Hello Paul,
it's very easy , for me i'm using LDAP through FREEIPA and here is my
configuration try to use it and tell me what is the status
> SOGoUserSources = (
> {
> type = ldap;
> CNFieldName = cn;
> IDFieldName = uid;
> UIDFieldName = uid;
> baseDN = "cn=users,cn=accounts,dc=mydomain,dc=com";
> bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
> bindPassword = P@ssw0rd2;
> canAuthenticate = YES;
> displayName = "Users";
> hostname = ldap://192.168.0.10:389;
> id =users;
> isAddressBook = YES;
> },
> {
> type = ldap;
> CNFieldName = cn;
> IDFieldName = cn;
> UIDFieldName = cn;
> baseDN = "cn=groups,cn=accounts,dc=mydomain,dc=com";
> bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
> bindPassword = P@ssw0rd2;
> canAuthenticate = YES;
> displayName = "Groups";
> hostname = ldap://192.168.0.10:389;
> id = groups;
> isAddressBook = YES;
> },
> {
> type = ldap;
> CNFieldName = cn;
> UIDFieldName = uid;
> IDFieldName = uid; // first field of the DN for direct binds
> bindFields = (uid, mail); // array of fields to use for indirect binds
> bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
> bindPassword = P@ssw0rd2;
> canAuthenticate = YES;
> hostname = ldap://192.168.0.10:389;
> id = public;
> isAddressBook = no;
> }
> );
>
On Sunday, July 7, 2019, 06:07:29 PM GMT+2, Webb, Paul <[email protected]>
wrote:
Hi all,
Just got a SOGo server set up, and I'm running MySQL as the back-end database.
On my (Ubuntu) server, its possible via SSSD/PAM/Winbind for Active Directory
users to log in to the server directly with their AD credentials.
I'm looking for a way to replicate this in SOGo. I could not find a way to
connect to the linux accounts on the server, so I then went down the path of
using LDAP as an authenticator for AD. Unfortunately, testing this connector
(debugging turned on, using tail -f /var/log/sogo/sogo.log as I try sample user
accounts) has proven difficult. In addition, I need the ability to have SOGo
check multiple OUs within the BaseDN, and this does not seem to be possible
within the current configuration framework of SOGo. I did try using
OU=%d,DN=domain,DN=local does not seem to work (?).
This leads to the question: Is there a way to get SOGo to look at the Linux
credentials as an authenticator? Example query:- IF an existing Linux user
exists AND their password matches- THEN authenticate them and reference/create
their profile in MySQL.
In this way you could then use the PAM/SSSD/Winbind connector between the Linux
server and Active Directory as a connector.
Thoughts?
Thanks!--Paul--
[email protected]
https://inverse.ca/sogo/lists
--
[email protected]
https://inverse.ca/sogo/lists
