
  description   LDAP Service
  optionsocket-stats
  optiontcpka
  timeout client5s
  default_backend   ldaps_service_back

backend ldaps_service_back
  mode  tcp
  balance   roundrobin
  serverdc2 ldap.server.ip.1:636 check fall 1 rise 1 inter 2s 
verify none check check-ssl ssl
  serverdc3 ldap.server.ip.2:636 check fall 1 rise 1 inter 2s 
verify none check check-ssl ssl
  serverdc4 ldap.server.ip.3:636 check fall 1 rise 1 inter 2s 
verify none check check-ssl ssl
  optionlog-health-checks
  optionldap-check
  timeout server2s
  timeout connect   2s


As you can see, we are currently not checking the certificates, which is 
not good. This is still on our to-do list.


MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Sogo and samba 4 AD authentification

2018-03-21 Thread Goetz Reinicke 


> Am 20.03.2018 um 18:30 schrieb Luca Olivetti (l...@wetron.es) :
> 
> El 20/03/18 a les 18:02, Goetz Reinicke (goetz.reini...@filmakademie.de) ha 
> escrit:
>> I did that and it works, but disabling encryption as i understand that, is 
>> notes good option.
> 
> use
> 
> ldap server require strong auth = allow_sasl_over_tls
> 
> (I suppose you already enabled tls in samba)

Not yet, as i was not aware that I have to need it. Tls enable etc are the 
options?! 

Thanks and regards . Götz
-- 
users@sogo.nu
https://inverse.ca/sogo/lists