Hi, I would like to enable the functionality "Change password at next login" in SOGo Webapp. As I read from SOGo documentation, I understood that I need to enable "passwordPolicy" in my LDAP user source in my Sogo.conf. Then I indicate to my LPAD which users must change their password at login. When those users login in SOGo, it should appears a popup to request the new password and after completed the password is changed.
I'm using Samba as LDAP controller and I've enabled "passwordPolicy" in my sogo.conf however the users cannot login into SOGO webapp anymore. The SOGO shows the following message: Login failed due to unhandled error case: -1 The SOGo's log indicates the following error: Jan 06 21:20:56 sogod [7174]: |SOGo| starting method 'POST' on uri '/SOGo/connect' Jan 06 21:20:56 sogod [7174]: |SOGo| traverse(acquire): SOGo => connect Jan 06 21:20:56 sogod [7174]: |SOGo| do traverse name: 'SOGo' Jan 06 21:20:56 sogod [7174]: |SOGo| do traverse name: 'connect' Jan 06 21:20:56 sogod [7174]: |SOGo| set clientObject: <SOGo[0x0x7fb3e884d538]: name=SOGo> Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bbbfc8[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389/ Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bc3748[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389/ 2015-01-06 21:20:56.485 sogod[7171] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base '' filter '(objectClass=*)' for attrs 'subschemaSubentry' 2015-01-06 21:20:56.486 sogod[7171] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=com' filter '(objectClass=*)' for attrs 'objectclasses' 2015-01-06 21:20:56.503 sogod[7171] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'cn=users,dc=example,dc=com' filter '(sAMAccountName=sogo1)' for attrs 'dn' Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bbbfc8[NGLdapConnection]> bind - ldap_result call result: 97 Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bbbfc8[NGLdapConnection]> bind - ldap_parse_result - ctrls is NULL Jan 06 21:20:56 sogod [7174]: SOGoRootPage Login from '192.168.10.146' for user 'sogo1' might not have worked - password policy: -1 grace: -1 expire: -1 bound: 0 Jan 06 21:20:56 sogod [7174]: |SOGo| request took 0.050072 seconds to execute 192.168.10.146 - - [06/Jan/2015:21:20:56 GMT] "POST /SOGo/connect HTTP/1.1" 403 31/37 0.054 - - 464K I've noticed that password policy has value -1 in the log, that means SOGo can't retrieve the required information to login the user, I've been searching on google for various days how to enable password policy in Samba LDAP or implement the change password at login using Samba as LDAP backend, however I haven't found any reference on the Internet, the examples I found only mentions Open LDAP as backend. So I'm wondering If Samba LDAP support the password policy to indicate if a user must change the password at login. Otherwise could you give me an insight of how to implement this functionality. Moreover I've enabled SOGoPasswordChangeEnabled in sogo.conf for users can changes their password in SOGo and this option works well. For my test, I'm using ZEG Virtualbox appliance that I've downloaded from http://www.sogo.nu/downloads/zeg.html, I've modify the sogo.conf there. The version is ZEG-2.2.13 that has the following package installed: Ubuntu 14.04.1 LTS SOGO 2.2.13 Samba 4.1.6-Ubuntu Postfix 2.11.0 Dovecot 2.2.9 Thanks in advances Helder Ottoniel Gramajo López Digital Geko Blvd. Los Próceres 24-69 z. 10 Zona Pradera Torre I of. 601 GUATEMALA T. +(502) 2267 1107 -- [email protected] https://inverse.ca/sogo/lists
