Hello,
it turned out that once I joined the ldap bind user to the Account
Operator and Domain Admin groups everything worked fine.
While I am actually impressed by how well the end-to-end functionality
of is I'd not like to proceed with a LDAP bind user with that many
rights. What rights does the LDAP bind user actually need?
Those log messages anyhow did not disappear.
I appreciate your help and ideas!
Kind regards,
Johannes Tigges
Am 02.10.2012 18:50, schrieb Johannes Tigges:
Hello,
we are modernizing our IT services. In turn of that I deployed SOGo 2.0
on CentOS 6.3 together with an Active Directory LDAP backend as an
evaluation installation.
The ad-coupled login works very well, as does sending email, integration
with Thunderbird ESR together with SOGo ConnectorIntegrator regarding
tasks, calendar and address book.
I currently have one show stopping issue left though: Although my AD is
marked as being an address book no users are visible in the LDAP address
book or can be found during search of shared calendars, address books,
task lists or for email completion. I found a bug in the bug tracker
that shows similar (or at least closely related) effects and added my
issue to it. It can be found here:
http://www.sogo.nu/bugs/view.php?id=1937 (See the first note)
Details from the bug report:
I have a possibly related issue: This instance of sogod 2.0.0 (release
version) on CentOs 6.3 runs against a Win2k8r2 active directory. It
authenticates fine, anyhow once i try to subscribe to another users
address book, calendar or write him an email, i.e. try to access
resources from the configured shared address book I get the log entry
2012-09-28 20:29:35.170 sogod[6445] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter
for attrs `
Sep 28 20:29:35 sogod [6445]: [ERROR] 0x0x28ecdb8[NGLdapAttribute]
cound not convert value of objectGUID to string
Sep 28 20:29:35 sogod [6445]: [ERROR] 0x0x28f1598[NGLdapAttribute]
cound not convert value of objectSid to string
2012-09-28 20:29:35.180 sogod[6445] WARNING(-[NSNull(misc) count]):
called NSNull -count (returns 0) !!!
as described above. I'd expect to see the actual values being queried
here. And more I'd love to see that user search working as then I'd be
able to use it as groupware. Other than that I bug I am rather impressed
up to now.
The defaults are configured as follows:
sogod SOGoSMTPServer smtpserver
sogod SOGoUserSources '(
{
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = userPrincipalName;
baseDN = CN=Users,DC=test,DC=foo,DC=bar;
bindDN = CN=ldapuser,CN=Users,DC=test,DC=foo,DC=bar;
bindFields = (
sAMAccountName,
userPrincipalName
);
bindPassword = password;
canAuthenticate = YES;
displayName = Active Directory;
hostname = dc;
id = directory;
isAddressBook = YES;
port = 389;
type = ldap;
}
)'
sogod SOGoCacheCleanupInterval 10
sogod SearchFieldNames '(
sn,
displayName,
userPrincipalName,
telephoneNumber
)'
sogod SOGoIMAPServer imap://imapserver:143 [^]
sogod SOGoLanguage German
sogod OCSEMailAlarmsFolderURL
mysql://sogo:sogo@mysql:3306/sogo/sogo_alarms_folder [^]
sogod SOGoFirstDayOfWeek 1
sogod SOGoProfileURL mysql://sogo:sogo@mysql:3306/sogo/sogo_user_profile
[^]
sogod SOGoTimeZone Europe/Berlin
sogod SOGoFoldersSendEMailNotifications YES
sogod LDAPDebugEnabled YES
sogod SOGoForceIMAPLoginWithEmail YES
sogod SOGoMailingMechanism smtp
sogod OCSSessionsFolderURL
mysql://sogo:sogo@mysql:3306/sogo/sogo_sessions_folder [^]
sogod MailFieldNames '(
userPrincipalName
)'
sogod SOGoSuperUsernames '(
admin
)'
sogod SOGoMailDomain thedomain
sogod OCSFolderInfoURL
mysql://sogo:sogo@mysql:3306/sogo/sogo_folder_info [^]
sogod SOGoACLsSendEMailNotifications YES
sogod SOGoAppointmentSendEMailNotifications YES
The directory looks like a almost pristine Windows 2008r2 active
directory domain services directory. No Unix services installed, no
extra OUs, no fancy attributes added, just a few users and groups.
I'd really appreciate any help or debugging clues on that issue.
Kind regards,
---
Johannes Tigges
Ausbildungszentrum OTA GmbH (gemeinnützig)
Josef-Orlopp-Strasse 45-49
10365 Berlin
Email : j.tig...@ausbildung-ota.de
Web : http://www.ausbildung-ota.de
--
---
Johannes Tigges
Ausbildungszentrum OTA GmbH (gemeinnützig)
Josef-Orlopp-Strasse 45-49
10365 Berlin
Email : j.tig...@ausbildung-ota.de
Web : http://www.ausbildung-ota.de
--
users@sogo.nu
https://inverse.ca/sogo/lists
