Hi Bartek On 2012-01-13, at 5:19 AM, Bartłomiej Kluska wrote:
> I'm trying to add an external user source (MS Active Directory) to the ZEG 2 > appliance configuration. I can't login using any domain > account at all. Error code I see on the web interface is: > > Login failed due to unhandled error case: -1 > > Error in the logs: > > Jan 13 09:59:52 sogod [17362]: <0x0x22e5d80[NGLdapConnection]> bind - > ldap_result call result: 97 > Jan 13 09:59:52 sogod [17362]: <0x0x22e5d80[NGLdapConnection]> bind - > ldap_parse_result - ctrls is NULL > Jan 13 09:59:52 sogod [17362]: SOGoRootPage Login for user 'kluska' might not > have worked - password policy: -1 grace: -1 expire: > -1 bound: 0 > localhost - - [13/Jan/2012:09:59:52 GMT] "POST /SOGo/connect HTTP/1.1" 403 > 31/41 0.053 - - 16K > > My config file (/home/sogo/GNUstep/Defaults/.GNUstepDefaults): > <?xml version="1.0" encoding="UTF-8"?> > <!DOCTYPE plist PUBLIC "-//GNUstep//DTD plist 0.9//EN" > "http://www.gnustep.org/plist-0_9.xml";> > <plist version="0.9"> > <dict> > <key>NSGlobalDomain</key> > <dict> > </dict> > <key>sogod</key> > <dict> > <key>SOGoUserSources</key> > <array> > <dict> > <key>CNFieldName</key> > <string>cn</string> > <key>IDFieldName</key> > <string>cn</string> > <key>UIDFieldName</key> > <string>sAMAccountName</string> Set IDFieldName to the same value of UIDFieldName (sAMAccountName). > <key>baseDN</key> > > <string>CN=Person,CN=Schema,CN=Configuration,DC=abc,DC=local</string> > <key>bindDN</key> > <string>CN=sugar, > OU=Verzeichnisdienste,DC=abc,DC=local</string> > <key>bindPassword</key> > <string>testpassword</string> Have you double check your credentials? If your bindDN/bindPassword is invalid, you'll see something like this in the logs : Could not bind to the LDAP server smdc005.abc.local (389) ... > <key>canAuthenticate</key> > <string>YES</string> > <key>displayName</key> > <string>Active Directory</string> > <key>hostname</key> > <string>smdc005.abc.local</string> Does this hostname resolve properly? > <key>id</key> > <string>directory</string> > <key>isAddressBook</key> > <string>YES</string> > <key>passwordPolicy</key> > <string>YES</string> This won't probably work with Active Directory. It was developed for the OpenLDAP password policy overlay. > <key>port</key> > <string>389</string> > <key>scope</key> > <string>SUB</string> > <key>type</key> > <string>ldap</string> > </dict> > <dict> > <key>CNFieldName</key> > <string>cn</string> > <key>IDFieldName</key> > <string>uid</string> > <key>UIDFieldName</key> > <string>uid</string> > <key>baseDN</key> > <string>ou=people,dc=example,dc=com</string> > <key>bindDN</key> > <string>cn=admin,dc=example,dc=com</string> > <key>bindPassword</key> > <string>sogo</string> > <key>canAuthenticate</key> > <string>YES</string> > <key>displayName</key> > <string>local-ldap</string> > <key>hostname</key> > <string>localhost</string> > <key>id</key> > <string>local-ldap</string> > <key>isAddressBook</key> > <string>YES</string> > <key>passwordPolicy</key> > <string>NO</string> > <key>port</key> > <string>3389</string> > <key>scope</key> > <string>SUB</string> > <key>type</key> > <string>ldap</string> > </dict> > </array> > <key>WOWorkersCount</key> > <string>3</string> > </dict> > </dict> > </plist> > > When I test this new user-source, the result is "Success" > > When I set "passwordPolicy" to "NO", on the web interface I get an error: > "Wrong username or password." > and in logs I can see the following: > > Jan 13 10:09:29 sogod [18034]: SOGoRootPage Login for user 'kluska' might not > have worked - password policy: 65535 grace: -1 > expire: -1 bound: 0 > localhost - - [13/Jan/2012:10:09:29 GMT] "POST /SOGo/connect HTTP/1.1" 403 > 34/41 0.005 - - 0 > > > I tried to search the list but could find any problem like this. > Anyone has any idea? > > thanks > cheers! > > Bartek -- [email protected] :: +1.514.755.3640 :: http://www.inverse.ca Inverse :: Leaders behind SOGo (http://sogo.nu) and PacketFence (http://packetfence.org) -- [email protected] https://inverse.ca/sogo/lists
