Re: [SOGo] FreeBSD port - LDAP authentication
Hi Paul, here's a few hints: 2013-06-26 16:30:54.652 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM 2013-06-26 16:30:54.653 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter ��N for attrs �OM 2013-06-26 16:30:54.656 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM Don't mind those, the ldap debugging code in SOPE doesn't work too well as you can see. Jun 26 16:30:54 sogod [68616]: 0x09DF6EC8[SOGoUserFolder]:sogo baseURL: name=sogo (container=SOGo) container: /SOGo -- http://team.atlantisservices.net/SOGo/so/sogo/Mail/view own: /SOGo/so/sogo Jun 26 16:30:54 sogod [68616]: 0x0x80c171568[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 2013-06-26 16:30:54.727 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM 2013-06-26 16:30:54.729 sogod[68616] WARNING: IMAP4 connection pooling is disabled! Jun 26 16:31:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid 68616 has been hanging in the same request for 1 minutes Jun 26 16:32:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid 68616 has been hanging in the same request for 2 minutes From this, I would say that the LDAP requests worked, but that SOGo is somehow waiting for the imap server. One thing you could do is looking at the LDAP queries to make sure that they return the expected results. You can do this by either dumpimg the ldap traffic using tcpdump/wireshark, or by enabling query logging on the LDAP side (olcLogLevel: stats). Is there any relevant information in the imap server logs? You could also try to dump the imap traffic to see what is going on. You could also attach to the hanging process using a process tracer (ktrace, truss) and see which system call it is blocking on. If the process blocks while doing operations on a filedescriptor, you'll need to use lsof to map the fd the a real file (or socket). -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
From: Jean Raby jr...@inverse.ca
To: users@sogo.nu
Sent: Thursday, June 27, 2013 9:03 AM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
snip
Thanks on that the debug info being interesting :-)
Jun 26 16:30:54 sogod [68616]: 0x09DF6EC8[SOGoUserFolder]:sogo baseURL:
name=sogo (container=SOGo)
container: /SOGo -- http://team.atlantisservices.net/SOGo/so/sogo/Mail/view
own: /SOGo/so/sogo
Jun 26 16:30:54 sogod [68616]: 0x0x80c171568[NGLdapConnection] Using
ldap_initialize for LDAP URL: ldap://LDAP IP:389
2013-06-26 16:30:54.727 sogod[68616] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter
��N for attrs �OM
2013-06-26 16:30:54.729 sogod[68616] WARNING: IMAP4 connection pooling is
disabled!
Jun 26 16:31:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid
68616 has been hanging in the same request for 1 minutes
Jun 26 16:32:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid
68616 has been hanging in the same request for 2 minutes
From this, I would say that the LDAP requests worked, but that SOGo is somehow
waiting for the imap server. One thing you could do is looking at the LDAP
queries to make sure that they return the expected results. You can do this by
either dumpimg the ldap traffic using tcpdump/wireshark, or by enabling query
logging on the LDAP side (olcLogLevel: stats).
Is there any relevant information in the imap server logs? You could also try
to dump the imap traffic to see what is going on.
You could also attach to the hanging process using a process tracer (ktrace,
truss) and see which system call it is blocking on. If the process blocks while
doing operations on a filedescriptor, you'll need to use lsof to map the fd the
a real file (or socket).
My answer:
This was very interesting advice. It yielded some interesting stuff once I
restart all my processes. (Sogod and apache)
I tried to login on the web interface which now magically works... (*shrug*)
I'm trying to login with a uid of a record under the ldap container:
ou=people,dc=company,dc=com
The cn=John Smith,ou=people,dc=company,dc=com is not being found when I try to
enter the uid attribute of jsmith.
When I attempt that login with that uid password, it tries to login/retrieve
uid=jsmith,ou=people,dc=company,dc=com, and that fails.
However, when I attempt to login with John Smith, it does all the proper
things with LDAP and there is activity on dovecot that says it doesn't
recognize that uid.
So, below is my relevant section of LDAP in the sogo.conf file.
I would like to know what I need to modify in the CNFieldName, IDFieldName,
UIDFieldName, to be able to login with the uid attribute of jsmith who has a cn
of:
cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a
container of uid. Uid is attribute of the CN)
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = cn;
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
IMAPHostFieldName = ;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
I believe this is a major step in getting this work.
P.--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
OMG!
That was it I put that in, I restarted the server and everything is
working.
It instantly retrieved my e-mail and the entire web interface is working...
THANK YOU, JEAN!
P.
From: Jean Raby jr...@inverse.ca
To: users@sogo.nu
Sent: Thursday, June 27, 2013 4:31 PM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
On 13-06-27 3:57 PM, Paul Pathiakis wrote:
cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a
container of uid. Uid is attribute of the CN)
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = cn;
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
IMAPHostFieldName = ;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
I believe this is a major step in getting this work.
You need to use indirect binds:
bindFields = (cn, uid);
Something like that:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
bindFields = (cn, uid);
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
For more info, see page 19 of the configuration guide.
--
users@sogo.nu
https://inverse.ca/sogo/lists--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
Paul, I'm also interested in running SOGo on FreeBSD. Right now I've already
got Dovecot/OpenLDAP/PostgreSQL install in FreeBSD (9.1) jails and have the
SOGo web half running in a CentOS VirtualBox on top of FreeBSD.
But, moving that part over to a FreeBSD jail would be awesome. Would you by
chance be willing to detail the steps and if any complicated things here on the
list? I'd be happy to take it and setup a test environment then write up some
complete documentation on my wiki for everybody. Maybe it's pretty straight
forward but I just haven't tried the SOGo web interface part yet and since you
have done it... :)
On Thursday, June 27, 2013 04:51 PM CDT, Paul Pathiakis pathia...@yahoo.com
wrote:
OMG!
That was it I put that in, I restarted the server and everything is
working.
It instantly retrieved my e-mail and the entire web interface is working...
THANK YOU, JEAN!
P.
From: Jean Raby jr...@inverse.ca
To: users@sogo.nu
Sent: Thursday, June 27, 2013 4:31 PM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
On 13-06-27 3:57 PM, Paul Pathiakis wrote:
cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a
container of uid. Uid is attribute of the CN)
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = cn;
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
IMAPHostFieldName = ;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
I believe this is a major step in getting this work.
You need to use indirect binds:
bindFields = (cn, uid);
Something like that:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
bindFields = (cn, uid);
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
For more info, see page 19 of the configuration guide.
--
users@sogo.nu
https://inverse.ca/sogo/lists--
users@sogo.nu
https://inverse.ca/sogo/lists
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
Bruce,
Jim Riggs (I think) is creating a FreeBSD port. My efforts are just to try and
help him round out his port.
I believe all it really it needs is to be more turn key (aka a port that you
change a few variables in the config, turn it on in the rc.conf file and it
'just works' like all things FreeBSD.) by having some de facto config files and
to correct some path issues as Jim has done a solid cut so far.
I'm more than happy to post a synopsis on going through this.
I would ask that once complete, you post your document on the FreeBSD site.
That way, people won't have to search far. (I can't tell you how much I'm
starting to hate search engines giving me waaay too much irrelevant information
or none at all) Consolidating things in one location will help people who come
after us immensely.
(BTW, there's already a couple of threads that I've created on this list about
the configuration issues I've had until we get such an article written.)
I expect to have the configuration and functionality issues solved soon as the
people on the SOGo list are very knowledgeable about the product and this is,
by far, the most well-engineered and functional Exchange replacement that I've
come across. (Nothing like the issues I had with Zimbra where they don't
understand that hard-coding platform dependencies/paths is never a good thing
and /opt was created for OS extending optional software, not a catch all for
3rd party software. The only thing worse would be to just put it in the OS
directories.)
Sorry, I'm ranting... :-P Anyhow, I'll post some of my configuration files and
the like probably after this weekend. (I have lots to do through Monday.)
Peace to you and thanks to everyone that's been helping me to limp along with
this,
P.
From: Bruce Marriner bruce+s...@bmts.us
To: Paul Pathiakis pathia...@yahoo.com
Cc: users@sogo.nu users@sogo.nu
Sent: Thursday, June 27, 2013 10:33 PM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
Paul, I'm also interested in running SOGo on FreeBSD. Right now I've already
got Dovecot/OpenLDAP/PostgreSQL install in FreeBSD (9.1) jails and have the
SOGo web half running in a CentOS VirtualBox on top of FreeBSD.
But, moving that part over to a FreeBSD jail would be awesome. Would you by
chance be willing to detail the steps and if any complicated things here on the
list? I'd be happy to take it and setup a test environment then write up some
complete documentation on my wiki for everybody. Maybe it's pretty straight
forward but I just haven't tried the SOGo web interface part yet and since you
have done it... :)
On Thursday, June 27, 2013 04:51 PM CDT, Paul Pathiakis pathia...@yahoo.com
wrote:
OMG!
That was it I put that in, I restarted the server and everything is
working.
It instantly retrieved my e-mail and the entire web interface is working...
THANK YOU, JEAN!
P.
From: Jean Raby jr...@inverse.ca
To: users@sogo.nu
Sent: Thursday, June 27, 2013 4:31 PM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
On 13-06-27 3:57 PM, Paul Pathiakis wrote:
cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a
container of uid. Uid is attribute of the CN)
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = cn;
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
IMAPHostFieldName = ;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
I believe this is a major step in getting this work.
You need to use indirect binds:
bindFields = (cn, uid);
Something like that:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
bindFields = (cn, uid);
baseDN = ou=people,dc=company,dc=com;
bindDN = cn=sogo,ou=people,dc=company,dc=com;
bindPassword = qwerty;
canAuthenticate = YES;
displayName = Shared Addresses;
hostname = ldap://LDAP Server IP:389;
id = public;
isAddressBook = YES;
}
);
For more info, see page 19 of the configuration guide.
--
users@sogo.nu
https://inverse.ca/sogo/lists--
users@sogo.nu
https://inverse.ca/sogo/lists--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
Good day, Well, I'm back on this after a reinstall to see how things are looking. Here's the nice thing so far SOGo installed. I've got it working with PGSQL I believe I have it working with OpenLDAP with exceptions. Versions that we are playing with here: FreeBSD 9.1 RELEASE apache22-2.2.24 memcached-1.4.15 nss_ldap-1.265_7 openldap-client-2.4.35 pam_ldap-1.8.6_2 postgresql-client-9.2.4 sogo-2.0.5 sope-2.0.5 Sogo starts and runs Apache starts and runs Memcached starts and runs Anonymous ldap binding seems to run fine and I can grab a uid in the subtree. My LDAP server has a configuration like: dc=company,dc=com ou=people,dc=company,dc=com When I start up sogo, I get the following in the /var/log/sogo/sogo.log: Jun 26 16:06:03 sogod [67881]: version 2.0.5 (build r...@.company.com 201306251909) -- starting Jun 26 16:06:03 sogod [67881]: vmem size check enabled: shutting down app when vmem 384 MB Jun 26 16:06:03 sogod [67881]: 0x0x8087b5988[SOGoProductLoader] SOGo products loaded from '/usr/local/GNUstep/Local/Library/SOGo': Jun 26 16:06:03 sogod [67881]: 0x0x8087b5988[SOGoProductLoader] MailPartViewers.SOGo, ContactsUI.SOGo, Mailer.SOGo, Appointments.SOGo, MainUI.SOGo, CommonUI.SOGo, SchedulerUI.SOGo, AdministrationUI.SOGo, PreferencesUI.SOGo, Contacts.SOGo, MailerUI.SOGo Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] listening on *:2 Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] watchdog process pid: 67881 Jun 26 16:06:03 sogod [67881]: 0x0x801c3bb60[WOWatchDogChild] watchdog request timeout set to 10 minutes Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] preparing 1 children Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] child spawned with pid 67882 2013-06-26 16:06:03.695 sogod[67882] PostgreSQL72 connection established: 0x0x809cf20a8[PGConnection]: connection=0x0x809d7c000 2013-06-26 16:06:03.695 sogod[67882] PostgreSQL72 channel 0x0x809cba048 opened (connection=0x0x809cf20a8[PGConnection]: connection=0x0x809d7c000) 2013-06-26 16:06:03.695 sogod[67882] PG0x0x809cba048 SQL: SELECT count(*) FROM sogo_user_profile 2013-06-26 16:06:03.696 sogod[67882] PG0x0x809cba048 SQL: SELECT count(*) FROM sogo_folder_info 2013-06-26 16:06:03.698 sogod[67882] PG0x0x809cba048 SQL: SELECT count(*) FROM sogo_sessions_folder H... looks fine in that we're connecting to PostGreSQL and everything checks out on the PGSQL side. A simple web server test on the machine, retries the It Works! on the home page. Attempting to go to the http://www.company.com/SOGo page I get the following in the sogo log: 2013-06-26 16:30:54.616 sogod[68616] Note: Using UTF-8 as URL encoding in NGExtensions. Jun 26 16:30:54 sogod [68616]: |SOGo| starting method 'GET' on uri '/SOGo/' Jun 26 16:30:54 sogod [68616]: 0x0x809df6d38[SOGoCache] Cache cleanup interval set every 300.00 seconds Jun 26 16:30:54 sogod [68616]: 0x0x809df6d38[SOGoCache] Using host(s) 'localhost' as server(s) 2013-06-26 16:30:54.618 sogod[68616] PG0x0x809cba048 SQL: BEGIN TRANSACTION 2013-06-26 16:30:54.619 sogod[68616] PG0x0x809cba048 SQL: SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM sogo_sessions_folder t1 WHERE t1.c_id='OtUy2L39/oh7u6ije6m1xA==' 2013-06-26 16:30:54.620 sogod[68616] PG0x0x809cba048 SQL: ROLLBACK TRANSACTION 2013-06-26 16:30:54.623 sogod[68616] PostgreSQL72 connection established: 0x0x809d6fc88[PGConnection]: connection=0x0x809d80c00 2013-06-26 16:30:54.623 sogod[68616] PostgreSQL72 channel 0x0x809d04848 opened (connection=0x0x809d6fc88[PGConnection]: connection=0x0x809d80c00) 2013-06-26 16:30:54.623 sogod[68616] PG0x0x809d04848 SQL: BEGIN TRANSACTION 2013-06-26 16:30:54.623 sogod[68616] PG0x0x809d04848 SQL: SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM sogo_sessions_folder t1 WHERE t1.c_id='OtUy2L39/oh7u6ije6m1xA==' 2013-06-26 16:30:54.624 sogod[68616] PG0x0x809d04848 SQL: ROLLBACK TRANSACTION 2013-06-26 16:30:54.624 sogod[68616] PG0x0x809cba048 SQL: BEGIN TRANSACTION 2013-06-26 16:30:54.624 sogod[68616] PG0x0x809cba048 SQL: UPDATE sogo_sessions_folder SET c_value = 'RHtwGoSxIq0lcvmfWdP6FXwvWMu1wV/IEqoBSkoK13hTtXPg8+COyTrMIY5xgcvIitCGUCmfDQ5KK+IXySFijtt/7j9EvJMYEm1oapBHU79u/IsrdAu5F8hHGEAl54uZkqCAKHmymjQIXaMo3UZYjkoonmaIcIXRpo07RmUhz4+UOf+SV9Pm8GSnaiekMoPsW7muqzEfJiplmsge+VGZEg==', c_lastseen = 1372278654, c_creationdate = 1372274587, c_id = 'OtUy2L39/oh7u6ije6m1xA==' WHERE c_id='OtUy2L39/oh7u6ije6m1xA==' 2013-06-26 16:30:54.625 sogod[68616] PG0x0x809cba048 SQL: COMMIT TRANSACTION Jun 26 16:30:54 sogod [68616]: 0x0x809e303d8[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 2013-06-26 16:30:54.651 sogod[68616] Note(SoObject): SoDebugKeyLookup is enabled! 2013-06-26 16:30:54.651 sogod[68616] Note(SoObject): SoDebugBaseURL is enabled! 2013-06-26 16:30:54.651 sogod[68616] Note(SoObject): relative base URLs are enabled. Jun 26 16:30:54 sogod [68616]: 0x0x809e9f2e8[NGLdapConnection]
Re: [SOGo] FreeBSD port - LDAP authentication
Hello pathiaki
Am 2013-05-08 23:20, schrieb pathia...@yahoo.com:
Well, we made it through the first hurdle in the thread Installation and
Configuration.
Again, the setup:
FreeBSD 9.1
LDAP 2.4.35
PostGreSQL 9.2
SOGO 2.0.5
(All the services are on separate machines)
Here's the second one concerning LDAP authentication.
It doesn't seem to want to bind.
I can bind anonymously with the pam_ldap service and with the sogo user from
the command line to the remote ldap service. However, when trying to login
from the SOGO Web GUI, I get the 'Wrong User Name or Password error.
The sogo log file has:
...
May 08 16:59:48 sogod [6910]: 0x0x809dd61f8[NGLdapConnection] Using
ldap_initialize for LDAP URL: ldap://LDAP IP:389
May 08 16:59:48 sogod [6910]: 0x0x809ed8b88[LDAPSource] NSException:
0x809dd10d8 NAME:LDAPException REASON:operation bind failed: Invalid
credentials (0x31) INFO:{login = cn=sogo,ou=people,dc=example,dc=com; }
May 08 16:59:48 sogod [6910]: SOGoRootPage Login from 'desktop IP' for user
'sogo' might not have worked - password policy: 65535 grace: -1 expire: -1
bound: 0
...
I have had the sogo user in the ou of both my standard ou=people,
dc=example,dc=com and ou=users,dc=example,dc=com. They both failed in the
same
way. I have verified the 'sogo' password repeatedly.
I have created a local sogo user with the same UID/GID to verify that it has
some idea of the sogo user without having to query LDAP. I have verified that
its password is 'sogo' as well, although this should not matter
I have had the bind password in the sogo.conf file with and without double
quotes surrounding it.What is it supposed to be? I've seen both in
people's
configuration files.
Better use double quotes around it.
It will work without them, if you don't special characters in the password.
...
/* LDAP authentication example */
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=cn;
baseDN=ou=people,dc=example,dc=com;
bindDN=cn=sogo,ou=users,dc=example,dc=com;
bindPassword=sogo;
canAuthenticate=YES;
displayName=Shared Addresses;
hostname=ldap://LDAP IP:389;
id=public;
isAddressBook=YES;
}
);
You specify in this part of the configuration, that SOGo shall always
bind as cn=sogo,ou=users,dc=example,dc=com and search for the user
given on the login.
Does that user have the necessary privileges for that in LDAP?
Your tests only showed, that you can bind as that user.
But if you can't search for users, then this will be for SOGo as if the
searched user is not in LDAP at all.
That's just a guess though.
Kind regards,
Christian Mack
--
Christian Mack
Gruppe Informationsdienste
Rechenzentrum Universität Konstanz
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
I can bind anonymously with the pam_ldap service and with the sogo user from
the command line to the remote ldap service. However, when trying to login
from the SOGO Web GUI, I get the 'Wrong User Name or Password error.
The sogo log file has:
May 08 16:59:48 sogod [6910]: 0x0x809dd61f8[NGLdapConnection] Using
ldap_initialize for LDAP URL: ldap://LDAP IP:389
May 08 16:59:48 sogod [6910]: 0x0x809ed8b88[LDAPSource] NSException:
0x809dd10d8 NAME:LDAPException REASON:operation bind failed: Invalid
credentials (0x31) INFO:{login = cn=sogo,ou=people,dc=example,dc=com; }
May 08 16:59:48 sogod [6910]: SOGoRootPage Login from 'desktop IP' for user
'sogo' might not have worked - password policy: 65535 grace: -1 expire: -1
bound: 0
May 08 16:59:48 sogod [6910]: |SOGo| request took 0.018914 seconds to execute
DESKTOP IP - - [08/May/2013:16:59:48 GMT] POST /SOGo/connect HTTP/1.1 403
34/56 0.021 - - -
Can you post the logs of these connections from the openldap side?
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
- - -
May 09 09:41:58 sogod [58117]: |SOGo| starting method 'GET' on uri
'/SOGo/sogo/view'
Wow... No SERVER FAIL errors!!! Yay!!! (Kicks down this door quickly
runs to the next.)
P.
From: Paul Pathiakis pathia...@yahoo.com
To: users@sogo.nu users@sogo.nu
Sent: Thursday, May 9, 2013 10:08 AM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
The next issue that I've run into about LDAP
Since I use the ou=people instead of users, there's some issues.
1) Always put the sogo in the ou where your users live in my case:
ou=people,cn=example,cn=com. The reason for this is that SOGo seems to get
confused when doing it's binding/lookups.
2) Always make sure your sogo.conf parameters reflect this and you understand
the 'why?' of LDAP and entry searching.
As shown below, mine looked like this:
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=cn;
baseDN=ou=people,dc=example,dc=com;
bindDN=cn=sogo,ou=users,dc=example,dc=com;
bindPassword=sogo;
canAuthenticate=YES;
displayName=Shared Addresses;
hostname=ldap://LDAP IP:389;
id=public;
isAddressBook=YES;
}
);
It now looks like this: (Why? Well, due to something that may be in the
parsing code, I found that baseDN and bindDN seems to have an issue as to where
the user lives. It seems that the ou of people and users were unexpectedly
(probably due to my stupidity) searched in the wrong location. Also, I noticed
that my UIDFieldName was set to cn and not uid. Also, when SOGo went to look
for the *FieldName variables, it went looking in the ou=users container (at
least it seemed so in the logs) and not the ou=people container. - solution was
to make sure that the sogo was in the ou=people so that everything was
checked/verified/looked up in the right
ou.)
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=uid;
baseDN=ou=people,dc=example,dc=com;
bindDN=cn=sogo,ou=people,dc=example,dc=com;
bindPassword=sogo;
canAuthenticate=YES;
displayName=Shared Addresses;
hostname=ldap://LDAP IP:389;
id=public;
isAddressBook=YES;
}
);
I have, finally, gotten by the LDAP authentication issue of the 'sogo' account
binding to the LDAP server.
(Door opens and we go through... :-) )
P.
--
users@sogo.nu
https://inverse.ca/sogo/lists
