[SOGo] Resources and Adressbooks, restrictions

Tue, 15 Oct 2013 05:18:00 -0700

Hello
I m playing with the filter attribute to restrict the access to the webmail :
my SogoSources i
SOGoUserSources = (
    {
      type = ldap;
      CNFieldName = cn;
      IDFieldName = uid;
      UIDFieldName = uid;
      baseDN = "dc=examplel,dc=com";
      bindDN = "cn=nobody,cn=internal,dc=example,dc=com";
      bindPassword = "password";
      canAuthenticate = YES;
      bindFields=(uid);
      hostname = ldap://192.168.10.1:389;
      SearchFieldNames=(uid,cn,sn,givenname,mail);
      filter="memberOf='cn=WEBMAIL,ou=FR,dc=examplel,dc=com&# 39;";
      id = auth;
     displayName = "global"
      isAddressBook = YES;
      userPasswordAlgorithm = SSHA;
    }

With this User source the access if effectively restricted by the LDAP group . A user inside the group can
authenticate and a user who doesn t belongs to the group can't . But ....
the filter is used too for autocompletion and i can t see the users who are not in the LDAP group

I modified the User source and added another one :
SOGoUserSources = (
    {
      type = ldap;
      CNFieldName = cn;
      IDFieldName = uid;
      UIDFieldName = uid;
      baseDN = "dc=examplel,dc=com";
       bindDN = "cn=nobody,cn=internal,dc=example,dc=com";
      bindPassword = "password";
      canAuthenticate = YES;
      bindFields=(uid);
      hostname = ldap://192.168.10.1:389;
      SearchFieldNames=(uid,cn,sn,givenname,mail);
      filter="memberOf='cn=WEBMAIL,ou=FR,dc=examplel,dc=com'";
      id = auth;
      isAddressBook = NO;                  <--------------
      userPasswordAlgorithm = SSHA;
    },
 {
      type = ldap;
      CNFieldName = cn;
  &n bsp;   IDFieldName = uid;
      UIDFieldName = uid;
      baseDN = "dc=example,dc=com";
      bindDN = "cn=nobody,cn=internal,dc=example,dc=com";
      bindPassword = "password";
      canAuthenticate = NO;
      hostname = ldap://192.168.10.1:389;
      SearchFieldNames=(uid,cn,sn,givenname,mail);
      id = public;
      displayName = "Global";
      isAddressBook = YES;
    }


With this configuration the authentication still works as espected and i can see now in the global address book all the users and for the autocompletion. but ....
When i add an evenat with attendees , if the attende e is not in the LDAPgroup who restricts the access the freebusy doesn t work ( on the interface i see th etime line in pink like a user who is external)
and for a ressource i can t validate the windows the button "OK" has not effect.

Seems for freebusy works ONLY if the user is in a SOURCES who has the canAuthenticate = YES
tha i think is restrictive a user could be filtered for the authentication but must HAVE all the functionalities after he is authenticated

this is a bug ? or there are another setting to put for this case ?

Alain
Regards

 

Reply via email to