Hi Christian, Good catch. I forgot to mention that I editted my samba.conf to allow non SSL ldap traffic. I tested/verified that by connecting to my Samba server with an LDAP editor (non-ssl) and it worked.
So, will SOGo work unencrypted? Thanks! Keith On Tue, Apr 9, 2019 at 3:12 PM Christian Naumer <[email protected]> wrote: > Iam not 100% sure but you connect without ssl/TLS I don't know if Samba > AD permits this. > We use LDAPS and it works. You then need to configure > /etc/openldap/ldap.conf to accept your certificates. > > Regards > > Christian > > Am 09.04.19 um 17:16 schrieb Keith Howard ([email protected]): > > Hello, > > > > I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and > > SOGo 4.0.7 (nightly RPMs). > > > > sogo.conf: > > > > { > > /* ********************* Main SOGo configuration file > > ********************** > > > > * > > * > > * Since the content of this file is a dictionary in OpenStep plist > > format, * > > * the curly braces enclosing the body of the configuration are > > mandatory. * > > * See the Installation Guide for details on the > > format. * > > > > * > > * > > * C and C++ style comments are > > supported. * > > > > * > > * > > * This example configuration contains only a subset of all > > available * > > * configuration parameters. Please see the installation guide more > > details. * > > > > * > > * > > * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this > > file, * > > * make sure to move it away to avoid unwanted parameter > > overrides. * > > > > * > > * > > * > > > **************************************************************************/ > > > > /* Database configuration (mysql:// or postgresql://) */ > > SOGoProfileURL = > > "mysql://sogo:<redacted>@localhost:3306/sogo/sogo_user_profile"; > > OCSFolderInfoURL = "mysql://sogo: <redacted> > > @localhost:3306/sogo/sogo_folder_info"; > > OCSSessionsFolderURL = "mysql://sogo: <redacted> > > @localhost:3306/sogo/sogo_sessions_folder"; > > > > /* Mail */ > > SOGoDraftsFolderName = Drafts; > > SOGoSentFolderName = Sent; > > SOGoTrashFolderName = Trash; > > SOGoIMAPServer = localhost; > > SOGoSieveServer = sieve://127.0.0.1:4190; > > SOGoSMTPServer = 127.0.0.1; > > SOGoMailDomain = medinaco.lan; > > SOGoMailingMechanism = smtp; > > //SOGoForceExternalLoginWithEmail = NO; > > //SOGoMailSpoolPath = /var/spool/sogo; > > //NGImap4ConnectionStringSeparator = "/"; > > > > /* Notifications */ > > //SOGoAppointmentSendEMailNotifications = NO; > > //SOGoACLsSendEMailNotifications = NO; > > //SOGoFoldersSendEMailNotifications = NO; > > > > /* Authentication */ > > //SOGoPasswordChangeEnabled = YES; > > > > /* LDAP authentication example */ > > //SOGoUserSources = ( > > // { > > // type = ldap; > > // CNFieldName = cn; > > // UIDFieldName = uid; > > // IDFieldName = uid; // first field of the DN for direct binds > > // bindFields = (uid, mail); // array of fields to use for indirect > > binds > > // baseDN = "dc=medinaco,dc=lan"; > > // bindDN = "uid=sogo,ou=users,dc=acme,dc=com"; > > // bindPassword = qwerty; > > // canAuthenticate = YES; > > // displayName = "Shared Addresses"; > > // hostname = ldap://127.0.0.1:389; > > // id = public; > > // isAddressBook = YES; > > // } > > //); > > > > /* LDAP AD/Samba4 example */ > > SOGoUserSources = ( > > { > > type = ldap; > > CNFieldName = cn; > > IDFieldName = sAMAccountName; > > UIDFieldName = sAMAccountName; > > baseDN = "CN=Users,DC=medinaco,DC =lan"; > > bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan"; > > bindFields = (sAMAccountName,mail,userPrincipalName); > > bindPassword = <redacted> ; > > canAuthenticate = YES; > > displayName = "Public"; > > hostname = "ldap://localhost";; > > id = public; > > isAddressBook = YES; > > scope = SUB; > > > > } > > ); > > > > > > /* SQL authentication example */ > > /* These database columns MUST be present in the view/table: > > * c_uid - will be used for authentication - it's the username or > > [email protected]) > > * c_name - which can be identical to c_uid - will be used to > > uniquely identify entries > > * c_password - password of the user, plain-text, md5 or sha encoded > > for now > > * c_cn - the user's common name - such as "John Doe" > > * mail - the user's mail address > > * See the installation guide for more details > > */ > > //SOGoUserSources = > > // ( > > // { > > // type = sql; > > // id = directory; > > // viewURL = "postgresql:// > sogo:[email protected]:5432/sogo/sogo_view"; > > // canAuthenticate = YES; > > // isAddressBook = YES; > > // userPasswordAlgorithm = md5; > > // } > > // ); > > > > /* Web Interface */ > > SOGoPageTitle = SOGo; > > SOGoVacationEnabled = YES; > > SOGoForwardEnabled = YES; > > SOGoSieveScriptsEnabled = YES; > > //SOGoMailAuxiliaryUserAccountsEnabled = YES; > > //SOGoTrustProxyAuthentication = NO; > > //SOGoXSRFValidationEnabled = YES; > > > > /* General - SOGoTimeZone *MUST* be defined */ > > SOGoLanguage = English; > > SOGoTimeZone = America/New_York; > > //SOGoCalendarDefaultRoles = ( > > // PublicDAndTViewer, > > // ConfidentialDAndTViewer > > //); > > SOGoSuperUsernames = (khoward); // This is an array - keep the parens! > > SxVMemLimit = 1000; > > //WOPidFile = "/var/run/sogo/sogo.pid"; > > SOGoMemcachedHost = "/var/run/memcached.sock"; > > > > /* Debug */ > > //SOGoDebugRequests = YES; > > //SoDebugBaseURL = YES; > > //ImapDebugEnabled = YES; > > //LDAPDebugEnabled = YES; > > //PGDebugEnabled = YES; > > //MySQL4DebugEnabled = YES; > > //SOGoUIxDebugEnabled = YES; > > //WODontZipResponse = YES; > > //WOLogFile = /var/log/sogo/sogo.log; > > } > > ***** END SOGO.CONF***** > > > > The sogod service starts, and I goto http://medinaco.lan/SOGo, to which > I > > am presented with the SOGo login page. > > I attempt to login and receive a wrong username or password error. > > > > In my sogo.log: > > 2019-04-09 11:10:39.298 sogod[17938:17938] Creating NGLdapConnection > > instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan' > > Apr 09 11:10:39 sogod [17938]: SOGoRootPage Login from '172.16.42.253' > for > > user 'khoward' might not have worked - password policy: 65535 grace: -1 > > expire: -1 bound: 0 > > Apr 09 11:10:39 sogod [17938]: 172.16.42.253 "POST /SOGo/connect > HTTP/1.1" > > 403 34/67 0.046 - - 40K > > > > I can login to mariadb using sogo user/pass and view/edit tables. > > I can login to Windows authenticating with SAMBA AD username/password. > > > > I don't know what else to do to get this to work. > > Could someone assist me with this? > > > > Thanks. > > > > Keith > > > > -- > Dr. Christian Naumer > Research Scientist > Plattform-Koordinator Bioprozesstechnik > > B.R.A.I.N Aktiengesellschaft > Darmstaedter Str. 34-36, D-64673 Zwingenberg > e-mail [email protected], homepage www.brain-biotech.de > fon +49-6251-9331-30 / fax +49-6251-9331-11 > > Sitz der Gesellschaft: Zwingenberg/Bergstrasse > Registergericht AG Darmstadt, HRB 24758 > Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender, > Ludger Roedder > Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen > -- > [email protected] > https://inverse.ca/sogo/lists > -- [email protected] https://inverse.ca/sogo/lists
