The next issue that I've run into about LDAP....
Since I use the ou=people instead of users, there's some issues.
1) Always put the sogo in the ou where your users live.... in my case:
ou=people,cn=example,cn=com. The reason for this is that SOGo seems to get
confused when doing it's binding/lookups.
2) Always make sure your sogo.conf parameters reflect this and you understand
the 'why?' of LDAP and entry searching.
As shown below, mine looked like this:
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=cn;
baseDN="ou=people,dc=example,dc=com";
bindDN="cn=sogo,ou=users,dc=example,dc=com";
bindPassword="sogo";
canAuthenticate=YES;
displayName="Shared Addresses";
hostname=ldap://<LDAP IP>:389;
id=public;
isAddressBook=YES;
}
);
It now looks like this: (Why? Well, due to something that may be in the
parsing code, I found that baseDN and bindDN seems to have an issue as to where
the user lives. It seems that the ou of people and users were unexpectedly
(probably due to my stupidity) searched in the wrong location. Also, I noticed
that my UIDFieldName was set to cn and not uid. Also, when SOGo went to look
for the "*FieldName" variables, it went looking in the ou=users container (at
least it seemed so in the logs) and not the ou=people container. - solution was
to make sure that the sogo was in the ou=people so that everything was
checked/verified/looked up in the right ou.)
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=uid;
baseDN="ou=people,dc=example,dc=com";
bindDN="cn=sogo,ou=people,dc=example,dc=com";
bindPassword="sogo";
canAuthenticate=YES;
displayName="Shared Addresses";
hostname=ldap://<LDAP IP>:389;
id=public;
isAddressBook=YES;
}
);
I have, finally, gotten by the LDAP authentication issue of the 'sogo' account
binding to the LDAP server.
(Door opens and we go through... :-) )
P.
________________________________
From: "[email protected]" <[email protected]>
To: [email protected]
Sent: Wednesday, May 8, 2013 5:20 PM
Subject: [SOGo] FreeBSD port - LDAP authentication
Hi,
Well, we made it through the first hurdle in the thread Installation and
Configuration.
Again, the setup:
FreeBSD 9.1
LDAP 2.4.35
PostGreSQL 9.2
SOGO 2.0.5
(All the services are on separate machines)
Here's the second one concerning LDAP authentication.
It doesn't seem to want to bind.
I can bind anonymously with the pam_ldap service and with the sogo user from
the command line to the remote ldap service. However, when trying to login
from the SOGO Web GUI, I get the 'Wrong User Name or Password" error.
The sogo log file has:
May 08 16:58:49 sogod [6909]: vmem size check enabled: shutting down app when
vmem > 384 MB
May 08 16:58:49 sogod [6909]: <0x0x8087ff908[SOGoProductLoader]> SOGo products
loaded from '/usr/local/GNUstep/Local/Library/SOGo':
May 08 16:58:49 sogod [6909]: <0x0x8087ff908[SOGoProductLoader]>
ContactsUI.SOGo, MainUI.SOGo, MailPartViewers.SOGo, Mailer.SOGo,
Appointments.SOGo, SchedulerUI.SOGo, Contacts.SOGo, MailerUI.SOGo,
PreferencesUI.SOGo, AdministrationUI.SOGo, CommonUI.SOGo
May 08 16:58:49 sogod [6909]: <0x0x808470438[WOWatchDog]> listening on *:20000
May 08 16:58:49 sogod [6909]: <0x0x808470438[WOWatchDog]> watchdog process pid:
6909
May 08 16:58:49 sogod [6909]: <0x0x801c3bb60[WOWatchDogChild]> watchdog request
timeout set to 10 minutes
May 08 16:58:49 sogod [6909]: <0x0x808470438[WOWatchDog]> preparing 1 children
May 08 16:58:49 sogod [6909]: <0x0x808470438[WOWatchDog]> child spawned with
pid 6910
2013-05-08 16:58:49.390 sogod[6910] PostgreSQL72 connection established:
<0x0x809d14528[PGConnection]: connection=0x0x809df2000>
2013-05-08 16:58:49.390 sogod[6910] PostgreSQL72 channel 0x0x8087fd7c8 opened
(connection=<0x0x809d14528[PGConnection]: connection=0x0x809df2000>)
2013-05-08 16:58:49.391 sogod[6910] PG0x0x8087fd7c8 SQL: SELECT count(*) FROM
sogo_user_profile
2013-05-08 16:58:49.597 sogod[6910] PG0x0x8087fd7c8 SQL: SELECT count(*) FROM
sogo_folder_info
2013-05-08 16:58:49.700 sogod[6910] PG0x0x8087fd7c8 SQL: SELECT count(*) FROM
sogo_sessions_folder
May 08 16:59:48 sogod [6910]: |SOGo| starting method 'POST' on uri
'/SOGo/connect'
May 08 16:59:48 sogod [6910]: <0x0x809e18e28[SOGoCache]> Cache cleanup interval
set every 300.000000 seconds
May 08 16:59:48 sogod [6910]: <0x0x809e18e28[SOGoCache]> Using host(s)
'localhost' as server(s)
2013-05-08 16:59:48.742 sogod[6910] Note(SoObject): SoDebugKeyLookup is
enabled!
2013-05-08 16:59:48.742 sogod[6910] Note(SoObject): SoDebugBaseURL is enabled!
2013-05-08 16:59:48.742 sogod[6910] Note(SoObject): relative base URLs are
enabled.
2013-05-08 16:59:48.745 sogod[6910] ERROR(-[NGBundleManager bundleWithPath:]):
could not create bundle for path:
'/usr/local/GNUstep/System/Library/Libraries/gnustep-base/Versions/1.24/Resources/SSL.bundle'
2013-05-08 16:59:48.752 sogod[6910] WOCompoundElement: pool embedding is on.
2013-05-08 16:59:48.752 sogod[6910] WOCompoundElement: id logging is on.
May 08 16:59:48 sogod [6910]: <0x0x809dd61f8[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://<LDAP IP>:389
May 08 16:59:48 sogod [6910]: <0x0x809ed8b88[LDAPSource]> <NSException:
0x809dd10d8> NAME:LDAPException REASON:operation bind failed: Invalid
credentials (0x31) INFO:{login = "cn=sogo,ou=people,dc=example,dc=com"; }
May 08 16:59:48 sogod [6910]: SOGoRootPage Login from '<desktop IP>' for user
'sogo' might not have worked - password policy: 65535 grace: -1 expire: -1
bound: 0
May 08 16:59:48 sogod [6910]: |SOGo| request took 0.018914 seconds to execute
<DESKTOP IP> - - [08/May/2013:16:59:48 GMT] "POST /SOGo/connect HTTP/1.1" 403
34/56 0.021 - - -
At the present time, my sogo.conf file:
(PLEASE NOTE:
The IPs are replace with a <SERVER IP> and the domain replaced with
example.com.
I have had the sogo user in the ou of both my standard ou=people,
dc=example,dc=com and ou=users,dc=example,dc=com. They both failed in the same
way. I have verified the 'sogo' password repeatedly.
I have created a local sogo user with the same UID/GID to verify that it has
some idea of the sogo user without having to query LDAP. I have verified that
its password is 'sogo' as well, although this should not matter
I have had the bind password in the sogo.conf file with and without double
quotes surrounding it. What is it supposed to be? I've seen both in people's
configuration files.
)
{
/* ********************* Main SOGo configuration file
**********************
*
*
* Since the content of this file is a dictionary in OpenStep plist format,
*
* the curly braces enclosing the body of the configuration are mandatory.
*
* See the Installation Guide for details on the format.
*
*
*
* C and C++ style comments are supported.
*
*
*
* This example configuration contains only a subset of all available
*
* configuration parameters. Please see the installation guide more details.
*
*
*
* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file,
*
* make sure to move it away to avoid unwanted parameter overrides.
*
*
*
*
**************************************************************************/
SOGoProfileURL="postgresql://sogo:thisisfun@<DB
IP>:5432/sogo/sogo_user_profile";
OCSFolderInfoURL="postgresql://sogo:thisisfun@<DB
IP>:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL="postgresql://sogo:thisisfun@<DB
IP>.19:5432/sogo/sogo_sessions_folder";
SOGoDraftsFolderName = Drafts;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoIMAPServer = <MAIL IP>;
SOGoSMTPServer = <MAIL IP>;
SOGoMailDomain = example.comt;
SOGoMailingMechanism = smtp;
SOGoForceExternalLoginWithEmail = NO;
SOGoMailSpoolPath = /var/spool/mail;
SOGoAppointmentSendEMailNotifications = YES;
//NGImap4ConnectionStringSeparator = "/";
//SOGoACLsSendEMailNotifications = NO;
//SOGoSieveServer = sieve://127.0.0.1:4190;
/* Authentication */
SOGoPasswordChangeEnabled = YES;
/* LDAP authentication example */
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=cn;
baseDN="ou=people,dc=example,dc=com";
bindDN="cn=sogo,ou=users,dc=example,dc=com";
bindPassword="sogo";
canAuthenticate=YES;
displayName="Shared Addresses";
hostname=ldap://<LDAP IP>:389;
id=public;
isAddressBook=YES;
}
);
SOGoPageTitle = SOGo;
SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;
//SOGoSieveScriptsEnabled = YES;
/* General */
SOGoLanguage = English;
SOGoTimeZone = America/New_York;
SOGoCalendarDefaultRoles = (
PublicDAndTViewer,
ConfidentialDAndTViewer
);
//SOGoSuperUsernames = (sogo1, sogo2); //This is an array - keep the parens!
/* Debug */
SoDebugBaseURL = YES;
ImapDebugEnabled = YES;
LDAPDebugEnabled = YES;
SOGoDebugRequests = YES;
PGDebugEnabled = YES;
SOGoUIxDebugEnabled = YES;
WODontZipResponse = YES;
WOLogFile = /var/log/sogo/sogo.log;
}
--
[email protected]
https://inverse.ca/sogo/lists--
[email protected]
https://inverse.ca/sogo/lists
