Re: [SOGo] Multi-User Login not working reliably? Something broken?
1. Issue If I use SOGoLoginDomains, the system authenticates the user against the selected domain, so entering info with password of domainB but selected domainA will result in an wrong password error. Good. If I do not use SOGoLoginDomains, he will try both info accounts and match it by the password - and sometimes messes up (log in to the wrong info account, if that account just logged out). Bad -> He should not allow that at all, the user must specify info@domainA or info@domainB to log in and the system should grab the domain from there! Is this a feature or a bug? Can I change that behaviour? I opened a bug report for this and provided a patch, locally tested and considered working. http://www.sogo.nu/bugs/view.php?id=2162 -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
Am 06.01.2013 21:18, schrieb Patrick Ben Koetter: * Christian Rößner : You use "exampleserver-de" for the "domain-name", and not "exampleserver.de" why? To be honest? I had copied an example from Patrick Ben Koetter and adopted it to my needs :) Maybe he may say something to this aspect. But I think you may specify whatever you like, as it seems just to be an unique name for a block. It's been a while I tested that. IIRC a '.' dot led to an error. I don't recall ATM, but I recall I changed it to '-' and never looked back again. It's a good marker to jump to in vi. ;) p@rick In my config (using SOGoLoginDomains-Array) that unique-block-name is also used at the login-screen for domain selection - and not SogoMailDomain - or is there a switch to enforce the usage of the value of SogoMailDomainfor that dropdown menu? Sorry for the many questions.. John -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
* Christian Rößner : > > You use "exampleserver-de" for the "domain-name", and not > > "exampleserver.de" why? > > To be honest? I had copied an example from Patrick Ben Koetter and adopted > it to my needs :) Maybe he may say something to this aspect. But I think you > may specify whatever you like, as it seems just to be an unique name for a > block. It's been a while I tested that. IIRC a '.' dot led to an error. I don't recall ATM, but I recall I changed it to '-' and never looked back again. It's a good marker to jump to in vi. ;) p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
Hi, >> sogod domains '{ >> "exampleserver-de" = { >> SOGoMailDomain = "exampleserver.de"; >> SOGoUserSources = ( >> { >> CNFieldName = cn; >> IDFieldname = uid; >> IMAPLoginFieldName = rnsMSDovecotUser; >> KindFieldName = Kind; >> MailFieldNames = ( >> mail >> ); >> MultipleBookingsFieldName = Multiplebookings; >> UIDFieldName = rnsMSDovecotUser; >> baseDN = >> "ou=exampleserver-de,ou=people,ou=it,dc=roessner-net,dc=de"; >> bindAsCurrentUser = NO; >> bindDN = "cn=sogo,ou=people,ou=it,dc=roessner-net,dc=de"; >> bindFields = ( >> rnsMSRecipientAddress, >> uniqueIdentifier >> ); >> bindPassword = ; >> canAuthenticate = YES; >> displayName = "Gemeinsame Adressen"; >> encryption = STARTTLS; >> hostname = "roessner1.roessner-net.de db.roessner-net.de"; >> id = directory2; >> isAddressBook = YES; >> port = 389; >> scope = SUB; >> type = ldap; >> } >> ); >> }; >> … > IMAPLoginFieldName - the field that returns the IMAP login name for the user taken from SOGo docs (installation guide 2.0.2, page 20) > is part of the LDAP user configuration? So each user can have his own > setting? How do I get this setting into the database? Is this field part of > the LDAP user or is it in the Postgresql database? Is there such a field also > for smtp? > > You use "exampleserver-de" for the "domain-name", and not "exampleserver.de" > why? To be honest? I had copied an example from Patrick Ben Koetter and adopted it to my needs :) Maybe he may say something to this aspect. But I think you may specify whatever you like, as it seems just to be an unique name for a block. -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
Am 06.01.2013 17:55, schrieb Christian Rößner: sogod domains '{ "cvjmbonn.de" = { SOGoDraftsFolderName = Drafts; SOGoIMAPServer = "imap://imap.worldserver.net"; SOGoMailDomain = "cvjmbonn.de"; SOGoSMTPServer = "smtp.worldserver.net"; SOGoSentFolderName = "Sent Items"; SOGoTrashFolderName = Trash; SOGoUserSources = ( { CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users.cvjmbonn,dc=local"; bindDN = "uid=admin.cvjmbonn,ou=users.cvjmbonn,dc=local"; bindPassword = *; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = localhost; id = "public_cvjmbonn"; isAddressBook = YES; port = 389; type = ldap; } ); I do not see many differences to my configuration. This looks like this: sogod domains '{ "exampleserver-de" = { SOGoMailDomain = "exampleserver.de"; SOGoUserSources = ( { CNFieldName = cn; IDFieldname = uid; IMAPLoginFieldName = rnsMSDovecotUser; KindFieldName = Kind; MailFieldNames = ( mail ); MultipleBookingsFieldName = Multiplebookings; UIDFieldName = rnsMSDovecotUser; baseDN = "ou=exampleserver-de,ou=people,ou=it,dc=roessner-net,dc=de"; bindAsCurrentUser = NO; bindDN = "cn=sogo,ou=people,ou=it,dc=roessner-net,dc=de"; bindFields = ( rnsMSRecipientAddress, uniqueIdentifier ); bindPassword = ; canAuthenticate = YES; displayName = "Gemeinsame Adressen"; encryption = STARTTLS; hostname = "roessner1.roessner-net.de db.roessner-net.de"; id = directory2; isAddressBook = YES; port = 389; scope = SUB; type = ldap; } ); }; … I have no further special options. Neither to force something (IMAP) nor options that tell SOGo which domains can be taken for login. I have set IMAPLoginFieldName for each domain, which is an email address. Sorry, if I can not really help you. -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich Thanks for your time! The field IMAPLoginFieldName is part of the LDAP user configuration? So each user can have his own setting? How do I get this setting into the database? Is this field part of the LDAP user or is it in the Postgresql database? Is there such a field also for smtp? You use "exampleserver-de" for the "domain-name", and not "exampleserver.de" why? Thanks John -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
> sogod domains '{ >"cvjmbonn.de" = { >SOGoDraftsFolderName = Drafts; >SOGoIMAPServer = "imap://imap.worldserver.net"; >SOGoMailDomain = "cvjmbonn.de"; >SOGoSMTPServer = "smtp.worldserver.net"; >SOGoSentFolderName = "Sent Items"; >SOGoTrashFolderName = Trash; >SOGoUserSources = ( >{ >CNFieldName = cn; >IDFieldName = uid; >UIDFieldName = uid; >baseDN = "ou=users.cvjmbonn,dc=local"; >bindDN = "uid=admin.cvjmbonn,ou=users.cvjmbonn,dc=local"; >bindPassword = *; >canAuthenticate = YES; >displayName = "Shared Addresses"; >hostname = localhost; >id = "public_cvjmbonn"; >isAddressBook = YES; >port = 389; >type = ldap; >} >); I do not see many differences to my configuration. This looks like this: sogod domains '{ "exampleserver-de" = { SOGoMailDomain = "exampleserver.de"; SOGoUserSources = ( { CNFieldName = cn; IDFieldname = uid; IMAPLoginFieldName = rnsMSDovecotUser; KindFieldName = Kind; MailFieldNames = ( mail ); MultipleBookingsFieldName = Multiplebookings; UIDFieldName = rnsMSDovecotUser; baseDN = "ou=exampleserver-de,ou=people,ou=it,dc=roessner-net,dc=de"; bindAsCurrentUser = NO; bindDN = "cn=sogo,ou=people,ou=it,dc=roessner-net,dc=de"; bindFields = ( rnsMSRecipientAddress, uniqueIdentifier ); bindPassword = ; canAuthenticate = YES; displayName = "Gemeinsame Adressen"; encryption = STARTTLS; hostname = "roessner1.roessner-net.de db.roessner-net.de"; id = directory2; isAddressBook = YES; port = 389; scope = SUB; type = ldap; } ); }; … I have no further special options. Neither to force something (IMAP) nor options that tell SOGo which domains can be taken for login. I have set IMAPLoginFieldName for each domain, which is an email address. Sorry, if I can not really help you. -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
Am 06.01.2013 14:13, schrieb Christian Rößner: I have a fresh install of SOGo 2.0.3 (Ubuntu 32Bit), and performed the setup as described in the official guide. The users in my LDAP directory are all without the @domain suffix. For example I have two users with uid "info": uid=info,ou=users_domainA,dc=local uid=info,ou=users_domainB,dc=local 1. Issue If I use SOGoLoginDomains, the system authenticates the user against the selected domain, so entering info with password of domainB but selected domainA will result in an wrong password error. Good. If I do not use SOGoLoginDomains, he will try both info accounts and match it by the password - and sometimes messes up (log in to the wrong info account, if that account just logged out). Bad -> He should not allow that at all, the user must specify info@domainA or info@domainB to log in and the system should grab the domain from there! Is this a feature or a bug? Can I change that behaviour? 2. Issue The internal system email after login is constructed as uid@domain, but sometimes he forgets the @domain suffix and tries to authenticate against IMAP/SMTP with just the uid. I can overcome this by using SOGoForceIMAPLoginWithEmail , but that option is missing for SMTP. Secondly I would like to know, why with one domain he always added the domain-suffix, but not for the other. Any Ideas? Am I the only one? To "reset" my system, I drop the database and flush the memcached, could there be some leftover configuration somewhere else? can you show the output of "defaults read" as user sogo with passwords removed? -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich Sure, I orderd the output a bit for better reading By the way, he just messed up the login even WITH SOGoLoginDomains (as in this config), and since I have currently SOGoForceIMAPLoginWithEmail enabled I could se the wrong login in the IMAP configuration popup (I logged in with cvjmbonn but the popup showed i...@jobisoft.de) Very strange. Could it be a session failure? Trying a different browser now... sogod SOGoLanguage German sogod SOGoFirstDayOfWeek 1 sogod SOGoProfileURL postgresql://sogo:sogo@localhost:5432/sogo/sogo_user_profile sogod OCSSessionsFolderURL postgresql://sogo:sogo@localhost:5432/sogo/sogo_sessions_folder sogod OCSFolderInfoURL postgresql://sogo:sogo@localhost:5432/sogo/sogo_folder_info sogod SOGoSearchMinimumWordLength 0 sogod SOGoTimeZone Europe/Berlin sogod SOGoPasswordChangeEnabled YES sogod SOGoFoldersSendEMailNotifications NO sogod SOGoMailCustomFromEnabled NO sogod SOGoACLsSendEMailNotifications NO sogod SOGoAppointmentSendEMailNotifications NO sogod SOGoMailAuxiliaryUserAccountsEnabled YES sogod SOGoMailingMechanism smtp sogod SOGoSMTPAuthenticationType PLAIN sogod SOGoForceIMAPLoginWithEmail YES sogod SOGoEnableDomainBasedUID YES sogod SOGoLoginDomains '( "cvjmbonn.de", "jobisoft.de" )' sogod domains '{ "cvjmbonn.de" = { SOGoDraftsFolderName = Drafts; SOGoIMAPServer = "imap://imap.worldserver.net"; SOGoMailDomain = "cvjmbonn.de"; SOGoSMTPServer = "smtp.worldserver.net"; SOGoSentFolderName = "Sent Items"; SOGoTrashFolderName = Trash; SOGoUserSources = ( { CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users.cvjmbonn,dc=local"; bindDN = "uid=admin.cvjmbonn,ou=users.cvjmbonn,dc=local"; bindPassword = *; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = localhost; id = "public_cvjmbonn"; isAddressBook = YES; port = 389; type = ldap; } ); }; "jobisoft.de" = { SOGoDraftsFolderName = "INBOX/Drafts"; SOGoIMAPServer = "imaps://mails.jobisoft.de:993"; SOGoMailDomain = "jobisoft.de"; SOGoSMTPServer = "mails.jobisoft.de"; SOGoSentFolderName = "INBOX/Sent Items"; SOGoTrashFolderName = "INBOX/Trash"; SOGoUserSources = ( { CNFieldName = cn; IDFieldName = uid; UIDFieldName = uid; baseDN = "ou=users.jobisoft,dc=local"; bindDN = "uid=admin.jobisoft,ou=users.jobisoft,dc=local"; bindPassword = *; canAuthenticate = YES; displayName = "Shared Addresses"; hostname = localhost; id = "public_jobisoft"; isAddressBook = YES; port = 389; type = ldap; } ); }; }' -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Multi-User Login not working reliably? Something broken?
> I have a fresh install of SOGo 2.0.3 (Ubuntu 32Bit), and performed the setup > as described in the official guide. The users in my LDAP directory are all > without the @domain suffix. For example I have two users with uid "info": > > uid=info,ou=users_domainA,dc=local > uid=info,ou=users_domainB,dc=local > > > 1. Issue > > > If I use SOGoLoginDomains, the system authenticates the user against the > selected domain, so entering info with password of domainB but selected > domainA will result in an wrong password error. Good. > > If I do not use SOGoLoginDomains, he will try both info accounts and match it > by the password - and sometimes messes up (log in to the wrong info account, > if that account just logged out). Bad -> He should not allow that at all, the > user must specify info@domainA or info@domainB to log in and the system > should grab the domain from there! Is this a feature or a bug? Can I change > that behaviour? > > > 2. Issue > > > The internal system email after login is constructed as uid@domain, but > sometimes he forgets the @domain suffix and tries to authenticate against > IMAP/SMTP with just the uid. I can overcome this by using > SOGoForceIMAPLoginWithEmail , but that option is missing for SMTP. > > Secondly I would like to know, why with one domain he always added the > domain-suffix, but not for the other. Any Ideas? Am I the only one? > > To "reset" my system, I drop the database and flush the memcached, could > there be some leftover configuration somewhere else? can you show the output of "defaults read" as user sogo with passwords removed? -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Multi-User Login not working reliably? Something broken?
Hi, I have a fresh install of SOGo 2.0.3 (Ubuntu 32Bit), and performed the setup as described in the official guide. The users in my LDAP directory are all without the @domain suffix. For example I have two users with uid "info": uid=info,ou=users_domainA,dc=local uid=info,ou=users_domainB,dc=local 1. Issue If I use SOGoLoginDomains, the system authenticates the user against the selected domain, so entering info with password of domainB but selected domainA will result in an wrong password error. Good. If I do not use SOGoLoginDomains, he will try both info accounts and match it by the password - and sometimes messes up (log in to the wrong info account, if that account just logged out). Bad -> He should not allow that at all, the user must specify info@domainA or info@domainB to log in and the system should grab the domain from there! Is this a feature or a bug? Can I change that behaviour? 2. Issue The internal system email after login is constructed as uid@domain, but sometimes he forgets the @domain suffix and tries to authenticate against IMAP/SMTP with just the uid. I can overcome this by using SOGoForceIMAPLoginWithEmail , but that option is missing for SMTP. Secondly I would like to know, why with one domain he always added the domain-suffix, but not for the other. Any Ideas? Am I the only one? To "reset" my system, I drop the database and flush the memcached, could there be some leftover configuration somewhere else? Thanks John -- users@sogo.nu https://inverse.ca/sogo/lists