Hi, >> we have configured the sogo connection to our LDAP server as follows: >> >> defaults write sogod SOGoUserSources '({CNFieldName = cn; >> IDFieldName = uid; UIDFieldName = uid; >> baseDN = "dc=neurologie.uni-tuebingen.de,dc=local"; >> bindDN = >> "uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local"; >> bindPassword = ****************; canAuthenticate = YES; displayName = >> "Addresses"; hostname = "localhost"; id = local; >> isAddressBook = YES; port=389; filter = "(objectClass=person)"; scope = >> "SUB"})' >> >> Still, sogo can find only persons in the baseDN level, not in ou's below >> this. >> >> What are we doing wrong? > > How are the privileges set for user > uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local > in your LDAP? > Does he have read permissions on all ou-Levels up to ou=Users? > Does he have read permissions on the user entries in ou=Users?
I did an apt-get update/upgrade an checked the LDAP permissions: olcDatabase={1}hdb.ldif: dn: olcDatabase={2}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=neurologie.uni-tuebingen.de,dc=local olcAccess: {0}to * by dn="cn=admin,dc=neurologie.uni-tuebingen.de,dc=local" write by * read olcAccess: {1}to * attrs=userPassword,shadowLastChange by dn="cn=admin,dc=neurologie.uni-tuebingen.de,dc=local" write by anonymous auth by self write by * none olcAccess: {2}to dn.base="" by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=neurologie.uni-tuebingen.de,dc=local ... Now sogo seems not to be able to bind anymore: .GNUstepDefaults: <key>SOGoUserSources</key> <array> <dict> <key>CNFieldName</key> <string>cn</string> <key>IDFieldName</key> <string>uid</string> <key>UIDFieldName</key> <string>uid</string> <key>baseDN</key> <string>dc=neurologie.uni-tuebingen.de,dc=local</string> <key>bindDN</key> <string>uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local</string> <key>bindPassword</key> <string>***********</string> <key>canAuthenticate</key> <string>YES</string> <key>displayName</key> <string>Addresses</string> <key>hostname</key> <string>localhost</string> <key>id</key> <string>public</string> <key>isAddressBook</key> <string>YES</string> <key>port</key> <string>389</string> <key>scope</key> <string>SUB</string> sogo.log: Mar 06 09:58:47 sogod [4778]: SOGoRootPage Login for user 'fbunjes' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 localhost - - [06/Mar/2012:09:58:47 GMT] "POST /SOGo/connect HTTP/1.1" 403 34/42 0.025 - - 2M Best, Friedemann > > > Kind regards, > Christian Mack > > -- > Christian Mack > Gruppe Informationsdienste > Rechenzentrum Universität Konstanz > -- > users@sogo.nu > https://inverse.ca/sogo/lists -- Dr. rer. nat. Friedemann Bunjes Hertie-Institut für Klinische Hirnforschung Zentrum für Neurologie Universitätsklinikum Tübingen Otfried-Müller-Str. 27 72076 Tübingen +49-7071-29-81999 -- users@sogo.nu https://inverse.ca/sogo/lists