Hi Steve, Thanks for the reply. I can run ldapsearch just fine when I su to sogo. I have added the SOGoForceIMAPLoginWithEmai parameter to my defualts file and now I can login to the imap server. Still can't get it working with starttls. I have had to set my security in slapd.conf as follows:
security ssf=0 update_ssf=112 simple_bind=0 Any other pointers appreciated. Regards Mark On Sat, Mar 26, 2011 at 9:14 AM, Stephen Ingram <[email protected]> wrote: > Mark- > > Mark wrote: >> >> 1) I have starttls enabled on the ldap server and confidentiality is >> required for authentication. I have added >> <key>encryption</key><string>STARTTLS</start> to the GNUSteps Defaults >> file. I have also edited /etc/openldap/ldap.conf to point to the >> location of the ca certificate that signed the server cert. The >> ldapearch utility works fine as follows: >> >> ldapsearch -h www.linuxcertification.co.za -D >> uid=mark,ou=People,dc=linuxcertification,dc=co,dc=za -W -ZZ -x >> >> But when SOGo tries to connect the ldap log file show the client >> connecting and then dropping the connection as follows: >> >> Mar 26 07:15:18 slain slapd[12333]: conn=63 fd=24 ACCEPT from >> IP=192.168.xx.xx:49366 (IP=0.0.0.0:389) >> Mar 26 07:15:18 slain slapd[12333]: daemon: activity on: >> Mar 26 07:15:18 slain slapd[12333]: >> Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=6 >> active_threads=0 tvp=NULL >> Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=7 >> active_threads=0 tvp=NULL >> Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=8 >> active_threads=0 tvp=NULL >> Mar 26 07:15:18 slain slapd[12333]: daemon: select: listen=9 >> active_threads=0 tvp=NULL >> Mar 26 07:15:18 slain slapd[12333]: daemon: activity on 1 descriptors >> Mar 26 07:15:18 slain slapd[12333]: daemon: activity on: >> Mar 26 07:15:18 slain slapd[12333]: 24r >> Mar 26 07:15:18 slain slapd[12333]: >> Mar 26 07:15:18 slain slapd[12333]: daemon: read activity on 24 >> Mar 26 07:15:18 slain slapd[12333]: connection_get(24) >> Mar 26 07:15:18 slain slapd[12333]: connection_get(24): got connid=63 >> Mar 26 07:15:18 slain slapd[12333]: connection_read(24): checking for >> input on id=63 >> Mar 26 07:15:18 slain slapd[12333]: ber_get_next on fd 24 failed >> errno=0 (Success) >> Mar 26 07:15:18 slain slapd[12333]: connection_read(24): input >> error=-2 id=63, closing. >> Mar 26 07:15:18 slain slapd[12333]: connection_closing: readying >> conn=63 sd=24 for close >> Mar 26 07:15:18 slain slapd[12333]: connection_close: conn=63 sd=24 >> Mar 26 07:15:18 slain slapd[12333]: daemon: removing 24 >> Mar 26 07:15:18 slain slapd[12333]: conn=63 fd=24 closed >> >> The sogo logs are not very helpful saying only: >> >> >> 2011-03-26 07:27:31.097 sogod[26476] WOCompoundElement: id logging is on. >> Mar 26 07:27:31 sogod [26476]: SOGoRootPage Login for user >> '[email protected]' might not have worked - >> password policy: 65535 grace: -1 expire: -1 bo >> und: 0 >> sogo - - [26/Mar/2011:07:27:31 GMT] "POST /SOGo/connect HTTP/1.1" 403 >> 34/84 0.083 - - 2M >> >> Anyone know what I need to get starttls working with SOgo? > > Are you running ldapsearch as root? Make sure that user sogo has access to > the cert and key too to establish a TLS layer for the LDAP connection. > >> 2)(I have disabled starttls at this point) I have our ldap server >> setup to use dn like >> uid=joe,ou=people,dc=linuxcertificaiton,dc=co,dc=za. Our imap server >> uses virtual domains and requires logins in the form of email >> addresses. So if I login with jus the username and no domain sogo >> passes the wrong login info to the imap server ie joe instead of >> [email protected]. Can I use regular expression syntax in >> the Defaults file to say extract the username from the email address >> for login into ldap? Alternatively is there a way to manipulate the >> login username for the imap server from the Defaults config file? > > If you have 'mail' attribute in your directory entries, you can use that to > authenticate to imap (providing you use saslauthd) and sogo (see page 17 of > the manual for how to use mail attribute for login). > > Steve > -- > [email protected] > https://inverse.ca/sogo/lists > -- [email protected] https://inverse.ca/sogo/lists
