Hello pathiaki
Am 2013-05-08 23:20, schrieb pathia...@yahoo.com:
>
> Well, we made it through the first hurdle in the thread Installation and
> Configuration.
>
> Again, the setup:
>
> FreeBSD 9.1
> LDAP 2.4.35
> PostGreSQL 9.2
> SOGO 2.0.5
>
> (All the services are on separate machines)
>
> Here's the second one concerning LDAP authentication.
>
> It doesn't seem to want to bind.
>
> I can bind anonymously with the pam_ldap service and with the sogo user from
> the command line to the remote ldap service. However, when trying to login
> from the SOGO Web GUI, I get the 'Wrong User Name or Password" error.
>
> The sogo log file has:
>
< ... >
> May 08 16:59:48 sogod [6910]: <0x0x809dd61f8[NGLdapConnection]> Using
> ldap_initialize for LDAP URL: ldap://<LDAP IP>:389
> May 08 16:59:48 sogod [6910]: <0x0x809ed8b88[LDAPSource]> <NSException:
> 0x809dd10d8> NAME:LDAPException REASON:operation bind failed: Invalid
> credentials (0x31) INFO:{login = "cn=sogo,ou=people,dc=example,dc=com"; }
> May 08 16:59:48 sogod [6910]: SOGoRootPage Login from '<desktop IP>' for user
> 'sogo' might not have worked - password policy: 65535 grace: -1 expire: -1
> bound: 0
< ... >
> I have had the sogo user in the ou of both my standard ou=people,
> dc=example,dc=com and ou=users,dc=example,dc=com. They both failed in the
> same
> way. I have verified the 'sogo' password repeatedly.
>
> I have created a local sogo user with the same UID/GID to verify that it has
> some idea of the sogo user without having to query LDAP. I have verified that
> its password is 'sogo' as well, although this should not matter
>
> I have had the bind password in the sogo.conf file with and without double
> quotes surrounding it. What is it supposed to be? I've seen both in
> people's
> configuration files.
>
Better use double quotes around it.
It will work without them, if you don't special characters in the password.
< ... >
> /* LDAP authentication example */
> SOGoUserSources = (
> {
> type=ldap;
> CNFieldName=cn;
> IDFieldName=cn;
> UIDFieldName=cn;
> baseDN="ou=people,dc=example,dc=com";
> bindDN="cn=sogo,ou=users,dc=example,dc=com";
> bindPassword="sogo";
> canAuthenticate=YES;
> displayName="Shared Addresses";
> hostname=ldap://<LDAP IP>:389;
> id=public;
> isAddressBook=YES;
> }
> );
>
You specify in this part of the configuration, that SOGo shall always
bind as "cn=sogo,ou=users,dc=example,dc=com" and search for the user
given on the login.
Does that user have the necessary privileges for that in LDAP?
Your tests only showed, that you can bind as that user.
But if you can't search for users, then this will be for SOGo as if the
searched user is not in LDAP at all.
That's just a guess though.
Kind regards,
Christian Mack
--
Christian Mack
Gruppe Informationsdienste
Rechenzentrum Universität Konstanz
--
users@sogo.nu
https://inverse.ca/sogo/lists
