On 7/28/2010 2:44 PM, Donny Brooks wrote:
On 5/27/2010 9:32 AM, Donny Brooks wrote:
On Thursday, May 27, 2010 08:30 AM CDT, Ludovic
Marcotte<[email protected]> wrote:
Donny Brooks wrote:
I am running both the SOGo and OpenLDAP machines on Centos
5.4, and yes they are separate machines. My openldap is version
openldap-2.3.43-12.el5 on my LDAP server. My sogo version is
sogo-1.2_20100505-1.el5 from the yum repository and it's ldap
version is openldap-2.3.43-3.el5.
If you use the password policy code, you'll have to run a very recent
version of OpenLDAP (v2.4.17 and up) server/client libraries.
Futhermore, you'll have to recompile the sope49-ldap package to link
them to the recent OpenLDAP libraries.
The reason for all of this is that the password policy code is
relatively buggy in OpenLDAP and it's still a changing target (ie., the
specification is still in draft stage). SOGo (or rather, our
modifications to sope49-ldap) makes use of the ldap control object
which
is tied to the innards of OpenLDAP.
We eventually plan to provide OpenLDAP RPMs for RHEL v5 (i386 and
x86_64) for those who want to use it on this platform and update the
documentation accordingly for its usage.
Regards,
--
Ludovic Marcotte
[email protected] :: +1.514.755.3630 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
So I need to update my SOGo *AND* OpenLDAP machines to 2.4.17 or
greater correct? Should I also upgrade my mail server or does that
really matter since it isn't dealing with anything but
authentication. Thanks for the insight. It has been working just fine
until I implemented the password policy stuff. So that makes perfect
sense.
Ok, I have the ldap server setup to use openldap-2.4.21 on fedora 13.
I am still getting the following lines in the ldap.log and sogo.log.
These are unedited incase I cut something I didn't need to. Plus it is
only accessible internally so I think I am ok.
ldap.log
Jul 28 14:13:30 ldap slapd[977]: conn=1160 fd=14 ACCEPT from
IP=10.8.3.220:35117 (IP=0.0.0.0:389)
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 BIND
dn="uid=dbrooks,ou=people,dc=mdah,dc=state,dc=ms,dc=us" method=128
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 BIND
dn="uid=dbrooks,ou=People,dc=mdah,dc=state,dc=ms,dc=us" mech=SIMPLE ssf=0
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 RESULT tag=97 err=0 text=
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 EXT
oid=1.3.6.1.4.1.4203.1.11.1
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 PASSMOD
id="uid=dbrooks,ou=people,dc=mdah,dc=state,dc=ms,dc=us" old new
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 RESULT oid= err=50 text=
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=2 UNBIND
Jul 28 14:13:30 ldap slapd[977]: conn=1160 fd=14 closed
sogo.log
Jul 28 13:13:30 sogod: SOGo watchdog [14124]:
<0x0x109aee10[NGLdapConnection]> change password - ldap_find_control
call failed
127.0.0.1 - - [28/Jul/2010:13:13:30 GMT] "POST /SOGo/so/changePassword
HTTP/1.1" 204 0/74 0.006 - - 0
Does the sogo machine need to have the updated openldap also? Or just
the ldap server? Any pointers are VERY welcome.
Donny B.
Anyone have an idea? If I have to update openldap on the sogo box also I
may as well change from centos 5.5 to fedora 13.
--
[email protected]
https://inverse.ca/sogo/lists
