On 14/01/15 15:02, Helder Ottoniel Gramajo Lopez wrote:
Hi,
I would like to enable the functionality "Change password at next login" in SOGo Webapp.
As I read from SOGo documentation, I understood that I need to enable "passwordPolicy" in
my LDAP user source in my Sogo.conf. Then I indicate to my LPAD which users must change their
password at login. When those users login in SOGo, it should appears a popup to request the new
password and after completed the password is changed.
I'm using Samba as LDAP controller and I've enabled "passwordPolicy" in my
sogo.conf however the users cannot login into SOGO webapp anymore. The SOGO shows the
following message:
Login failed due to unhandled error case: -1
The SOGo's log indicates the following error:
Jan 06 21:20:56 sogod [7174]: |SOGo| starting method 'POST' on uri
'/SOGo/connect'
Jan 06 21:20:56 sogod [7174]: |SOGo| traverse(acquire): SOGo => connect
Jan 06 21:20:56 sogod [7174]: |SOGo| do traverse name: 'SOGo'
Jan 06 21:20:56 sogod [7174]: |SOGo| do traverse name: 'connect'
Jan 06 21:20:56 sogod [7174]: |SOGo| set clientObject: <SOGo[0x0x7fb3e884d538]:
name=SOGo>
Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bbbfc8[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://127.0.0.1:389/
Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bc3748[NGLdapConnection]> Using
ldap_initialize for LDAP URL: ldap://127.0.0.1:389/
2015-01-06 21:20:56.485 sogod[7171] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base '' filter
'(objectClass=*)' for attrs 'subschemaSubentry'
2015-01-06 21:20:56.486 sogod[7171] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=com' filter
'(objectClass=*)' for attrs 'objectclasses'
2015-01-06 21:20:56.503 sogod[7171] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'cn=users,dc=example,dc=com' filter '(sAMAccountName=sogo1)' for attrs 'dn'
Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bbbfc8[NGLdapConnection]> bind -
ldap_result call result: 97
Jan 06 21:20:56 sogod [7174]: <0x0x7fb3e8bbbfc8[NGLdapConnection]> bind -
ldap_parse_result - ctrls is NULL
Jan 06 21:20:56 sogod [7174]: SOGoRootPage Login from '192.168.10.146' for user
'sogo1' might not have worked - password policy: -1 grace: -1 expire: -1 bound: 0
Jan 06 21:20:56 sogod [7174]: |SOGo| request took 0.050072 seconds to execute
192.168.10.146 - - [06/Jan/2015:21:20:56 GMT] "POST /SOGo/connect HTTP/1.1" 403
31/37 0.054 - - 464K
I've noticed that password policy has value -1 in the log, that means SOGo
can't retrieve the required information to login the user, I've been searching
on google for various days how to enable password policy in Samba LDAP or
implement the change password at login using Samba as LDAP backend, however I
haven't found any reference on the Internet, the examples I found only
mentions Open LDAP as backend. So I'm wondering If Samba LDAP support the
password policy to indicate if a user must change the password at login.
Otherwise could you give me an insight of how to implement this functionality.
Moreover I've enabled SOGoPasswordChangeEnabled in sogo.conf for users can
changes their password in SOGo and this option works well.
For my test, I'm using ZEG Virtualbox appliance that I've downloaded from
http://www.sogo.nu/downloads/zeg.html, I've modify the sogo.conf there.
The version is ZEG-2.2.13 that has the following package installed:
Ubuntu 14.04.1 LTS
SOGO 2.2.13
Samba 4.1.6-Ubuntu
Postfix 2.11.0
Dovecot 2.2.9
Thanks in advances
Helder Ottoniel Gramajo López
Digital Geko
Blvd. Los Próceres 24-69 z. 10
Zona Pradera Torre I of. 601
GUATEMALA
T. +(502) 2267 1107
OK, if you are running samba4 as an AD DC, you can investigate
'samba-tool domain passwordsettings --help' , this will show what can be
changed and how to do the changes. If you want to make your users change
their passwords at next logon, you need to set an attribute in the users
object in AD, you need to set the 'pwdLastSet' attribute to '0'.
Rowland
--
[email protected]
https://inverse.ca/sogo/lists
