[SOGo] Issues upon 4.0.8 upgrade

Mon, 19 Aug 2019 03:45:31 -0700 

Hello,

We recently upgraded our SOGo installation from 4.0.0 to 4.0.8, and the
hosting server from Debian stretch to buster.

SOGo has an Apache-based proxy in front, and the LDAP server lives in
the same machine.

We are seeing some LDAP related authentication glitches since the upgrade:

    - Every now and then, people get 401 to some SOGo requests, both
from the Web UI or from caldav clients like Evolution or mobile calendar
apps
    - SOGo complaints about not been able to contact the server, but the
server is fully functional, listening on the ports should listen, and
authenticating correctly

Also, since the upgrade, we've noticed that there are quite a lot of
messages referring to the LDAP connections:

    Creating NGLdapConnection instance for bindDN
'uid=user,ou=people,dc=domain,dc=org'

Around 250K in the last four days, which seems to be too much for a less
than 100 users instance with around 20 active.

We've seen also the following messages. Last line is quite puzzling. We
do not know where this encoded string is coming from at all.

  https://pastebin.com/P1na4Hy8

We would appreciate if you can add some light here because we don't know
what is going on.

Thanks in advance.

Our LDAP config looks as follows:

  SOGoUserSources = (
        {
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = cn;
        IDFieldName = cn;
        SearchFieldNames = (mail, cn);
        baseDN = "ou=groups,dc=domain,dc=org";
        bindDN = "cn=admin,dc=domain,dc=org";
        bindPassword = password;
        canAuthenticate = NO;
        hostname = ldap:/:/ldap.example.org;
        id = ldaplocalgroups;
        displayName = "Groups";
        isAddressBook = YES;
        listRequiresDot = NO;
        filter = "(objectClass='groupOfUniqueNames')";
        },

        {
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = uid;
        IDFieldName = uid;
        SearchFieldNames = (uid, mail, cn, givenName, sn);
        MailFieldNames = (mail);
        baseDN = "ou=people,dc=domain,dc=org";
        bindDN = "cn=admin,dc=domain,dc=org";
        bindPassword = password;
        canAuthenticate = YES;
        hostname = ldap://ldap.example.org;
        bindAsCurrentUser = YES;
        userPasswordAlgorithm = ssha;
        id = ldaplocal;
        displayName = "People";
        isAddressBook = YES;
        listRequiresDot = NO;
        ModulesConstraints = {
            Mail = {
                nonexistentattr = TRUE;
            };
        };
        }
  );

-- 
Pablo Abelenda
Mobile: +34606539874

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to