Mark-
Mark wrote:
1) I have starttls enabled on the ldap server and confidentiality is
required for authentication. I have added
<key>encryption</key><string>STARTTLS</start> to the GNUSteps Defaults
file. I have also edited /etc/openldap/ldap.conf to point to the
location of the ca certificate that signed the server cert. The
ldapearch utility works fine as follows:
ldapsearch -h www.linuxcertification.co.za -D
uid=mark,ou=People,dc=linuxcertification,dc=co,dc=za -W -ZZ -x
But when SOGo tries to connect the ldap log file show the client
connecting and then dropping the connection as follows:
Mar 26 07:15:18 slain slapd[12333]: conn=63 fd=24 ACCEPT from
IP=192.168.xx.xx:49366 (IP=0.0.0.0:389)
Mar 26 07:15:18 slain slapd[12333]: daemon: activity on:
Mar 26 07:15:18 slain slapd[12333]:
Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=6
active_threads=0 tvp=NULL
Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=7
active_threads=0 tvp=NULL
Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=8
active_threads=0 tvp=NULL
Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=9
active_threads=0 tvp=NULL
Mar 26 07:15:18 slain slapd[12333]: daemon: activity on 1 descriptors
Mar 26 07:15:18 slain slapd[12333]: daemon: activity on:
Mar 26 07:15:18 slain slapd[12333]: 24r
Mar 26 07:15:18 slain slapd[12333]:
Mar 26 07:15:18 slain slapd[12333]: daemon: read activity on 24
Mar 26 07:15:18 slain slapd[12333]: connection_get(24)
Mar 26 07:15:18 slain slapd[12333]: connection_get(24): got connid=63
Mar 26 07:15:18 slain slapd[12333]: connection_read(24): checking for
input on id=63
Mar 26 07:15:18 slain slapd[12333]: ber_get_next on fd 24 failed
errno=0 (Success)
Mar 26 07:15:18 slain slapd[12333]: connection_read(24): input
error=-2 id=63, closing.
Mar 26 07:15:18 slain slapd[12333]: connection_closing: readying
conn=63 sd=24 for close
Mar 26 07:15:18 slain slapd[12333]: connection_close: conn=63 sd=24
Mar 26 07:15:18 slain slapd[12333]: daemon: removing 24
Mar 26 07:15:18 slain slapd[12333]: conn=63 fd=24 closed
The sogo logs are not very helpful saying only:
2011-03-26 07:27:31.097 sogod[26476] WOCompoundElement: id logging is on.
Mar 26 07:27:31 sogod [26476]: SOGoRootPage Login for user
'[email protected]' might not have worked -
password policy: 65535 grace: -1 expire: -1 bo
und: 0
sogo - - [26/Mar/2011:07:27:31 GMT] "POST /SOGo/connect HTTP/1.1" 403
34/84 0.083 - - 2M
Anyone know what I need to get starttls working with SOgo?
Are you running ldapsearch as root? Make sure that user sogo has access
to the cert and key too to establish a TLS layer for the LDAP connection.
2)(I have disabled starttls at this point) I have our ldap server
setup to use dn like
uid=joe,ou=people,dc=linuxcertificaiton,dc=co,dc=za. Our imap server
uses virtual domains and requires logins in the form of email
addresses. So if I login with jus the username and no domain sogo
passes the wrong login info to the imap server ie joe instead of
[email protected]. Can I use regular expression syntax in
the Defaults file to say extract the username from the email address
for login into ldap? Alternatively is there a way to manipulate the
login username for the imap server from the Defaults config file?
If you have 'mail' attribute in your directory entries, you can use that
to authenticate to imap (providing you use saslauthd) and sogo (see page
17 of the manual for how to use mail attribute for login).
Steve
--
[email protected]
https://inverse.ca/sogo/lists
