[SOGo] Issues upon 4.0.8 upgrade
Hello,
We recently upgraded our SOGo installation from 4.0.0 to 4.0.8, and the
hosting server from Debian stretch to buster.
SOGo has an Apache-based proxy in front, and the LDAP server lives in
the same machine.
We are seeing some LDAP related authentication glitches since the upgrade:
- Every now and then, people get 401 to some SOGo requests, both
from the Web UI or from caldav clients like Evolution or mobile calendar
apps
- SOGo complaints about not been able to contact the server, but the
server is fully functional, listening on the ports should listen, and
authenticating correctly
Also, since the upgrade, we've noticed that there are quite a lot of
messages referring to the LDAP connections:
Creating NGLdapConnection instance for bindDN
'uid=user,ou=people,dc=domain,dc=org'
Around 250K in the last four days, which seems to be too much for a less
than 100 users instance with around 20 active.
We've seen also the following messages. Last line is quite puzzling. We
do not know where this encoded string is coming from at all.
https://pastebin.com/P1na4Hy8
We would appreciate if you can add some light here because we don't know
what is going on.
Thanks in advance.
Our LDAP config looks as follows:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
SearchFieldNames = (mail, cn);
baseDN = "ou=groups,dc=domain,dc=org";
bindDN = "cn=admin,dc=domain,dc=org";
bindPassword = password;
canAuthenticate = NO;
hostname = ldap:/:/ldap.example.org;
id = ldaplocalgroups;
displayName = "Groups";
isAddressBook = YES;
listRequiresDot = NO;
filter = "(objectClass='groupOfUniqueNames')";
},
{
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = uid;
SearchFieldNames = (uid, mail, cn, givenName, sn);
MailFieldNames = (mail);
baseDN = "ou=people,dc=domain,dc=org";
bindDN = "cn=admin,dc=domain,dc=org";
bindPassword = password;
canAuthenticate = YES;
hostname = ldap://ldap.example.org;
bindAsCurrentUser = YES;
userPasswordAlgorithm = ssha;
id = ldaplocal;
displayName = "People";
isAddressBook = YES;
listRequiresDot = NO;
ModulesConstraints = {
Mail = {
nonexistentattr = TRUE;
};
};
}
);
--
Pablo Abelenda
Mobile: +34606539874
signature.asc
Description: OpenPGP digital signature
Re: [SOGo] Retry message on login having SOGo behind a proxy
On 11/08/2016 01:29 PM, Pablo Abelenda wrote: > On 11/07/2016 02:04 PM, Pablo Abelenda (pabele...@igalia.com) wrote: >> Hi, >> >> I've been using SOGo for quite a while. My setup involves an apache that >> does reverse proxy to the application. >> >> Last week I've upgraded the proxy from apache 2.2 into apache 2.4.10. >> Since then, I've hitting a little issue. Everytime I enter the login and >> password on the login form the UI show up a red error message saying >> "Retry". If I reload the page, I am redirected into my calendar, which >> is my default login module. >> >> No error on the apache nor sogo log files. Just nothing after the POST >> to /connect/. >> >> If I try to access the service directly, without using the proxy, I do >> not suffer this. the login process just works as it should. >> >> I know this is not an issue in SOGo, I am just asking here in case >> someone else here has suffered the same situation. >> >> Best. >> > > Hi there, > > seems like the password change form is also affected by this. > > Is there anyone here experiencing this? > > Thanks in advance. > Just for the record, if anyone suffers this, this was the one to blame: # apache security config Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure Best. -- Pablo Abelenda signature.asc Description: OpenPGP digital signature
Re: [SOGo] Retry message on login having SOGo behind a proxy
On 11/07/2016 02:04 PM, Pablo Abelenda (pabele...@igalia.com) wrote: > Hi, > > I've been using SOGo for quite a while. My setup involves an apache that > does reverse proxy to the application. > > Last week I've upgraded the proxy from apache 2.2 into apache 2.4.10. > Since then, I've hitting a little issue. Everytime I enter the login and > password on the login form the UI show up a red error message saying > "Retry". If I reload the page, I am redirected into my calendar, which > is my default login module. > > No error on the apache nor sogo log files. Just nothing after the POST > to /connect/. > > If I try to access the service directly, without using the proxy, I do > not suffer this. the login process just works as it should. > > I know this is not an issue in SOGo, I am just asking here in case > someone else here has suffered the same situation. > > Best. > Hi there, seems like the password change form is also affected by this. Is there anyone here experiencing this? Thanks in advance. -- Pablo Abelenda signature.asc Description: OpenPGP digital signature
[SOGo] Retry message on login having SOGo behind a proxy
Hi, I've been using SOGo for quite a while. My setup involves an apache that does reverse proxy to the application. Last week I've upgraded the proxy from apache 2.2 into apache 2.4.10. Since then, I've hitting a little issue. Everytime I enter the login and password on the login form the UI show up a red error message saying "Retry". If I reload the page, I am redirected into my calendar, which is my default login module. No error on the apache nor sogo log files. Just nothing after the POST to /connect/. If I try to access the service directly, without using the proxy, I do not suffer this. the login process just works as it should. I know this is not an issue in SOGo, I am just asking here in case someone else here has suffered the same situation. Best. -- Pablo Abelenda signature.asc Description: OpenPGP digital signature
Re: [SOGo] [urgent] SOGo object not found index
On 07/12/2016 05:04 PM, Christian Mack (christian.m...@uni-konstanz.de)
wrote:
> Hello
>
> Am 07.07.2016 um 09:20 schrieb Pablo Abelenda (pabele...@igalia.com):
>> Hi,
>>
>> I've been hit by this issue. My SOGo instance stopped to work. It shows
>>
>> object not found: SOGo => index
>>
>> Logs are full of:
>>
>> {{{
>> Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
>> MainUIProduct class!
>> Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
>> language: Dutch
>> [...]
>> Jul 07 09:17:26 sogod [12176]: 192.168.10.81, 192.168.10.13 "GET
>> /SOGo/index HTTP/1.1" 404 34/0 0.069 - - 912K
>> }}}
>>
>> Any clues?
>>
>
> Those "did not find locale for language..." are normal for languages not
> installed on your server.
> You can therefore ignore those.
>
> Those "did not find MainUIProduct class!" I have never seen before.
> Seems as if sogod can not access its libraries.
> Do you have SELinux enabled?
>
>
> Kind regards,
> Christian Mack
>
I finally found out what was going on.
I used to run sogo (version 2.x.x) installed from the official Debian
repositories. A couple of months ago I switched to the Inverse repos to
upgrade my deployment to the 3.x.x versions. I thought everything coming
from the Debian repos was purged long ago, but sogo-common did not, so
when I (as a routine) cleaned up the server by doing an apt-get
autoremove, sogo-common and the files belonging to it, disappeared.
Probably this files should belong to the sogo package that Inverse
provides, preventing this kind of issues, don't know what you think
about. Anyway, apt-get install sogo --reinstall, sorted things out for good.
Many thanks for the reply.
Best.
--
Pablo Abelenda
signature.asc
Description: OpenPGP digital signature
[SOGo] [urgent] SOGo object not found index
Hi,
I've been hit by this issue. My SOGo instance stopped to work. It shows
object not found: SOGo => index
Logs are full of:
{{{
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: Dutch
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: French
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: Spanish
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: Italian
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: Portuguese
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: ptBR
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find
MainUIProduct class!
Jul 07 09:17:26 sogod [12176]: [ERROR] [we-rm] did not find locale for
language: English
Jul 07 09:17:26 sogod [12176]: 192.168.10.81, 192.168.10.13 "GET
/SOGo/index HTTP/1.1" 404 34/0 0.069 - - 912K
}}}
Any clues?
--
Pablo Abelenda
signature.asc
Description: OpenPGP digital signature
Re: [SOGo] User alias on calendar module
On 07/04/2016 01:44 PM, Christian Mack (christian.m...@uni-konstanz.de) wrote: > Am 01.07.2016 um 13:41 schrieb Pablo Abelenda (pabele...@igalia.com): >> Hi, >> >> [...] >> > > It is not clear to me, what you specify as "alias". > Is that an alternate email address? > Then MailFieldNames is your friend. > This is exactly what I wanted! Re-reading my initial report, it was not very clear indeed, sorry about that, and many thanks for the quick and nice answer. > Or it is some descriptive name of you user? > Then use SearchFieldNames. > This was also useful on other regards, so many thanks again :-) > > Kind regards, > Christian Mack > Saludos! -- Pablo Abelenda signature.asc Description: OpenPGP digital signature
[SOGo] User alias on calendar module
Hi, We are trying SOGo as a calendar solution so the web mail module is disabled. A lot of the users manage all the appointments and tasks using Thunderbird/Icedove. Using this tools, they are allowed to invite people using the canonical name but also the aliases. The thing is that, if they use the alias, the appointments are not created, for obvious reasons. Is there any way to setup an alias field on the SOGoUserSources definition? If not, let me know, as it is quite nice thing to have, and I will fill a request for that. Thanks in advance for the guidance and help. -- Pablo Abelenda signature.asc Description: OpenPGP digital signature
