Hi Christian,
Herewith my SOGoUserSources. I have tried different combinations without
any luck. Should I perhaps try clearing the SOGo database after each change?
*/etc/sogo/sogo.conf :*
....
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = "sAMAccountName";
baseDN = "DC=test,DC=com,DC=na";
bindDN = "[email protected]";
bindFields = (sAMAccountName);
bindPassword = s3LDg9p3p8iQEtb;
canAuthenticate = YES;
displayName = "Test Domain";
hostname = ldap://127.0.0.1:389;
filter = "mail = '*'";
id = directory;
isAddressBook = YES;
}
);
...
Regards,
Jacques
On Mon, Nov 16, 2015 at 11:18 AM, Christian Mack <
[email protected]> wrote:
> Am 15.11.2015 um 12:25 schrieb Jacques Serfontein:
> > Hi,
> >
> > I seem to be having some trouble with the "sogo-tool expire-autoreply"
> and
> > Dovecot's master user (sogo) when using the "sAMAccountName" instead of
> the
> > "mail" attribute in the LDAP passdb with "auth_bind=yes".
> >
> > The idea is that users should only be able to authenticate with their
> user
> > name and not their email address, and everything seems to be working
> quite
> > well, except for the the above mentioned.
> >
> > As far as I can tell, the master user successfully authenticates, but
> then
> > does a lookup in the userdb, but using the wrong filter, ie. "(mail=%u)"
> > instead of "(sAMAccountName=%u)".
> >
> > If I change the passdb filter to match the userdb filter, then it seems
> to
> > work, but that means users have to use their email address to
> authenticate,
> > which is not what is desired.
> >
> > Please note that I am using an up to date version of SOGo (2.3.3) without
> > OpenChange (for now) from the Inverse repository on Debian Jessie (8.2)
> and
> > Samba AD (4.1.18).
> >
> >
> > *doveconf -n :*
> > auth_debug = yes
> > auth_debug_passwords = yes
> > auth_mechanisms = plain login
> > auth_verbose = yes
> > lda_mailbox_autocreate = yes
> > lda_mailbox_autosubscribe = yes
> > mail_debug = yes
> > managesieve_notify_capability = mailto
> > managesieve_sieve_capability = fileinto reject envelope encoded-character
> > vacation subaddress comparator-i;ascii-numeric relational regex
> imap4flags
> > copy include variables body enotify environment mailbox date ihave
> > namespace inbox {
> > inbox = yes
> > location =
> > mailbox Drafts {
> > auto = subscribe
> > special_use = \Drafts
> > }
> > mailbox Sent {
> > auto = subscribe
> > special_use = \Sent
> > }
> > mailbox "Sent Messages" {
> > auto = no
> > special_use = \Sent
> > }
> > mailbox Spam {
> > auto = create
> > special_use = \Junk
> > }
> > mailbox Trash {
> > auto = subscribe
> > special_use = \Trash
> > }
> > prefix =
> > separator = /
> > subscriptions = yes
> > }
> > passdb {
> > args = /etc/dovecot/dovecot-ldap-passdb.conf
> > driver = ldap
> > }
> > passdb {
> > args = /etc/dovecot/dovecot.passwd
> > driver = passwd-file
> > master = yes
> > }
> > protocols = imap sieve
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0660
> > user = postfix
> > }
> > unix_listener auth-master {
> > group = vmail
> > mode = 0600
> > user = vmail
> > }
> > }
> > service imap-login {
> > inet_listener imaps {
> > port = 0
> > }
> > }
> > service managesieve-login {
> > inet_listener sieve {
> > address = 127.0.0.1 ::1
> > }
> > }
> > ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
> > ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
> > userdb {
> > args = /etc/dovecot/dovecot-ldap-userdb.conf
> > driver = ldap
> > }
> > protocol lda {
> > auth_socket_path = /var/run/dovecot/auth-master
> > mail_plugins = sieve
> > postmaster_address = postmaster
> > }
> > protocol imap {
> > mail_max_userip_connections = 20
> > }
> >
> > */etc/dovecot/dovecot-ldap-userdb.conf :*
> >
> > hosts = localhost:3268
> > dn = [email protected]
> > dnpass = s3LDg9p3p8iQEtb
> > base = dc=test,dc=com,dc=na
> > ldap_version = 3
> > scope = subtree
> > deref = never
> > user_filter = (&(mail=%u)(objectClass=user))
> > user_attrs =
> >
> =uid=vmail,=gid=vmail,sAMAccountName=home=/home/vmail/%L$,=mail=maildir:~/Maildir
> >
> > */etc/dovecot/dovecot-ldap-passdb.conf :*
> >
> > hosts = localhost:3268
> > dn = [email protected]
> > dnpass = s3LDg9p3p8iQEtb
> > base = dc=test,dc=com,dc=na
> > ldap_version = 3
> > scope = subtree
> > deref = never
> > auth_bind = yes
> > pass_filter = (&(sAMAccountName=%u)(objectClass=user))
> > pass_attrs = mail=user
> >
> > */usr/sbin/sogo-tool expire-autoreply -p /etc/sogo/sieve.creds :*
> >
> > <0x0x195a7d0[SOGoCache]> Cache cleanup interval set every 300.000000
> seconds
> > <0x0x195a7d0[SOGoCache]> Using host(s) 'localhost' as server(s)
> > <0x0x1b35730[SOGoSieveManager]> Could not login 'user1' on Sieve server:
> > <0x0x1b38050[NGSieveClient]: socket=<NGActiveSocket[0x0x1b41810]: mode=rw
> > address=<0x0x1b448d0[NGInternetSocketAddress]: host=localhost.localdomain
> > port=50775> connectedTo=<0x0x1b3c840[NGInternetSocketAddress]:
> > host=127.0.0.1 port=4190>>>: {RawResponse = "{ok = 0; reason = \"Internal
> > error occurred. Refer to server log for more information.\"; }"; result =
> > 0; }
> > 2015-11-15 13:07:19.299 sogo-tool[2282] An error occured while removing
> > auto-reply of user user1
> >
> > *tail -f /var/log/mail.log -n 20 :*
> >
> > Nov 15 13:06:45 server dovecot: master: Dovecot v2.2.13 starting up for
> > imap, sieve (core dumps disabled)
> > Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from
> > directory: /usr/lib/dovecot/modules/auth
> > Nov 15 13:07:19 server dovecot: auth: Debug: Loading modules from
> > directory: /usr/lib/dovecot/modules/auth
> > Nov 15 13:07:19 server dovecot: auth: Debug: Module loaded:
> > /usr/lib/dovecot/modules/auth/libauthdb_ldap.so
> > Nov 15 13:07:19 server dovecot: auth: Debug: Read auth token secret from
> > /var/run/dovecot/auth-token-secret.dat
> > Nov 15 13:07:19 server dovecot: auth: Debug: passwd-file
> > /etc/dovecot/dovecot.passwd: Read 1 users in 0 secs
> > Nov 15 13:07:19 server dovecot: auth: Debug: auth client connected
> > (pid=2285)
> > Nov 15 13:07:19 server dovecot: auth: Debug: client in:
> >
> AUTH#0111#011PLAIN#011service=sieve#011secured#011session=TYbPS5IkVwB/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=4190#011rport=50775#011resp=dXNlcjEAc29nbwAxNjI1MzQ=
> > (previous base64 data may contain sensitive data)
> > Nov 15 13:07:19 server dovecot: auth: Debug:
> > passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user lookup
> > for login: user1
> > Nov 15 13:07:19 server dovecot: auth: Debug:
> > passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): lookup: user=sogo
> > file=/etc/dovecot/dovecot.passwd
> > Nov 15 13:07:19 server dovecot: auth:
> > passwd-file(sogo,127.0.0.1,master,<TYbPS5IkVwB/AAAB>): Master user
> logging
> > in as user1
> > Nov 15 13:07:19 server dovecot: auth: Debug: client passdb out:
> > OK#0111#011user=user1#011original_user=sogo#011auth_user=sogo
> > Nov 15 13:07:19 server dovecot: auth: Debug: master in: REQUEST#
> > 0112634809345#0112285#
> > 0111#01122a6282271e31a1cf70f940ed9a08aca#011session_pid=2287
> > Nov 15 13:07:19 server dovecot: auth: Debug:
> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user search:
> > base=dc=test,dc=com,dc=na scope=subtree
> > filter=(&(mail=user1)(objectClass=user)) fields=sAMAccountName
> > Nov 15 13:07:19 server dovecot: auth: Debug:
> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): no fields returned by the
> server
> > Nov 15 13:07:19 server dovecot: auth:
> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): unknown user
> > Nov 15 13:07:19 server dovecot: auth: Error:
> > ldap(user1,127.0.0.1,<TYbPS5IkVwB/AAAB>): user not found from userdb
> > Nov 15 13:07:19 server dovecot: auth: Debug: master userdb out: NOTFOUND#
> > 0112634809345
> > Nov 15 13:07:19 server dovecot: managesieve: Error: Authenticated user
> not
> > found from userdb, auth lookup id=2634809345 (client-pid=2285
> client-id=1)
> > Nov 15 13:07:19 server dovecot: managesieve-login: Internal login failure
> > (pid=2285 id=1) (internal failure, 1 successful auths): user=<user1>,
> > method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=2287, secured,
> > session=<TYbPS5IkVwB/AAAB>
> >
> >
> > Any help and or suggestions would be greatly appreciated.
> >
>
> Check your /etc/sogo/sogo.conf.
> In your SOGoUserSources section you have to set IDFieldName,
> UIDFieldName, IMAPLoginFieldName and bindFields according to your needs.
>
>
> Kind regards,
> Christian Mack
>
> --
> Christian Mack
> Universität Konstanz
> Kommunikations-, Informations-, Medienzentrum (KIM)
> Abteilung Basisdienste
> 78457 Konstanz
> +49 7531 88-4416
>
>
--
[email protected]
https://inverse.ca/sogo/lists
