Moving on through the LDAP authentication fun.....
I'm checking the sogo log file as things are just bombing out on the Web GUI
after I authenticate.....
May 08 18:46:56 sogod [10652]: <0x0x809e18e28[SOGoCache]> an error occurred
when caching value for key 'sogo+attributes': "SERVER HAS FAILED AND IS
DISABLED UNTIL TIMED RETRY"
May 08 18:46:56 sogod [10652]: <0x0x809e9a248[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://<LDAP IP>:389
2013-05-08 18:46:56.070 sogod[10652] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search with at base <C0><A4>N^C^H
filter <C0><A4>N^C^H for attrs <C0>OM^C^H
May 08 18:46:56 sogod [10652]: <0x0x809e18e28[SOGoCache]> an error occurred
when caching value for key 'sogo+attributes': "SERVER HAS FAILED AND IS
DISABLED UNTIL TIMED RETRY"
May 08 18:46:56 sogod [10652]: <0x0x809e18e28[SOGoCache]> an error occurred
when caching value for key 'sogo@<domina>+attributes': "SERVER HAS FAILED AND
IS DISABLED UNTIL TIMED RETRY"
2013-05-08 18:46:56.083 sogod[10652] PG0x0x809d27b08 SQL: BEGIN TRANSACTION
A quick web search and this is the evil "memcached is not communicating" error
that is out there.
A quick ps shows that no memcached is running.....
A quick listing of the installed packages.... ls -sald /var/db/pkg/mem*
Only returns libmemcached-1.0.7_1..... (the library function calls to
memcached....) No memcached installed.... (Mr. Bill: Oh No!!! Calling Jim
Riggs... Jim, there's a dependency missing from the port or something is
causing it to not be installed...)
Install it:
cd /usr/ports/databases/memcached <RET>
make install <RET>
vi /etc/rc.conf <RET>
add the entry: memcached_enable="YES"
save and exit.
Start memcached....
/usr/local/etc/rc.d/memcached start <RET>
(Yay! It runs....)
Attempt another login from the Web GUI and check the logs.....
May 09 09:41:58 sogod [58117]: <0x0x809e52a68[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://<LDAP IP>:389
May 09 09:41:58 sogod [58117]: SOGoRootPage successful login from '<DEKSTOP
IP>' for user 'sogo' - expire = -1 grace = -1
2013-05-09 09:41:58.685 sogod[58117] PG0x0x8087fd7c8 SQL: BEGIN TRANSACTION
2013-05-09 09:41:58.685 sogod[58117] PG0x0x8087fd7c8 SQL: SELECT
t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM
sogo_sessions_folder t1 WHERE t1.c_id='jRbriIikLbZ7Z0CgXdjZTw=='
2013-05-09 09:41:58.685 sogod[58117] PG0x0x8087fd7c8 SQL: ROLLBACK TRANSACTION
2013-05-09 09:41:58.685 sogod[58117] PG0x0x809d27b08 SQL: BEGIN TRANSACTION
2013-05-09 09:41:58.686 sogod[58117] PG0x0x809d27b08 SQL: INSERT INTO
sogo_sessions_folder (c_value, c_lastseen, c_creationdate, c_id) VALUES
('3reKxCiH7CtKMrbbYlPo9N95pO/AGushJWFq5LUm9lAdtV0NxF8NFxu3pQQSeedOdzucN6VgK+4h/nbSjaYHdJeT6f0kWE6wjLT0T+QfhR2ay1J/CUcEicw9oZo1u1JPTHzM5NDOqaFs9GtRF8awA5kp7qKKIEisbGphMvHz2xTdHVvLAAHURfSe7OddXwJjysIqT82WswZL5oIWt+U+WA==',
1368106918, 1368106918, 'jRbriIikLbZ7Z0CgXdjZTw==')
2013-05-09 09:41:58.686 sogod[58117] PG0x0x809d27b08 SQL: COMMIT TRANSACTION
May 09 09:41:58 sogod [58117]: <0x0x809e9ad38[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://<LDAP IP>:389
2013-05-09 09:41:58.700 sogod[58117] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search with at base <A0><93>N^C^H
filter <C0><A4>N^C^H for attrs <C0>OM^C^H
2013-05-09 09:41:58.708 sogod[58117] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter
<C0><A4>N^C^H for attrs <C0>OM^C^H
2013-05-09 09:41:58.718 sogod[58117] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search with at base <C0><A4>N^C^H
filter <C0><A4>N^C^H for attrs <C0>OM^C^H
2013-05-09 09:41:58.724 sogod[58117] PG0x0x8087fd7c8 SQL: SELECT c_defaults
FROM sogo_user_profile WHERE c_uid = 'sogo'
2013-05-09 09:41:58.725 sogod[58117] PG0x0x809d27b08 SQL: BEGIN TRANSACTION
2013-05-09 09:41:58.725 sogod[58117] PG0x0x809d27b08 SQL: UPDATE
sogo_user_profile SET c_defaults = '{"SOGoLanguage": "English"}' WHERE
c_uid = 'sogo'
2013-05-09 09:41:58.725 sogod[58117] PG0x0x809d27b08 SQL: COMMIT TRANSACTION
May 09 09:41:58 sogod [58117]: [WARN] <0x0x809e51c88[SOGoWebDAVAclManager]>
entry '{DAV:}write' already exists in DAV permissions table
May 09 09:41:58 sogod [58117]: [WARN] <0x0x809e51c88[SOGoWebDAVAclManager]>
entry '{DAV:}write-properties' already exists in DAV permissions table
May 09 09:41:58 sogod [58117]: [WARN] <0x0x809e51c88[SOGoWebDAVAclManager]>
entry '{DAV:}write-content' already exists in DAV permissions table
2013-05-09 09:41:58.734 sogod[58117] PG0x0x8087fd7c8 SQL: SELECT c_settings
FROM sogo_user_profile WHERE c_uid = 'sogo'
May 09 09:41:58 sogod [58117]: |SOGo| request took 0.114106 seconds to execute
172.24.0.4 - - [09/May/2013:09:41:58 GMT] "POST /SOGo/connect HTTP/1.1" 200
27/56 0.117 - - -
May 09 09:41:58 sogod [58117]: |SOGo| starting method 'GET' on uri '/SOGo/sogo'
May 09 09:41:58 sogod [58117]: |SOGo| request took 0.000915 seconds to execute
172.24.0.4 - - [09/May/2013:09:41:58 GMT] "GET /SOGo/sogo HTTP/1.1" 302 0/0
0.001 - - -
May 09 09:41:58 sogod [58117]: |SOGo| starting method 'GET' on uri
'/SOGo/sogo/view'
Wow... No SERVER FAIL errors!!! Yay!!! (Kicks down this door quickly....
runs to the next.....)
P.
________________________________
From: Paul Pathiakis <[email protected]>
To: "[email protected]" <[email protected]>
Sent: Thursday, May 9, 2013 10:08 AM
Subject: Re: [SOGo] FreeBSD port - LDAP authentication
The next issue that I've run into about LDAP....
Since I use the ou=people instead of users, there's some issues.
1) Always put the sogo in the ou where your users live.... in my case:
ou=people,cn=example,cn=com. The reason for this is that SOGo seems to get
confused when doing it's binding/lookups.
2) Always make sure your sogo.conf parameters reflect this and you understand
the 'why?' of LDAP and entry searching.
As shown below, mine looked like this:
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=cn;
baseDN="ou=people,dc=example,dc=com";
bindDN="cn=sogo,ou=users,dc=example,dc=com";
bindPassword="sogo";
canAuthenticate=YES;
displayName="Shared Addresses";
hostname=ldap://<LDAP IP>:389;
id=public;
isAddressBook=YES;
}
);
It now looks like this: (Why? Well, due to something that may be in the
parsing code, I found that baseDN and bindDN seems to have an issue as to where
the user lives. It seems that the ou of people and users were unexpectedly
(probably due to my stupidity) searched in the wrong location. Also, I noticed
that my UIDFieldName was set to cn and not uid. Also, when SOGo went to look
for the "*FieldName" variables, it went looking in the ou=users container (at
least it seemed so in the logs) and not the ou=people container. - solution was
to make sure that the sogo was in the ou=people so that everything was
checked/verified/looked up in the right
ou.)
SOGoUserSources = (
{
type=ldap;
CNFieldName=cn;
IDFieldName=cn;
UIDFieldName=uid;
baseDN="ou=people,dc=example,dc=com";
bindDN="cn=sogo,ou=people,dc=example,dc=com";
bindPassword="sogo";
canAuthenticate=YES;
displayName="Shared Addresses";
hostname=ldap://<LDAP IP>:389;
id=public;
isAddressBook=YES;
}
);
I have, finally, gotten by the LDAP authentication issue of the 'sogo' account
binding to the LDAP server.
(Door opens and we go through... :-) )
P.
________________________________
--
[email protected]
https://inverse.ca/sogo/lists
