Iam not 100% sure but you connect without ssl/TLS I don't know if Samba AD permits this. We use LDAPS and it works. You then need to configure /etc/openldap/ldap.conf to accept your certificates.
Regards Christian Am 09.04.19 um 17:16 schrieb Keith Howard ([email protected]): > Hello, > > I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and > SOGo 4.0.7 (nightly RPMs). > > sogo.conf: > > { > /* ********************* Main SOGo configuration file > ********************** > > * > * > * Since the content of this file is a dictionary in OpenStep plist > format, * > * the curly braces enclosing the body of the configuration are > mandatory. * > * See the Installation Guide for details on the > format. * > > * > * > * C and C++ style comments are > supported. * > > * > * > * This example configuration contains only a subset of all > available * > * configuration parameters. Please see the installation guide more > details. * > > * > * > * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this > file, * > * make sure to move it away to avoid unwanted parameter > overrides. * > > * > * > * > **************************************************************************/ > > /* Database configuration (mysql:// or postgresql://) */ > SOGoProfileURL = > "mysql://sogo:<redacted>@localhost:3306/sogo/sogo_user_profile"; > OCSFolderInfoURL = "mysql://sogo: <redacted> > @localhost:3306/sogo/sogo_folder_info"; > OCSSessionsFolderURL = "mysql://sogo: <redacted> > @localhost:3306/sogo/sogo_sessions_folder"; > > /* Mail */ > SOGoDraftsFolderName = Drafts; > SOGoSentFolderName = Sent; > SOGoTrashFolderName = Trash; > SOGoIMAPServer = localhost; > SOGoSieveServer = sieve://127.0.0.1:4190; > SOGoSMTPServer = 127.0.0.1; > SOGoMailDomain = medinaco.lan; > SOGoMailingMechanism = smtp; > //SOGoForceExternalLoginWithEmail = NO; > //SOGoMailSpoolPath = /var/spool/sogo; > //NGImap4ConnectionStringSeparator = "/"; > > /* Notifications */ > //SOGoAppointmentSendEMailNotifications = NO; > //SOGoACLsSendEMailNotifications = NO; > //SOGoFoldersSendEMailNotifications = NO; > > /* Authentication */ > //SOGoPasswordChangeEnabled = YES; > > /* LDAP authentication example */ > //SOGoUserSources = ( > // { > // type = ldap; > // CNFieldName = cn; > // UIDFieldName = uid; > // IDFieldName = uid; // first field of the DN for direct binds > // bindFields = (uid, mail); // array of fields to use for indirect > binds > // baseDN = "dc=medinaco,dc=lan"; > // bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; > // bindPassword = qwerty; > // canAuthenticate = YES; > // displayName = "Shared Addresses"; > // hostname = ldap://127.0.0.1:389; > // id = public; > // isAddressBook = YES; > // } > //); > > /* LDAP AD/Samba4 example */ > SOGoUserSources = ( > { > type = ldap; > CNFieldName = cn; > IDFieldName = sAMAccountName; > UIDFieldName = sAMAccountName; > baseDN = "CN=Users,DC=medinaco,DC =lan"; > bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan"; > bindFields = (sAMAccountName,mail,userPrincipalName); > bindPassword = <redacted> ; > canAuthenticate = YES; > displayName = "Public"; > hostname = "ldap://localhost";; > id = public; > isAddressBook = YES; > scope = SUB; > > } > ); > > > /* SQL authentication example */ > /* These database columns MUST be present in the view/table: > * c_uid - will be used for authentication - it's the username or > [email protected]) > * c_name - which can be identical to c_uid - will be used to > uniquely identify entries > * c_password - password of the user, plain-text, md5 or sha encoded > for now > * c_cn - the user's common name - such as "John Doe" > * mail - the user's mail address > * See the installation guide for more details > */ > //SOGoUserSources = > // ( > // { > // type = sql; > // id = directory; > // viewURL = "postgresql://sogo:[email protected]:5432/sogo/sogo_view"; > // canAuthenticate = YES; > // isAddressBook = YES; > // userPasswordAlgorithm = md5; > // } > // ); > > /* Web Interface */ > SOGoPageTitle = SOGo; > SOGoVacationEnabled = YES; > SOGoForwardEnabled = YES; > SOGoSieveScriptsEnabled = YES; > //SOGoMailAuxiliaryUserAccountsEnabled = YES; > //SOGoTrustProxyAuthentication = NO; > //SOGoXSRFValidationEnabled = YES; > > /* General - SOGoTimeZone *MUST* be defined */ > SOGoLanguage = English; > SOGoTimeZone = America/New_York; > //SOGoCalendarDefaultRoles = ( > // PublicDAndTViewer, > // ConfidentialDAndTViewer > //); > SOGoSuperUsernames = (khoward); // This is an array - keep the parens! > SxVMemLimit = 1000; > //WOPidFile = "/var/run/sogo/sogo.pid"; > SOGoMemcachedHost = "/var/run/memcached.sock"; > > /* Debug */ > //SOGoDebugRequests = YES; > //SoDebugBaseURL = YES; > //ImapDebugEnabled = YES; > //LDAPDebugEnabled = YES; > //PGDebugEnabled = YES; > //MySQL4DebugEnabled = YES; > //SOGoUIxDebugEnabled = YES; > //WODontZipResponse = YES; > //WOLogFile = /var/log/sogo/sogo.log; > } > ***** END SOGO.CONF***** > > The sogod service starts, and I goto http://medinaco.lan/SOGo, to which I > am presented with the SOGo login page. > I attempt to login and receive a wrong username or password error. > > In my sogo.log: > 2019-04-09 11:10:39.298 sogod[17938:17938] Creating NGLdapConnection > instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan' > Apr 09 11:10:39 sogod [17938]: SOGoRootPage Login from '172.16.42.253' for > user 'khoward' might not have worked - password policy: 65535 grace: -1 > expire: -1 bound: 0 > Apr 09 11:10:39 sogod [17938]: 172.16.42.253 "POST /SOGo/connect HTTP/1.1" > 403 34/67 0.046 - - 40K > > I can login to mariadb using sogo user/pass and view/edit tables. > I can login to Windows authenticating with SAMBA AD username/password. > > I don't know what else to do to get this to work. > Could someone assist me with this? > > Thanks. > > Keith > -- Dr. Christian Naumer Research Scientist Plattform-Koordinator Bioprozesstechnik B.R.A.I.N Aktiengesellschaft Darmstaedter Str. 34-36, D-64673 Zwingenberg e-mail [email protected], homepage www.brain-biotech.de fon +49-6251-9331-30 / fax +49-6251-9331-11 Sitz der Gesellschaft: Zwingenberg/Bergstrasse Registergericht AG Darmstadt, HRB 24758 Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender, Ludger Roedder Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen -- [email protected] https://inverse.ca/sogo/lists
