Eslam, First, thank you for your response!
I used your LDAP configuration as a template, but I still cannot get it to work. As a test, I took the identical settings (via copy and paste) and added them into OpnSense as an additional authentication container (System >> Servers >> SOGo, if it matters) and then used the Test utility in there to try a valid user authentication. It worked fine. So I'm thinking I have something else going on? Here's what my sogo.log looks like. I've got Debugging turned on for all sections. Jul 08 14:14:31 sogod [28932]: |SOGo| request took 0.013332 seconds to execute Jul 08 14:14:31 sogod [28932]: 10.254.21.6 "GET /SOGo HTTP/1.1" 302 0/0 0.015 - - 2M Jul 08 14:14:31 sogod [28932]: |SOGo| starting method 'GET' on uri '/SOGo/' Jul 08 14:14:31 sogod [28932]: |SOGo| constructed root-url: /SOGo/ Jul 08 14:14:31 sogod [28932]: |SOGo| setting root-url in context: /SOGo/ Jul 08 14:14:31 sogod [28932]: |SOGo| ROOT baseURL(no container, name=(null)): own: /SOGo/ Jul 08 14:14:31 sogod [28932]: |SOGo| request took 0.019771 seconds to execute Jul 08 14:14:31 sogod [28932]: 10.254.21.6 "GET /SOGo/ HTTP/1.1" 200 27426/0 0.024 - - 748K Jul 08 14:15:20 sogod [28932]: |SOGo| starting method 'POST' on uri '/SOGo/connect' 2019-07-08 14:15:20.506 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'cwebb'; 2019-07-08 14:15:20.506 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> query has results, entering fetch-mode. Jul 08 14:15:20 sogod [28932]: SOGoRootPage Login from '10.254.21.6' for user 'cwebb' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Jul 08 14:15:20 sogod [28932]: |SOGo| request took 0.001323 seconds to execute Jul 08 14:15:20 sogod [28932]: 10.254.21.6 "POST /SOGo/connect HTTP/1.1" 403 34/64 0.003 - - 0 Jul 08 14:15:37 sogod [28932]: |SOGo| starting method 'POST' on uri '/SOGo/connect' 2019-07-08 14:15:37.334 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> SQL: SELECT c_password FROM sogo_users WHERE c_uid = '[email protected]'; 2019-07-08 14:15:37.335 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> query has results, entering fetch-mode. Jul 08 14:15:37 sogod [28932]: SOGoRootPage Login from '10.254.21.6' for user '[email protected]' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Jul 08 14:15:37 sogod [28932]: |SOGo| request took 0.001709 seconds to execute Jul 08 14:15:37 sogod [28932]: 10.254.21.6 "POST /SOGo/connect HTTP/1.1" 403 34/83 0.003 - - 0 Any and all help is appreciated! :-) -Paul On 7/7/2019 12:19 PM, Eslam Basyouni ([email protected]) wrote: > Hello Paul, > > it's very easy , for me i'm using LDAP through FREEIPA and here is my > configuration try to use it and tell me what is the status > > > SOGoUserSources = ( > > { > > type = ldap; > > CNFieldName = cn; > > IDFieldName = uid; > > UIDFieldName = uid; > > baseDN = "cn=users,cn=accounts,dc=mydomain,dc=com"; > > bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com"; > > bindPassword = P@ssw0rd2 <mailto:P@ssw0rd2>; > > canAuthenticate = YES; > > displayName = "Users"; > > hostname = ldap://192.168.0.10:389; > > id =users; > > isAddressBook = YES; > > }, > > { > > type = ldap; > > CNFieldName = cn; > > IDFieldName = cn; > > UIDFieldName = cn; > > baseDN = "cn=groups,cn=accounts,dc=mydomain,dc=com"; > > bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com"; > > bindPassword = P@ssw0rd2 <mailto:P@ssw0rd2>; > > canAuthenticate = YES; > > displayName = "Groups"; > > hostname = ldap://192.168.0.10:389; > > id = groups; > > isAddressBook = YES; > > }, > > { > > type = ldap; > > CNFieldName = cn; > > UIDFieldName = uid; > > IDFieldName = uid; // first field of the DN for direct binds > > bindFields = (uid, mail); // array of fields to use for indirect binds > > bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com"; > > bindPassword = P@ssw0rd2 <mailto:P@ssw0rd2>; > > canAuthenticate = YES; > > hostname = ldap://192.168.0.10:389; > > id = public; > > isAddressBook = no; > > } > > ); > > > > > > > > > > > > On Sunday, July 7, 2019, 06:07:29 PM GMT+2, Webb, Paul <[email protected]> > wrote: > > > Hi all, > > Just got a SOGo server set up, and I'm running MySQL as the back-end > database. > > On my (Ubuntu) server, its possible via SSSD/PAM/Winbind for Active > Directory users to log in to the server directly with their AD > credentials. > > I'm looking for a way to replicate this in SOGo. I could not find a > way to connect to the linux accounts on the server, so I then went > down the path of using LDAP as an authenticator for AD. Unfortunately, > testing this connector (debugging turned on, using tail -f > /var/log/sogo/sogo.log as I try sample user accounts) has proven > difficult. In addition, I need the ability to have SOGo check multiple > OUs within the BaseDN, and this does not seem to be possible within > the current configuration framework of SOGo. I did try using > OU=%d,DN=domain,DN=local does not seem to work (?). > > This leads to the question: Is there a way to get SOGo to look at the > Linux credentials as an authenticator? Example query: > - IF an existing Linux user exists AND their password matches > - THEN authenticate them and reference/create their profile in MySQL. > > In this way you could then use the PAM/SSSD/Winbind connector between > the Linux server and Active Directory as a connector. > > Thoughts? > > Thanks! > -- > Paul > -- > [email protected] > https://inverse.ca/sogo/lists > -- > [email protected] > https://inverse.ca/sogo/lists -- [email protected] https://inverse.ca/sogo/lists
pEpkey.asc
Description: application/pgp-keys
