Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-07 Thread John Bieling



1. Issue


If I use SOGoLoginDomains, the system authenticates the user against the 
selected domain, so entering info with password of domainB but selected domainA 
will result in an wrong password error. Good.

If I do not use SOGoLoginDomains, he will try both info accounts and match it by 
the password - and sometimes messes up (log in to the wrong info account, if that 
account just logged out). Bad -> He should not allow that at all, the user must 
specify info@domainA or info@domainB to log in and the system should grab the 
domain from there! Is this a feature or a bug? Can I change that behaviour?


 I opened a bug report for this and provided a patch, locally tested 
and considered working.


http://www.sogo.nu/bugs/view.php?id=2162
--
users@sogo.nu
https://inverse.ca/sogo/lists


Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread John Bieling

Am 06.01.2013 21:18, schrieb Patrick Ben Koetter:

* Christian Rößner :

You use "exampleserver-de" for the "domain-name", and not
"exampleserver.de" why?

To be honest? I had copied an example from Patrick Ben Koetter and adopted
it to my needs :) Maybe he may say something to this aspect. But I think you
may specify whatever you like, as it seems just to be an unique name for a
block.

It's been a while I tested that. IIRC a '.' dot led to an error. I don't
recall ATM, but I recall I changed it to '-' and never looked back again. It's
a good marker to jump to in vi. ;)

p@rick



In my config (using SOGoLoginDomains-Array) that unique-block-name is 
also used at the login-screen for domain selection - and not 
SogoMailDomain - or is there a switch to enforce the usage of the value 
of SogoMailDomainfor that dropdown menu?


Sorry for the many questions..

John
--
users@sogo.nu
https://inverse.ca/sogo/lists


Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread Patrick Ben Koetter
* Christian Rößner :
> > You use "exampleserver-de" for the "domain-name", and not
> > "exampleserver.de" why?
> 
> To be honest? I had copied an example from Patrick Ben Koetter and adopted
> it to my needs :) Maybe he may say something to this aspect. But I think you
> may specify whatever you like, as it seems just to be an unique name for a
> block.

It's been a while I tested that. IIRC a '.' dot led to an error. I don't
recall ATM, but I recall I changed it to '-' and never looked back again. It's
a good marker to jump to in vi. ;)

p@rick

-- 
[*] sys4 AG
 
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
 
-- 
users@sogo.nu
https://inverse.ca/sogo/lists


Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread Christian Rößner
Hi,

>> sogod domains '{
>> "exampleserver-de" = {
>>  SOGoMailDomain = "exampleserver.de";
>>  SOGoUserSources = (
>>  {
>>  CNFieldName = cn;
>>  IDFieldname = uid;
>>  IMAPLoginFieldName = rnsMSDovecotUser;
>>  KindFieldName = Kind;
>>  MailFieldNames = (
>>  mail
>>  );
>>  MultipleBookingsFieldName = Multiplebookings;
>>  UIDFieldName = rnsMSDovecotUser;
>>  baseDN = 
>> "ou=exampleserver-de,ou=people,ou=it,dc=roessner-net,dc=de";
>>  bindAsCurrentUser = NO;
>>  bindDN = "cn=sogo,ou=people,ou=it,dc=roessner-net,dc=de";
>>  bindFields = (
>>  rnsMSRecipientAddress,
>>  uniqueIdentifier
>>  );
>>  bindPassword = ;
>>  canAuthenticate = YES;
>>  displayName = "Gemeinsame Adressen";
>>  encryption = STARTTLS;
>>  hostname = "roessner1.roessner-net.de db.roessner-net.de";
>>  id = directory2;
>>  isAddressBook = YES;
>>  port = 389;
>>  scope = SUB;
>>  type = ldap;
>>  }
>>  );
>> };
>> …


> IMAPLoginFieldName

- the field that returns the IMAP login name for the user

taken from SOGo docs (installation guide 2.0.2, page 20)

> is part of the LDAP user configuration? So each user can have his own 
> setting? How do I get this setting into the database? Is this field part of 
> the LDAP user or is it in the Postgresql database? Is there such a field also 
> for smtp?
> 
> You use "exampleserver-de" for the "domain-name", and not "exampleserver.de" 
> why?

To be honest? I had copied an example from Patrick Ben Koetter and adopted it 
to my needs :) Maybe he may say something to this aspect. But I think you may 
specify whatever you like, as it seems just to be an unique name for a block.

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread John Bieling

Am 06.01.2013 17:55, schrieb Christian Rößner:

sogod domains '{
"cvjmbonn.de" = {
SOGoDraftsFolderName = Drafts;
SOGoIMAPServer = "imap://imap.worldserver.net";
SOGoMailDomain = "cvjmbonn.de";
SOGoSMTPServer = "smtp.worldserver.net";
SOGoSentFolderName = "Sent Items";
SOGoTrashFolderName = Trash;
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users.cvjmbonn,dc=local";
bindDN = "uid=admin.cvjmbonn,ou=users.cvjmbonn,dc=local";
bindPassword = *;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = "public_cvjmbonn";
isAddressBook = YES;
port = 389;
type = ldap;
}
);

I do not see many differences to my configuration. This looks like this:

sogod domains '{
 "exampleserver-de" = {
SOGoMailDomain = "exampleserver.de";
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldname = uid;
IMAPLoginFieldName = rnsMSDovecotUser;
KindFieldName = Kind;
MailFieldNames = (
mail
);
MultipleBookingsFieldName = Multiplebookings;
UIDFieldName = rnsMSDovecotUser;
baseDN = 
"ou=exampleserver-de,ou=people,ou=it,dc=roessner-net,dc=de";
bindAsCurrentUser = NO;
bindDN = "cn=sogo,ou=people,ou=it,dc=roessner-net,dc=de";
bindFields = (
rnsMSRecipientAddress,
uniqueIdentifier
);
bindPassword = ;
canAuthenticate = YES;
displayName = "Gemeinsame Adressen";
encryption = STARTTLS;
hostname = "roessner1.roessner-net.de db.roessner-net.de";
id = directory2;
isAddressBook = YES;
port = 389;
scope = SUB;
type = ldap;
}
);
 };
…

I have no further special options. Neither to force something (IMAP) nor 
options that tell SOGo which domains can be taken for login. I have set 
IMAPLoginFieldName for each domain, which is an email address.

Sorry, if I can not really help you.

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich


Thanks for your time!

The field

IMAPLoginFieldName

is part of the LDAP user configuration? So each user can have his own setting? 
How do I get this setting into the database? Is this field part of the LDAP 
user or is it in the Postgresql database? Is there such a field also for smtp?

You use "exampleserver-de" for the "domain-name", and not "exampleserver.de" 
why?

Thanks
John

--
users@sogo.nu
https://inverse.ca/sogo/lists


Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread Christian Rößner
> sogod domains '{
>"cvjmbonn.de" = {
>SOGoDraftsFolderName = Drafts;
>SOGoIMAPServer = "imap://imap.worldserver.net";
>SOGoMailDomain = "cvjmbonn.de";
>SOGoSMTPServer = "smtp.worldserver.net";
>SOGoSentFolderName = "Sent Items";
>SOGoTrashFolderName = Trash;
>SOGoUserSources = (
>{
>CNFieldName = cn;
>IDFieldName = uid;
>UIDFieldName = uid;
>baseDN = "ou=users.cvjmbonn,dc=local";
>bindDN = "uid=admin.cvjmbonn,ou=users.cvjmbonn,dc=local";
>bindPassword = *;
>canAuthenticate = YES;
>displayName = "Shared Addresses";
>hostname = localhost;
>id = "public_cvjmbonn";
>isAddressBook = YES;
>port = 389;
>type = ldap;
>}
>);

I do not see many differences to my configuration. This looks like this:

sogod domains '{
"exampleserver-de" = {
SOGoMailDomain = "exampleserver.de";
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldname = uid;
IMAPLoginFieldName = rnsMSDovecotUser;
KindFieldName = Kind;
MailFieldNames = (
mail
);
MultipleBookingsFieldName = Multiplebookings;
UIDFieldName = rnsMSDovecotUser;
baseDN = 
"ou=exampleserver-de,ou=people,ou=it,dc=roessner-net,dc=de";
bindAsCurrentUser = NO;
bindDN = "cn=sogo,ou=people,ou=it,dc=roessner-net,dc=de";
bindFields = (
rnsMSRecipientAddress,
uniqueIdentifier
);
bindPassword = ;
canAuthenticate = YES;
displayName = "Gemeinsame Adressen";
encryption = STARTTLS;
hostname = "roessner1.roessner-net.de db.roessner-net.de";
id = directory2;
isAddressBook = YES;
port = 389;
scope = SUB;
type = ldap;
}
);
};
… 

I have no further special options. Neither to force something (IMAP) nor 
options that tell SOGo which domains can be taken for login. I have set 
IMAPLoginFieldName for each domain, which is an email address.

Sorry, if I can not really help you.

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread John Bieling

Am 06.01.2013 14:13, schrieb Christian Rößner:

I have a fresh install of SOGo 2.0.3 (Ubuntu 32Bit), and performed the setup as described 
in the official guide. The users in my LDAP directory are all without the @domain suffix. 
For example I have two users with uid "info":

uid=info,ou=users_domainA,dc=local
uid=info,ou=users_domainB,dc=local


1. Issue


If I use SOGoLoginDomains, the system authenticates the user against the 
selected domain, so entering info with password of domainB but selected domainA 
will result in an wrong password error. Good.

If I do not use SOGoLoginDomains, he will try both info accounts and match it by 
the password - and sometimes messes up (log in to the wrong info account, if that 
account just logged out). Bad -> He should not allow that at all, the user must 
specify info@domainA or info@domainB to log in and the system should grab the 
domain from there! Is this a feature or a bug? Can I change that behaviour?


2. Issue


The internal system email after login is constructed as uid@domain, but 
sometimes he forgets the @domain suffix and tries to authenticate against 
IMAP/SMTP with just the uid. I can overcome this by using 
SOGoForceIMAPLoginWithEmail , but that option is missing for SMTP.

Secondly I would like to know, why with one domain he always added the 
domain-suffix, but not for the other. Any Ideas? Am I the only one?

To "reset" my system, I drop the database and flush the memcached, could there 
be some leftover configuration somewhere else?


can you show the output of "defaults read" as user sogo with passwords removed?

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich


Sure, I orderd the output a bit for better reading

By the way, he just messed up the login even WITH SOGoLoginDomains (as 
in this config), and since I have currently SOGoForceIMAPLoginWithEmail 
enabled I could se the wrong login in the IMAP configuration popup (I 
logged in with cvjmbonn but the popup showed i...@jobisoft.de)


Very strange. Could it be a session failure? Trying a different browser 
now...


sogod SOGoLanguage German
sogod SOGoFirstDayOfWeek 1
sogod SOGoProfileURL 
postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile
sogod OCSSessionsFolderURL 
postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder
sogod OCSFolderInfoURL 
postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info

sogod SOGoSearchMinimumWordLength 0
sogod SOGoTimeZone Europe/Berlin
sogod SOGoPasswordChangeEnabled YES
sogod SOGoFoldersSendEMailNotifications NO
sogod SOGoMailCustomFromEnabled NO
sogod SOGoACLsSendEMailNotifications NO
sogod SOGoAppointmentSendEMailNotifications NO
sogod SOGoMailAuxiliaryUserAccountsEnabled YES

sogod SOGoMailingMechanism smtp
sogod SOGoSMTPAuthenticationType PLAIN
sogod SOGoForceIMAPLoginWithEmail YES
sogod SOGoEnableDomainBasedUID YES
sogod SOGoLoginDomains '(
"cvjmbonn.de",
"jobisoft.de"
)'

sogod domains '{
"cvjmbonn.de" = {
SOGoDraftsFolderName = Drafts;
SOGoIMAPServer = "imap://imap.worldserver.net";
SOGoMailDomain = "cvjmbonn.de";
SOGoSMTPServer = "smtp.worldserver.net";
SOGoSentFolderName = "Sent Items";
SOGoTrashFolderName = Trash;
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users.cvjmbonn,dc=local";
bindDN = "uid=admin.cvjmbonn,ou=users.cvjmbonn,dc=local";
bindPassword = *;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = "public_cvjmbonn";
isAddressBook = YES;
port = 389;
type = ldap;
}
);
};
"jobisoft.de" = {
SOGoDraftsFolderName = "INBOX/Drafts";
SOGoIMAPServer = "imaps://mails.jobisoft.de:993";
SOGoMailDomain = "jobisoft.de";
SOGoSMTPServer = "mails.jobisoft.de";
SOGoSentFolderName = "INBOX/Sent Items";
SOGoTrashFolderName = "INBOX/Trash";
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=users.jobisoft,dc=local";
bindDN = "uid=admin.jobisoft,ou=users.jobisoft,dc=local";
bindPassword = *;
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = localhost;
id = "public_jobisoft";
isAddressBook = YES;
port = 389;
type = ldap;
}
);
};
}'

--
users@sogo.nu
https://inverse.ca/sogo/lists


Re: [SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread Christian Rößner
> I have a fresh install of SOGo 2.0.3 (Ubuntu 32Bit), and performed the setup 
> as described in the official guide. The users in my LDAP directory are all 
> without the @domain suffix. For example I have two users with uid "info":
> 
> uid=info,ou=users_domainA,dc=local
> uid=info,ou=users_domainB,dc=local
> 
> 
> 1. Issue
> 
> 
> If I use SOGoLoginDomains, the system authenticates the user against the 
> selected domain, so entering info with password of domainB but selected 
> domainA will result in an wrong password error. Good.
> 
> If I do not use SOGoLoginDomains, he will try both info accounts and match it 
> by the password - and sometimes messes up (log in to the wrong info account, 
> if that account just logged out). Bad -> He should not allow that at all, the 
> user must specify info@domainA or info@domainB to log in and the system 
> should grab the domain from there! Is this a feature or a bug? Can I change 
> that behaviour?
> 
> 
> 2. Issue
> 
> 
> The internal system email after login is constructed as uid@domain, but 
> sometimes he forgets the @domain suffix and tries to authenticate against 
> IMAP/SMTP with just the uid. I can overcome this by using 
> SOGoForceIMAPLoginWithEmail , but that option is missing for SMTP.
> 
> Secondly I would like to know, why with one domain he always added the 
> domain-suffix, but not for the other. Any Ideas? Am I the only one?
> 
> To "reset" my system, I drop the database and flush the memcached, could 
> there be some leftover configuration somewhere else?


can you show the output of "defaults read" as user sogo with passwords removed?

-Christian Rößner

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] Multi-User Login not working reliably? Something broken?

2013-01-06 Thread John Bieling

Hi,

I have a fresh install of SOGo 2.0.3 (Ubuntu 32Bit), and performed the 
setup as described in the official guide. The users in my LDAP directory 
are all without the @domain suffix. For example I have two users with 
uid "info":


uid=info,ou=users_domainA,dc=local
uid=info,ou=users_domainB,dc=local


1. Issue


If I use SOGoLoginDomains, the system authenticates the user against the 
selected domain, so entering info with password of domainB but selected 
domainA will result in an wrong password error. Good.


If I do not use SOGoLoginDomains, he will try both info accounts and 
match it by the password - and sometimes messes up (log in to the wrong 
info account, if that account just logged out). Bad -> He should not 
allow that at all, the user must specify info@domainA or info@domainB to 
log in and the system should grab the domain from there! Is this a 
feature or a bug? Can I change that behaviour?



2. Issue


The internal system email after login is constructed as uid@domain, but 
sometimes he forgets the @domain suffix and tries to authenticate 
against IMAP/SMTP with just the uid. I can overcome this by using 
SOGoForceIMAPLoginWithEmail , but that option is missing for SMTP.


Secondly I would like to know, why with one domain he always added the 
domain-suffix, but not for the other. Any Ideas? Am I the only one?


To "reset" my system, I drop the database and flush the memcached, could 
there be some leftover configuration somewhere else?


Thanks
John
--
users@sogo.nu
https://inverse.ca/sogo/lists