On 08/07/15 18:06, "Hugo" <[email protected]> wrote:
>the one you authenticate with should be left as it was before, and you >should give them 2 different ID's. >furthermore, uid is not an email address. if you like to sort the users >out by email then say mail <> '[email protected]' instead of uid <> >'[email protected]'. even if you have set UIDFieldName = mail, that is >only an ldap attribute mapping. the ldap filter matches the real ldap >attributes, so you have to use the attribute 'mail' here. >you perhaps could also drop some of the defs that are not used by auth, >but I think they will be ignored anyway. > >something like: > > SOGoUserSources = ( > { > type = ldap; > hostname = "ldap://127.0.0.1:389";; > baseDN = "o=domains,dc=domain,dc=com"; > bindDN = "cn=vmailadmin,dc=domain,dc=com"; > bindPassword = “PASSWD"; > filter = "objectClass=mailUser AND accountStatus=active"; > scope = SUB; > userPasswordAlgorithm = ssha; > IDFieldName = mail; > bindFields = (mail); > CNFieldName = cn; > UIDFieldName = mail; > IMAPLoginFieldName = mail; > SearchFieldNames = (cn, sn, displayName, telephoneNumber, >mail, shadowAddress); > canAuthenticate = YES; > displayName = "LDAP Auth"; > id = ldap_auth; > isAddressBook = NO; > } > ); > SOGoUserSources = ( > { > type = ldap; > hostname = "ldap://127.0.0.1:389";; > baseDN = "o=domains,dc=domain,dc=com"; > bindDN = "cn=vmailadmin,dc=domain,dc=com"; > bindPassword = “PASSWD"; > filter = "objectClass=mailUser AND accountStatus=active >AND enabledService=mail AND mail <> ‘[email protected]' AND mail <> >’[email protected]'"; > scope = SUB; > userPasswordAlgorithm = ssha; > IDFieldName = mail; > bindFields = (mail); > CNFieldName = cn; > UIDFieldName = mail; > IMAPLoginFieldName = mail; > SearchFieldNames = (cn, sn, displayName, telephoneNumber, >mail, shadowAddress); > canAuthenticate = NO; > displayName = "Global Address Book"; > id = ldap_addressbook; > isAddressBook = YES; > } > ); > ####################### > >perhaps someone else who already tried this can also contribute? I last >used sogo with LDAP 3-4 years ago :) > >On 08.07.2015 15:32, Yavuz Maşlak wrote: >> >> >> On 08/07/15 14:48, "Hugo" <[email protected]> wrote: >> >>> you have to define two LDAP connections, one for the login auth, which >>> should be as it is now (filter unchanged), with: >>> >>> canAuthenticate = YES; >>> isAddressBook = NO; >>> >>> and another one for the address book only, where you set: >>> >>> canAuthenticate = NO; >>> isAddressBook = YES; >>> >>> >>> --->8--- >>> follow the documentation: >>> The filter to use for LDAP queries, it should be >>> defined as an EOQualifier. The following opera- >>> tors are supported: >>> <> – inequality operator >>> = – equality operator >>> Multiple qualifiers can be joined by using OR and AND, >>> they can also be grouped together by >>> using parenthesis. Attribute values should be >>> quoted to avoid unexpected behaviour. >>> For example: >>> filter = "(objectClass='mailUser' OR objectClass='mailGroup') AND >>> accountStatus='active' AND uid <> 'alice'"; >>> ---8<--- >>> >>> that means, the filter for the address book should be something like >>>this: >>> filter = "objectClass=mailUser AND accountStatus=active AND >>> enabledService=mail AND uid <> 'alice' AND uid <> 'bob'"; >>> >>> you have to substitute 'alice' and 'bob' with the UID of your LDAP >>>users >>> to be hidden. >>> >>> regards, >>> hugo.- >>> >>> On 08.07.2015 08:20, Yavuz Maşlak wrote: >>>> >>>> >>>> On 08/07/15 04:33, "Hugo" <[email protected]> wrote: >>>> >>>>> hi >>>>> maybe there's another approach, but I think you could use a filter >>>>>that >>>>> excludes those users from the search for the address book ldap >>>>> connection. something like: >>>>> >>>>>(&(objectClass=person)(mail=*)(!([email protected]))(!([email protected])) >>>>>) >>>>> of course, transformed into the sogo config style, see the docs for >>>>> that >>>>> http://www.sogo.nu/files/docs/SOGo%20Installation%20Guide.pdf >>>>> >>>>> >>>>> On 07.07.2015 22:52, Yavuz Maşlak wrote: >>>>>> Hello >>>>>> >>>>>> I installed sogo. I use ldap for user authentication. >>>>>> >>>>>> I want some accounts to be invisible from global address book. >>>>>> >>>>>> How can i do that ? >>>>>> >>>>>> Could you give me an example ? >>>>>> >>>>>> Thanks a lot >>>>> -- >>>>> [email protected] >>>>> https://inverse.ca/sogo/lists >>>> >>>> >>>> My sogo filter conf like below >>>> filter = "objectClass=mailUser AND accountStatus=active AND >>>> enabledService=mail”; >>>> >>>> If i add addition the expression you gave, filter = >>>> "objectClass=mailUser >>>> AND >>>> >>>>(&(objectClass=person)(mail=*)(!([email protected]))(!([email protected]))) >>>> AND accountStatus=active AND enabledService=mail"; >>>> I can not login as the SOGO my user begins not to work. So i had to >>>> remove >>>> the new expression. >>>> What can be the problem >>>> >>>> >>> -- >>> [email protected] >>> https://inverse.ca/sogo/lists >> >> Ok I added second Sogo source block something like below; >> SOGoUserSources = ( >> { >> type = ldap; >> hostname = "ldap://127.0.0.1:389";; >> baseDN = "o=domains,dc=domain,dc=com"; >> bindDN = "cn=vmailadmin,dc=domain,dc=com"; >> bindPassword = “PASSWD"; >> filter = "objectClass=mailUser AND accountStatus=active AND >> enabledService=mail AND uid <> ‘[email protected]' AND uid <> >> ’[email protected]'"; >> scope = SUB; >> userPasswordAlgorithm = ssha; >> IDFieldName = mail; >> bindFields = (mail); >> CNFieldName = cn; >> UIDFieldName = mail; >> IMAPLoginFieldName = mail; >> SearchFieldNames = (cn, sn, displayName, telephoneNumber, >> mail, shadowAddress); >> canAuthenticate = YES; >> displayName = "Global Address Book"; >> id = ldap_auth; >> isAddressBook = NO; >> } >> ); >> SOGoUserSources = ( >> { >> type = ldap; >> hostname = "ldap://127.0.0.1:389";; >> baseDN = "o=domains,dc=domain,dc=com"; >> bindDN = "cn=vmailadmin,dc=domain,dc=com"; >> bindPassword = “PASSWD"; >> filter = "objectClass=mailUser AND accountStatus=active AND >> enabledService=mail AND uid <> ‘[email protected]' AND uid <> >> ’[email protected]'"; >> scope = SUB; >> userPasswordAlgorithm = ssha; >> IDFieldName = mail; >> bindFields = (mail); >> CNFieldName = cn; >> UIDFieldName = mail; >> IMAPLoginFieldName = mail; >> SearchFieldNames = (cn, sn, displayName, telephoneNumber, >> mail, shadowAddress); >> canAuthenticate = NO; >> displayName = "Global Address Book"; >> id = ldap_auth; >> isAddressBook = YES; >> } >> ); >> ####################### >> >> But after sogo restarted, i can not login at sogo with my self account. >> >> How can i fix it? I put down the same filter settings. How should it be? >> >> Thanks >> >> >> >> >> >-- >[email protected] >https://inverse.ca/sogo/lists I updated both SOGoUserSources in sogo.conf But i can not login at https://server/SOGo now. I get an error; Jul 08 22:27:15 sogod [59467]: 10.212.141.254 "POST /SOGo/connect HTTP/1.1" 403 34/61 0.004 - - 0 Jul 08 22:27:21 sogod [59467]: SOGoRootPage Login from '10.212.141.254' for user ‘[email protected]' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 What can be the problem? -- [email protected] https://inverse.ca/sogo/lists
