Re: [SOGo] LDAP problems

2013-08-28 Thread Christian Rößner 
 nside the any of usersources array you can define the searchfileds. eg.:
 
SearchFieldNames = (
sn,
givenName,
sAMAccountName,
mail,
displayName,
title
);


Thank you! I have added a modified version to my configuration and it works :)

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [SOGo] LDAP problems

2013-08-28 Thread Christian Rößner 
 What's the content of the ldaprc file?
 Do you have the same in /etc/ldap/ldap.conf? (wherever it is on your system)

:) That solved the problem. I only had placed TLS_CACERT into /root/.ldaprc and 
not the system wide file. Thanks very much!

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein



signature.asc
Description: Message signed with OpenPGP using GPGMail

[SOGo] LDAP problems

2013-08-27 Thread Christian Rößner 
Hi,

I have a running SOGo installation under Ubuntu 12.04.3 LTS. Version 2.0.7-1

I have an external LDAP server, where we have hundreds of contacts stored and I 
wanted to integrate this into SOGo. Therefor I added a second LDAP instance to 
/etc/sogo/sogo.conf.

The first block is from the main SOGo server and the second block is the 
external server:

SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
IMAPLoginFieldName = mail;
KindFieldName = Kind;
MailFieldNames = (
mail
);
MultipleBookingsFieldName = Multiplebookings;
UIDFieldName = mail;
baseDN = ou=people,dc=deltaweb,dc=de;
bindAsCurrentUser = NO;
bindDN = cn=proxyuser,dc=deltaweb,dc=de;
bindFields = (
mail
);
bindPassword = ***;
canAuthenticate = YES;
displayName = Gemeinsame Adressen;
hostname = localhost;
id = LDAP;
isAddressBook = YES;
port = 389;
scope = SUB;
type = ldap;
userPasswordAlgorithm = SSHA;
},
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = ou=wl,dc=deltaweb,dc=de;
bindDN = cn=proxyuser,dc=deltaweb,dc=de;
bindPassword = ***;
canAuthenticate = NO;
displayName = Privatkunden Adressen;
hostname = bordergw.deltaweb.de;
id = LDAP2;
isAddressBook = YES;
encryption = STARTTLS;
port = 389;
scope = SUB;
type = ldap;
}
);

Users can login and they can see the global address book Privatkunden 
Adressen. But searching does not succeed.

Aug 27 18:50:07 sogod [19791]: [ERROR] 0x0x7f2526818480[LDAPSource] Could not 
bind to the LDAP server bordergw.deltaweb.de (389) using the bind DN: 
cn=proxyuser,dc=deltaweb,dc=de
Aug 27 18:50:07 sogod [19791]: [ERROR] 0x0x7f2526818480[LDAPSource] 
NSException: 0x7f252697a1d0 NAME:LDAPException REASON:operation startTLS 
failed: Connect error (0xFFF5) INFO:(null)

Trying to contact the LDAP server directly from the command line:

ldapsearch -ZZ -h bordergw.deltaweb.de -xWD cn=proxyuser,dc=deltaweb,dc=de -b 
ou=wl,dc=deltaweb,dc=de

Works perfectly.

So at the moment I do not know where to look for the mistake I did. The LDAP 
server certificate is brand new (CAcert). The CA is also included into 
/etc/ssl/certs/ca-certificates.crt, so I guess SOGo should have a chance to 
validate the server certificate. At least ldapsearch with a valid ldaprc works.

Any suggestions here? Would be so cool, if that worked :)

Kind regards

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: [SOGo] LDAP problems

2013-08-27 Thread Jean Raby 

On 13-08-27 1:43 PM, Christian Rößner wrote:

Aug 27 18:50:07 sogod [19791]: [ERROR] 0x0x7f2526818480[LDAPSource] Could not 
bind to the LDAP server bordergw.deltaweb.de (389) using the bind DN: 
cn=proxyuser,dc=deltaweb,dc=de
Aug 27 18:50:07 sogod [19791]: [ERROR] 0x0x7f2526818480[LDAPSource] 
NSException: 0x7f252697a1d0 NAME:LDAPException REASON:operation startTLS failed: 
Connect error (0xFFF5) INFO:(null)


This looks like a certificate error.


Trying to contact the LDAP server directly from the command line:

ldapsearch -ZZ -h bordergw.deltaweb.de -xWD cn=proxyuser,dc=deltaweb,dc=de -b 
ou=wl,dc=deltaweb,dc=de

Works perfectly.

So at the moment I do not know where to look for the mistake I did. The LDAP server 
certificate is brand new (CAcert). The CA is also included into 
/etc/ssl/certs/ca-certificates.crt, so I guess SOGo should have a chance to 
validate the server certificate. At least ldapsearch with a valid ldaprc works.

What's the content of the ldaprc file?
Do you have the same in /etc/ldap/ldap.conf? (wherever it is on your system)

TLS_CACERT should be set to /etc/ssl/certs/ca-certificates.crt. Just for fun, 
can you set TLS_REQCERT=never in the global ldap.conf and see if the connection 
works?




Any suggestions here? Would be so cool, if that worked


--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] LDAP problems

2013-08-27 Thread Szládovics Péter 

2013-08-27 19:43 keltezéssel, Christian Rößner írta:

Hi,

I have a running SOGo installation under Ubuntu 12.04.3 LTS. Version 2.0.7-1

I have an external LDAP server, where we have hundreds of contacts stored and I 
wanted to integrate this into SOGo. Therefor I added a second LDAP instance to 
/etc/sogo/sogo.conf.

The first block is from the main SOGo server and the second block is the 
external server:

 SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
IMAPLoginFieldName = mail;
KindFieldName = Kind;
MailFieldNames = (
mail
);
MultipleBookingsFieldName = Multiplebookings;
UIDFieldName = mail;
baseDN = ou=people,dc=deltaweb,dc=de;
bindAsCurrentUser = NO;
bindDN = cn=proxyuser,dc=deltaweb,dc=de;
bindFields = (
mail
);
bindPassword = ***;
canAuthenticate = YES;
displayName = Gemeinsame Adressen;
hostname = localhost;
id = LDAP;
isAddressBook = YES;
port = 389;
scope = SUB;
type = ldap;
userPasswordAlgorithm = SSHA;
},
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = ou=wl,dc=deltaweb,dc=de;
bindDN = cn=proxyuser,dc=deltaweb,dc=de;
bindPassword = ***;
canAuthenticate = NO;
displayName = Privatkunden Adressen;
hostname = bordergw.deltaweb.de;
id = LDAP2;
isAddressBook = YES;
encryption = STARTTLS;
port = 389;
scope = SUB;
type = ldap;
}
 );

Users can login and they can see the global address book Privatkunden 
Adressen. But searching does not succeed.


Jean answered the second part of your mail, I'll try to answer the first 
part. :)


Inside the any of usersources array you can define the searchfileds. eg.:

SearchFieldNames = (
sn,
givenName,
sAMAccountName,
mail,
displayName,
title
);

Could you try this?
--
users@sogo.nu
https://inverse.ca/sogo/lists