Re: [SOGo] FreeBSD port - LDAP authentication
Hi Paul, here's a few hints: 2013-06-26 16:30:54.652 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM 2013-06-26 16:30:54.653 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter ��N for attrs �OM 2013-06-26 16:30:54.656 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM Don't mind those, the ldap debugging code in SOPE doesn't work too well as you can see. Jun 26 16:30:54 sogod [68616]: 0x09DF6EC8[SOGoUserFolder]:sogo baseURL: name=sogo (container=SOGo) container: /SOGo -- http://team.atlantisservices.net/SOGo/so/sogo/Mail/view own: /SOGo/so/sogo Jun 26 16:30:54 sogod [68616]: 0x0x80c171568[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 2013-06-26 16:30:54.727 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM 2013-06-26 16:30:54.729 sogod[68616] WARNING: IMAP4 connection pooling is disabled! Jun 26 16:31:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid 68616 has been hanging in the same request for 1 minutes Jun 26 16:32:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid 68616 has been hanging in the same request for 2 minutes From this, I would say that the LDAP requests worked, but that SOGo is somehow waiting for the imap server. One thing you could do is looking at the LDAP queries to make sure that they return the expected results. You can do this by either dumpimg the ldap traffic using tcpdump/wireshark, or by enabling query logging on the LDAP side (olcLogLevel: stats). Is there any relevant information in the imap server logs? You could also try to dump the imap traffic to see what is going on. You could also attach to the hanging process using a process tracer (ktrace, truss) and see which system call it is blocking on. If the process blocks while doing operations on a filedescriptor, you'll need to use lsof to map the fd the a real file (or socket). -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
From: Jean Raby jr...@inverse.ca To: users@sogo.nu Sent: Thursday, June 27, 2013 9:03 AM Subject: Re: [SOGo] FreeBSD port - LDAP authentication snip Thanks on that the debug info being interesting :-) Jun 26 16:30:54 sogod [68616]: 0x09DF6EC8[SOGoUserFolder]:sogo baseURL: name=sogo (container=SOGo) container: /SOGo -- http://team.atlantisservices.net/SOGo/so/sogo/Mail/view own: /SOGo/so/sogo Jun 26 16:30:54 sogod [68616]: 0x0x80c171568[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 2013-06-26 16:30:54.727 sogod[68616] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base ��N filter ��N for attrs �OM 2013-06-26 16:30:54.729 sogod[68616] WARNING: IMAP4 connection pooling is disabled! Jun 26 16:31:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid 68616 has been hanging in the same request for 1 minutes Jun 26 16:32:54 sogod [68615]: [WARN] 0x0x809cc3568[WOWatchDogChild] pid 68616 has been hanging in the same request for 2 minutes From this, I would say that the LDAP requests worked, but that SOGo is somehow waiting for the imap server. One thing you could do is looking at the LDAP queries to make sure that they return the expected results. You can do this by either dumpimg the ldap traffic using tcpdump/wireshark, or by enabling query logging on the LDAP side (olcLogLevel: stats). Is there any relevant information in the imap server logs? You could also try to dump the imap traffic to see what is going on. You could also attach to the hanging process using a process tracer (ktrace, truss) and see which system call it is blocking on. If the process blocks while doing operations on a filedescriptor, you'll need to use lsof to map the fd the a real file (or socket). My answer: This was very interesting advice. It yielded some interesting stuff once I restart all my processes. (Sogod and apache) I tried to login on the web interface which now magically works... (*shrug*) I'm trying to login with a uid of a record under the ldap container: ou=people,dc=company,dc=com The cn=John Smith,ou=people,dc=company,dc=com is not being found when I try to enter the uid attribute of jsmith. When I attempt that login with that uid password, it tries to login/retrieve uid=jsmith,ou=people,dc=company,dc=com, and that fails. However, when I attempt to login with John Smith, it does all the proper things with LDAP and there is activity on dovecot that says it doesn't recognize that uid. So, below is my relevant section of LDAP in the sogo.conf file. I would like to know what I need to modify in the CNFieldName, IDFieldName, UIDFieldName, to be able to login with the uid attribute of jsmith who has a cn of: cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a container of uid. Uid is attribute of the CN) SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = cn; baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; IMAPHostFieldName = ; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); I believe this is a major step in getting this work. P.-- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
OMG! That was it I put that in, I restarted the server and everything is working. It instantly retrieved my e-mail and the entire web interface is working... THANK YOU, JEAN! P. From: Jean Raby jr...@inverse.ca To: users@sogo.nu Sent: Thursday, June 27, 2013 4:31 PM Subject: Re: [SOGo] FreeBSD port - LDAP authentication On 13-06-27 3:57 PM, Paul Pathiakis wrote: cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a container of uid. Uid is attribute of the CN) SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = cn; baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; IMAPHostFieldName = ; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); I believe this is a major step in getting this work. You need to use indirect binds: bindFields = (cn, uid); Something like that: SOGoUserSources = ( { type = ldap; CNFieldName = cn; UIDFieldName = uid; bindFields = (cn, uid); baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); For more info, see page 19 of the configuration guide. -- users@sogo.nu https://inverse.ca/sogo/lists-- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
Paul, I'm also interested in running SOGo on FreeBSD. Right now I've already got Dovecot/OpenLDAP/PostgreSQL install in FreeBSD (9.1) jails and have the SOGo web half running in a CentOS VirtualBox on top of FreeBSD. But, moving that part over to a FreeBSD jail would be awesome. Would you by chance be willing to detail the steps and if any complicated things here on the list? I'd be happy to take it and setup a test environment then write up some complete documentation on my wiki for everybody. Maybe it's pretty straight forward but I just haven't tried the SOGo web interface part yet and since you have done it... :) On Thursday, June 27, 2013 04:51 PM CDT, Paul Pathiakis pathia...@yahoo.com wrote: OMG! That was it I put that in, I restarted the server and everything is working. It instantly retrieved my e-mail and the entire web interface is working... THANK YOU, JEAN! P. From: Jean Raby jr...@inverse.ca To: users@sogo.nu Sent: Thursday, June 27, 2013 4:31 PM Subject: Re: [SOGo] FreeBSD port - LDAP authentication On 13-06-27 3:57 PM, Paul Pathiakis wrote: cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a container of uid. Uid is attribute of the CN) SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = cn; baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; IMAPHostFieldName = ; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); I believe this is a major step in getting this work. You need to use indirect binds: bindFields = (cn, uid); Something like that: SOGoUserSources = ( { type = ldap; CNFieldName = cn; UIDFieldName = uid; bindFields = (cn, uid); baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); For more info, see page 19 of the configuration guide. -- users@sogo.nu https://inverse.ca/sogo/lists-- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
Bruce, Jim Riggs (I think) is creating a FreeBSD port. My efforts are just to try and help him round out his port. I believe all it really it needs is to be more turn key (aka a port that you change a few variables in the config, turn it on in the rc.conf file and it 'just works' like all things FreeBSD.) by having some de facto config files and to correct some path issues as Jim has done a solid cut so far. I'm more than happy to post a synopsis on going through this. I would ask that once complete, you post your document on the FreeBSD site. That way, people won't have to search far. (I can't tell you how much I'm starting to hate search engines giving me waaay too much irrelevant information or none at all) Consolidating things in one location will help people who come after us immensely. (BTW, there's already a couple of threads that I've created on this list about the configuration issues I've had until we get such an article written.) I expect to have the configuration and functionality issues solved soon as the people on the SOGo list are very knowledgeable about the product and this is, by far, the most well-engineered and functional Exchange replacement that I've come across. (Nothing like the issues I had with Zimbra where they don't understand that hard-coding platform dependencies/paths is never a good thing and /opt was created for OS extending optional software, not a catch all for 3rd party software. The only thing worse would be to just put it in the OS directories.) Sorry, I'm ranting... :-P Anyhow, I'll post some of my configuration files and the like probably after this weekend. (I have lots to do through Monday.) Peace to you and thanks to everyone that's been helping me to limp along with this, P. From: Bruce Marriner bruce+s...@bmts.us To: Paul Pathiakis pathia...@yahoo.com Cc: users@sogo.nu users@sogo.nu Sent: Thursday, June 27, 2013 10:33 PM Subject: Re: [SOGo] FreeBSD port - LDAP authentication Paul, I'm also interested in running SOGo on FreeBSD. Right now I've already got Dovecot/OpenLDAP/PostgreSQL install in FreeBSD (9.1) jails and have the SOGo web half running in a CentOS VirtualBox on top of FreeBSD. But, moving that part over to a FreeBSD jail would be awesome. Would you by chance be willing to detail the steps and if any complicated things here on the list? I'd be happy to take it and setup a test environment then write up some complete documentation on my wiki for everybody. Maybe it's pretty straight forward but I just haven't tried the SOGo web interface part yet and since you have done it... :) On Thursday, June 27, 2013 04:51 PM CDT, Paul Pathiakis pathia...@yahoo.com wrote: OMG! That was it I put that in, I restarted the server and everything is working. It instantly retrieved my e-mail and the entire web interface is working... THANK YOU, JEAN! P. From: Jean Raby jr...@inverse.ca To: users@sogo.nu Sent: Thursday, June 27, 2013 4:31 PM Subject: Re: [SOGo] FreeBSD port - LDAP authentication On 13-06-27 3:57 PM, Paul Pathiakis wrote: cn=John Smith,ou=people,dc=company,dc=com (Please note that I do not have a container of uid. Uid is attribute of the CN) SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = cn; baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; IMAPHostFieldName = ; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); I believe this is a major step in getting this work. You need to use indirect binds: bindFields = (cn, uid); Something like that: SOGoUserSources = ( { type = ldap; CNFieldName = cn; UIDFieldName = uid; bindFields = (cn, uid); baseDN = ou=people,dc=company,dc=com; bindDN = cn=sogo,ou=people,dc=company,dc=com; bindPassword = qwerty; canAuthenticate = YES; displayName = Shared Addresses; hostname = ldap://LDAP Server IP:389; id = public; isAddressBook = YES; } ); For more info, see page 19 of the configuration guide. -- users@sogo.nu https://inverse.ca/sogo/lists-- users@sogo.nu https://inverse.ca/sogo/lists-- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
Good day, Well, I'm back on this after a reinstall to see how things are looking. Here's the nice thing so far SOGo installed. I've got it working with PGSQL I believe I have it working with OpenLDAP with exceptions. Versions that we are playing with here: FreeBSD 9.1 RELEASE apache22-2.2.24 memcached-1.4.15 nss_ldap-1.265_7 openldap-client-2.4.35 pam_ldap-1.8.6_2 postgresql-client-9.2.4 sogo-2.0.5 sope-2.0.5 Sogo starts and runs Apache starts and runs Memcached starts and runs Anonymous ldap binding seems to run fine and I can grab a uid in the subtree. My LDAP server has a configuration like: dc=company,dc=com ou=people,dc=company,dc=com When I start up sogo, I get the following in the /var/log/sogo/sogo.log: Jun 26 16:06:03 sogod [67881]: version 2.0.5 (build r...@.company.com 201306251909) -- starting Jun 26 16:06:03 sogod [67881]: vmem size check enabled: shutting down app when vmem 384 MB Jun 26 16:06:03 sogod [67881]: 0x0x8087b5988[SOGoProductLoader] SOGo products loaded from '/usr/local/GNUstep/Local/Library/SOGo': Jun 26 16:06:03 sogod [67881]: 0x0x8087b5988[SOGoProductLoader] MailPartViewers.SOGo, ContactsUI.SOGo, Mailer.SOGo, Appointments.SOGo, MainUI.SOGo, CommonUI.SOGo, SchedulerUI.SOGo, AdministrationUI.SOGo, PreferencesUI.SOGo, Contacts.SOGo, MailerUI.SOGo Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] listening on *:2 Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] watchdog process pid: 67881 Jun 26 16:06:03 sogod [67881]: 0x0x801c3bb60[WOWatchDogChild] watchdog request timeout set to 10 minutes Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] preparing 1 children Jun 26 16:06:03 sogod [67881]: 0x0x808470438[WOWatchDog] child spawned with pid 67882 2013-06-26 16:06:03.695 sogod[67882] PostgreSQL72 connection established: 0x0x809cf20a8[PGConnection]: connection=0x0x809d7c000 2013-06-26 16:06:03.695 sogod[67882] PostgreSQL72 channel 0x0x809cba048 opened (connection=0x0x809cf20a8[PGConnection]: connection=0x0x809d7c000) 2013-06-26 16:06:03.695 sogod[67882] PG0x0x809cba048 SQL: SELECT count(*) FROM sogo_user_profile 2013-06-26 16:06:03.696 sogod[67882] PG0x0x809cba048 SQL: SELECT count(*) FROM sogo_folder_info 2013-06-26 16:06:03.698 sogod[67882] PG0x0x809cba048 SQL: SELECT count(*) FROM sogo_sessions_folder H... looks fine in that we're connecting to PostGreSQL and everything checks out on the PGSQL side. A simple web server test on the machine, retries the It Works! on the home page. Attempting to go to the http://www.company.com/SOGo page I get the following in the sogo log: 2013-06-26 16:30:54.616 sogod[68616] Note: Using UTF-8 as URL encoding in NGExtensions. Jun 26 16:30:54 sogod [68616]: |SOGo| starting method 'GET' on uri '/SOGo/' Jun 26 16:30:54 sogod [68616]: 0x0x809df6d38[SOGoCache] Cache cleanup interval set every 300.00 seconds Jun 26 16:30:54 sogod [68616]: 0x0x809df6d38[SOGoCache] Using host(s) 'localhost' as server(s) 2013-06-26 16:30:54.618 sogod[68616] PG0x0x809cba048 SQL: BEGIN TRANSACTION 2013-06-26 16:30:54.619 sogod[68616] PG0x0x809cba048 SQL: SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM sogo_sessions_folder t1 WHERE t1.c_id='OtUy2L39/oh7u6ije6m1xA==' 2013-06-26 16:30:54.620 sogod[68616] PG0x0x809cba048 SQL: ROLLBACK TRANSACTION 2013-06-26 16:30:54.623 sogod[68616] PostgreSQL72 connection established: 0x0x809d6fc88[PGConnection]: connection=0x0x809d80c00 2013-06-26 16:30:54.623 sogod[68616] PostgreSQL72 channel 0x0x809d04848 opened (connection=0x0x809d6fc88[PGConnection]: connection=0x0x809d80c00) 2013-06-26 16:30:54.623 sogod[68616] PG0x0x809d04848 SQL: BEGIN TRANSACTION 2013-06-26 16:30:54.623 sogod[68616] PG0x0x809d04848 SQL: SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM sogo_sessions_folder t1 WHERE t1.c_id='OtUy2L39/oh7u6ije6m1xA==' 2013-06-26 16:30:54.624 sogod[68616] PG0x0x809d04848 SQL: ROLLBACK TRANSACTION 2013-06-26 16:30:54.624 sogod[68616] PG0x0x809cba048 SQL: BEGIN TRANSACTION 2013-06-26 16:30:54.624 sogod[68616] PG0x0x809cba048 SQL: UPDATE sogo_sessions_folder SET c_value = 'RHtwGoSxIq0lcvmfWdP6FXwvWMu1wV/IEqoBSkoK13hTtXPg8+COyTrMIY5xgcvIitCGUCmfDQ5KK+IXySFijtt/7j9EvJMYEm1oapBHU79u/IsrdAu5F8hHGEAl54uZkqCAKHmymjQIXaMo3UZYjkoonmaIcIXRpo07RmUhz4+UOf+SV9Pm8GSnaiekMoPsW7muqzEfJiplmsge+VGZEg==', c_lastseen = 1372278654, c_creationdate = 1372274587, c_id = 'OtUy2L39/oh7u6ije6m1xA==' WHERE c_id='OtUy2L39/oh7u6ije6m1xA==' 2013-06-26 16:30:54.625 sogod[68616] PG0x0x809cba048 SQL: COMMIT TRANSACTION Jun 26 16:30:54 sogod [68616]: 0x0x809e303d8[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 2013-06-26 16:30:54.651 sogod[68616] Note(SoObject): SoDebugKeyLookup is enabled! 2013-06-26 16:30:54.651 sogod[68616] Note(SoObject): SoDebugBaseURL is enabled! 2013-06-26 16:30:54.651 sogod[68616] Note(SoObject): relative base URLs are enabled. Jun 26 16:30:54 sogod [68616]: 0x0x809e9f2e8[NGLdapConnection]
Re: [SOGo] FreeBSD port - LDAP authentication
Hello pathiaki Am 2013-05-08 23:20, schrieb pathia...@yahoo.com: Well, we made it through the first hurdle in the thread Installation and Configuration. Again, the setup: FreeBSD 9.1 LDAP 2.4.35 PostGreSQL 9.2 SOGO 2.0.5 (All the services are on separate machines) Here's the second one concerning LDAP authentication. It doesn't seem to want to bind. I can bind anonymously with the pam_ldap service and with the sogo user from the command line to the remote ldap service. However, when trying to login from the SOGO Web GUI, I get the 'Wrong User Name or Password error. The sogo log file has: ... May 08 16:59:48 sogod [6910]: 0x0x809dd61f8[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 May 08 16:59:48 sogod [6910]: 0x0x809ed8b88[LDAPSource] NSException: 0x809dd10d8 NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{login = cn=sogo,ou=people,dc=example,dc=com; } May 08 16:59:48 sogod [6910]: SOGoRootPage Login from 'desktop IP' for user 'sogo' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 ... I have had the sogo user in the ou of both my standard ou=people, dc=example,dc=com and ou=users,dc=example,dc=com. They both failed in the same way. I have verified the 'sogo' password repeatedly. I have created a local sogo user with the same UID/GID to verify that it has some idea of the sogo user without having to query LDAP. I have verified that its password is 'sogo' as well, although this should not matter I have had the bind password in the sogo.conf file with and without double quotes surrounding it.What is it supposed to be? I've seen both in people's configuration files. Better use double quotes around it. It will work without them, if you don't special characters in the password. ... /* LDAP authentication example */ SOGoUserSources = ( { type=ldap; CNFieldName=cn; IDFieldName=cn; UIDFieldName=cn; baseDN=ou=people,dc=example,dc=com; bindDN=cn=sogo,ou=users,dc=example,dc=com; bindPassword=sogo; canAuthenticate=YES; displayName=Shared Addresses; hostname=ldap://LDAP IP:389; id=public; isAddressBook=YES; } ); You specify in this part of the configuration, that SOGo shall always bind as cn=sogo,ou=users,dc=example,dc=com and search for the user given on the login. Does that user have the necessary privileges for that in LDAP? Your tests only showed, that you can bind as that user. But if you can't search for users, then this will be for SOGo as if the searched user is not in LDAP at all. That's just a guess though. Kind regards, Christian Mack -- Christian Mack Gruppe Informationsdienste Rechenzentrum Universität Konstanz -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
I can bind anonymously with the pam_ldap service and with the sogo user from the command line to the remote ldap service. However, when trying to login from the SOGO Web GUI, I get the 'Wrong User Name or Password error. The sogo log file has: May 08 16:59:48 sogod [6910]: 0x0x809dd61f8[NGLdapConnection] Using ldap_initialize for LDAP URL: ldap://LDAP IP:389 May 08 16:59:48 sogod [6910]: 0x0x809ed8b88[LDAPSource] NSException: 0x809dd10d8 NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{login = cn=sogo,ou=people,dc=example,dc=com; } May 08 16:59:48 sogod [6910]: SOGoRootPage Login from 'desktop IP' for user 'sogo' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 May 08 16:59:48 sogod [6910]: |SOGo| request took 0.018914 seconds to execute DESKTOP IP - - [08/May/2013:16:59:48 GMT] POST /SOGo/connect HTTP/1.1 403 34/56 0.021 - - - Can you post the logs of these connections from the openldap side? -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] FreeBSD port - LDAP authentication
- - - May 09 09:41:58 sogod [58117]: |SOGo| starting method 'GET' on uri '/SOGo/sogo/view' Wow... No SERVER FAIL errors!!! Yay!!! (Kicks down this door quickly runs to the next.) P. From: Paul Pathiakis pathia...@yahoo.com To: users@sogo.nu users@sogo.nu Sent: Thursday, May 9, 2013 10:08 AM Subject: Re: [SOGo] FreeBSD port - LDAP authentication The next issue that I've run into about LDAP Since I use the ou=people instead of users, there's some issues. 1) Always put the sogo in the ou where your users live in my case: ou=people,cn=example,cn=com. The reason for this is that SOGo seems to get confused when doing it's binding/lookups. 2) Always make sure your sogo.conf parameters reflect this and you understand the 'why?' of LDAP and entry searching. As shown below, mine looked like this: SOGoUserSources = ( { type=ldap; CNFieldName=cn; IDFieldName=cn; UIDFieldName=cn; baseDN=ou=people,dc=example,dc=com; bindDN=cn=sogo,ou=users,dc=example,dc=com; bindPassword=sogo; canAuthenticate=YES; displayName=Shared Addresses; hostname=ldap://LDAP IP:389; id=public; isAddressBook=YES; } ); It now looks like this: (Why? Well, due to something that may be in the parsing code, I found that baseDN and bindDN seems to have an issue as to where the user lives. It seems that the ou of people and users were unexpectedly (probably due to my stupidity) searched in the wrong location. Also, I noticed that my UIDFieldName was set to cn and not uid. Also, when SOGo went to look for the *FieldName variables, it went looking in the ou=users container (at least it seemed so in the logs) and not the ou=people container. - solution was to make sure that the sogo was in the ou=people so that everything was checked/verified/looked up in the right ou.) SOGoUserSources = ( { type=ldap; CNFieldName=cn; IDFieldName=cn; UIDFieldName=uid; baseDN=ou=people,dc=example,dc=com; bindDN=cn=sogo,ou=people,dc=example,dc=com; bindPassword=sogo; canAuthenticate=YES; displayName=Shared Addresses; hostname=ldap://LDAP IP:389; id=public; isAddressBook=YES; } ); I have, finally, gotten by the LDAP authentication issue of the 'sogo' account binding to the LDAP server. (Door opens and we go through... :-) ) P. -- users@sogo.nu https://inverse.ca/sogo/lists