Hello, We recently upgraded our SOGo installation from 4.0.0 to 4.0.8, and the hosting server from Debian stretch to buster.
SOGo has an Apache-based proxy in front, and the LDAP server lives in the same machine. We are seeing some LDAP related authentication glitches since the upgrade: - Every now and then, people get 401 to some SOGo requests, both from the Web UI or from caldav clients like Evolution or mobile calendar apps - SOGo complaints about not been able to contact the server, but the server is fully functional, listening on the ports should listen, and authenticating correctly Also, since the upgrade, we've noticed that there are quite a lot of messages referring to the LDAP connections: Creating NGLdapConnection instance for bindDN 'uid=user,ou=people,dc=domain,dc=org' Around 250K in the last four days, which seems to be too much for a less than 100 users instance with around 20 active. We've seen also the following messages. Last line is quite puzzling. We do not know where this encoded string is coming from at all. https://pastebin.com/P1na4Hy8 We would appreciate if you can add some light here because we don't know what is going on. Thanks in advance. Our LDAP config looks as follows: SOGoUserSources = ( { type = ldap; CNFieldName = cn; UIDFieldName = cn; IDFieldName = cn; SearchFieldNames = (mail, cn); baseDN = "ou=groups,dc=domain,dc=org"; bindDN = "cn=admin,dc=domain,dc=org"; bindPassword = password; canAuthenticate = NO; hostname = ldap:/:/ldap.example.org; id = ldaplocalgroups; displayName = "Groups"; isAddressBook = YES; listRequiresDot = NO; filter = "(objectClass='groupOfUniqueNames')"; }, { type = ldap; CNFieldName = cn; UIDFieldName = uid; IDFieldName = uid; SearchFieldNames = (uid, mail, cn, givenName, sn); MailFieldNames = (mail); baseDN = "ou=people,dc=domain,dc=org"; bindDN = "cn=admin,dc=domain,dc=org"; bindPassword = password; canAuthenticate = YES; hostname = ldap://ldap.example.org; bindAsCurrentUser = YES; userPasswordAlgorithm = ssha; id = ldaplocal; displayName = "People"; isAddressBook = YES; listRequiresDot = NO; ModulesConstraints = { Mail = { nonexistentattr = TRUE; }; }; } ); -- Pablo Abelenda Mobile: +34606539874
signature.asc
Description: OpenPGP digital signature