Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword

Tue, 29 Jan 2013 07:40:38 -0800 

On 13-01-29 5:54 AM, remi.caillet...@3sr-grenoble.fr wrote:

Hi,
I got the same error witch 2.0.4 update. My configuration is in
.GnuDefaults format, and bindFields is set (it was working on 2.0.3a. I
tried to use sogo-tool dump-defaults, without success :

WARNING: Using default signature for
dataWithPropertyList:format:options:error: ... either the method for
that selector is not implemented by the receiver, or you must be using
an old/faulty version of the Objective-C runtime library.
sogo-tool: Uncaught exception NSInvalidArgumentException, reason: Can
not determine type information for +[NSPropertyListSerialization
dataWithPropertyList:format:options:error:]

Ouch, sorry about that!
This is fixed now, see this commit:

https://github.com/inverse-inc/sogo/commit/ea13fd14c97ac3c58e1c50d3b82d0657715f1016


Here is our sanitarized conf file :

{
     NSGlobalDomain = {
     };
     sogod = {
         OCSFolderInfoURL =
"postgresql://user:password@localhost:5432/sogo_db/sogo_folder_info";
         OCSSessionsFolderURL =
"postgresql://user:password@localhost:5432/sogo_db/sogo_sessions_folder";
         SOGoProfileURL =
"postgresql://user:password@localhost:5432/sogo_db/sogo_user_profile";
         SOGoACLsSendEMailNotifications = YES;
         SOGoAppointmentSendEMailNotifications = YES;
         SOGoFoldersSendEMailNotifications = YES;
         SOGoIMAPServer = imaps://localhost:993;
         SOGoLanguage = French;
         SOGoMailDomain = "mydomain.com";
         SOGoMailingMechanism = smtp;
         SOGoSMTPServer = localhost;
         SOGoTimeZone = Europe/Paris;
         SOGoPageTitle = 3SRMail;
         SOGoLoginModule = Mail;
         SOGoVacationEnabled = YES;
         SOGoForwardEnabled = YES;
         SOGoSieveScriptsEnabled = YES;
         SOGoMailMessageCheck = every_5_minute;
         NGImap4ConnectionStringSeparator = .;
         SOGoFaviconRelativeURL = https://mydomain.com/favicon.ico;
         SOGoUserSources = (
             {
                 type = ldap;
                 CNFieldName = cn;
                 IDFieldName = cn;
                 UIDFieldName = middleName;
                 IMAPLoginFieldName = middleName;
                 baseDN = "OU=Users,DC=domain,DC=local";
                 bindDN = binddn@domain.local;
                 bindPassword = "bindpassword";
                 bindFields = (middleName);
                 filter = "(objectClass=person OR (objectcategory=group
AND sAMAccountType=268435457))";
                 canAuthenticate = YES;
                 displayName = "Directory";
                 hostname = ldap;
                 id = public;
                 isAddressBook = YES;
                 port = 389;
                scope = sub;
             }
         );
     };
}
What errors do you see in the sogo log file and could you post a log of the ldap requests made by sogo? 




Cheers,
rémi




Le 28/01/2013 18:20, Luis Angel Fernandez Fernandez a écrit :

  Hi

  I am still trying to set up a multi domain SOGo but with no success
so far.

  When I try to log into SOGo this is what I get in samba logs:

[2013/01/28 18:15:17,  3]
../lib/ldb-samba/ldb_wrap.c:318(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2013/01/28 18:15:17,  3]
../source4/auth/ntlm/auth.c:270(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user
[ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)]
  auth_check_password_send: mapped user is:
[ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)]
[2013/01/28 18:15:17,  3]
../libcli/auth/ntlm_check.c:228(hash_password_check)
  ntlm_password_check: NO NT password stored for user
$8CE6ED97-A469161AE3BF0489.
[2013/01/28 18:15:17,  2]
../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
  auth_check_password_recv: sam_ignoredomain authentication for user
[ALIRATIUN\$8CE6ED97-A469161AE3BF0489] FAILED with error
NT_STATUS_WRONG_PASSWORD
[2013/01/28 18:15:17,  3]
../source4/smbd/service_stream.c:63(stream_terminate_connection)
  Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2013/01/28 18:15:17,  3]
../source4/smbd/process_single.c:104(single_terminate)
  single_terminate: reason[ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]

  and this in sogo logs:

Jan 28 18:16:23 sogod [5721]: |SOGo| starting method 'POST' on uri
'/SOGo/connect'
Jan 28 18:16:23 sogod [5721]: |SOGo| traverse(acquire): SOGo => connect
Jan 28 18:16:23 sogod [5721]: |SOGo|   do traverse name: 'SOGo'
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate object:
<SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D object is public.
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate key SOGo of
object: <SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D found no security info
for key (class SOGo): SOGo
Jan 28 18:16:23 sogod [5721]: <[so-security]>D default is allow ...
Jan 28 18:16:23 sogod [5721]: |SOGo|   do traverse name: 'connect'
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate key connect of
object: <SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate permission
'<public>' on object: <SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D successfully validated
permission '<public>'.
Jan 28 18:16:23 sogod [5721]: <[so-security]>D successfully validated
key (connect).
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate object:
<0x0x168572c[SoPageInvocation]: class=SOGoRootPage action=connect
bound instantiated product=<0x0x1409a4c[SoProduct]: loaded code-loaded
bundle=/usr/local/GNUstep/lib/GNUstep/SOGo/MainUI.SOGo #classes=8
#categories=4 rm=0x0x140bf0c>>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D object is public.
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate key connect of
object: <SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D validate permission
'<public>' on object: <SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <[so-security]>D successfully validated
permission '<public>'.
Jan 28 18:16:23 sogod [5721]: <[so-security]>D successfully validated
key (connect).
Jan 28 18:16:23 sogod [5721]: |SOGo| set clientObject:
<SOGo[0x0x141c534]: name=SOGo>
Jan 28 18:16:23 sogod [5721]: <0x0x15ff854[NGLdapConnection]> Using
ldap_init (deprecated) for LDAP host:port 192.168.0.137:389
<http://192.168.0.137:389>
Jan 28 18:16:23 sogod [5721]: <0x0x15a0814[LDAPSource]> <NSException:
0x167582c> NAME:LDAPException REASON:operation bind failed: Invalid
credentials (0x31) INFO:{login =
"cn=luisangel.fernandez,ou=aliratiun.tic,ou=dominios,dc=aliratiun,dc=tic";
}
Jan 28 18:16:23 sogod [5721]: SOGoRootPage Login for user
'luisangel.fernandez' might not have worked - password policy: 65535
 grace: -1  expire: -1  bound: 0
Jan 28 18:16:23 sogod [5721]: |SOGo| request took 0.023024 seconds to
execute
Jan 28 18:16:23 sogod [5721]: <0x0x16f169c[WOResponse]> Zipping of
response disabled
192.168.0.131 - - [28/Jan/2013:18:16:23 GMT] "POST /SOGo/connect
HTTP/1.1" 403 34/83 0.027 - - 0

  Using tcpdump I don't see sogo using binddn anywhere, just the
simple bind with the user dn.  What am I missing? I

  Bye.

--
Linkedin profile (http://es.linkedin.com/in/lafdez)
G+ profile (https://plus.google.com/u/0/115320207805121303027/about)
Twitter (@lafdez @_lafdez_)
Identi.ca (@lafdez)



--
Rémi Cailletaud - IE CNRS
3SR - Laboratoire Sols, Solides, Structures - Risques
BP53, 38041 Grenoble CEDEX 0
FRANCE
remi.caillet...@3sr-grenoble.fr
Tél: +33 (0)4 76 82 52 78
Fax: +33 (0)4 76 82 70 43





--
Jean Raby
jr...@inverse.ca  ::  +1.514.447.4918 (x120) ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) 
--
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to