On 13/04/16 10:04, Patrick Rauter ([email protected]) wrote:
at least I have found the settings for SAMBA4 to re enable simple bind
and SOGo is working again.
ldap server require strong auth = no
But this is somehow contrarious to the security update to prevent
MITM-Attacks...
So the question remains, is it possible to use SOGo with SASLAuth.
I have been busy reading about the changes Canonical plan to make to
SAMBA on Ubuntu 14.04 LTS from next Tuesday (19th April) to assess the
impact for our customers. My understanding from the release notes
(https://www.samba.org/samba/history/samba-4.3.8.html) of the version
they are planning to upgrade to leads me to believe the LDAP
authentication will continue to work if you use TLS.
From the SOGo manual, the syntax for this in sogo.conf is:
hostname = ldap://127.0.0.1/????!StartTLS;
(This assumes SAMBA is on the same box as SOGo but otherwise adjust the
IP address/hostname.)
This should operate correctly with either "ldap server require strong
auth = yes" (new default) or "ldap server require strong auth =
allow_sasl_over_tls" in your smb.conf and provide the MITM protection.
I am not in a position to be able to test this today, so it would be
great if you could and report back?
--
[email protected]
https://inverse.ca/sogo/lists
