Hi everyone,
Please help to configure authorization with LDAP server based on Windows Server 2016.
Recently I have configured SOGo with SQL (Postgres) authentication and it was able to login into SOGo web interface, but I have to migrate to Windows Server 2016 Active Directory and it became a huge challenge.
In order to perform this I did the following:
1) Deployed a Windows Server 2016 based domain "ldap.local" with default settings and created "user1" LDAP account and added domain controller administrator rights to this user.
2) Commented out the working SOGoUserSources settings for SQL and added SOGoUserSources LDAP settings for “user1” account instead according to official guide.
3) Changed SOGoSuperUsernames from postrgres to user1
But apparently these changes are not enough to correctly configure LDAP integration.
Any insights or suggestions would be greatly appreciated! Thank you very much for your precious time and help.
Below I will attach the logs I get when trying to authorize with LDAP "user1" account and contents of the “sogo.conf” file with functional SQL (postgres) authorization settings commented out and added SOGoUserSources LDAP settings for “user1” account instead:
May 07 05:50:49 sogod [152]: version 5.10.0 (build @localhost 202404270249) -- starting
May 07 05:50:49 sogod [152]: vmem size check enabled: shutting down app when vmem > 384 MB. Currently at 82 MB
May 07 05:50:49 sogod [152]: <0x0x55beb1c68aa0[SOGoProductLoader]> SOGo products loaded from '/usr/local/lib/GNUstep/SOGo':
May 07 05:50:49 sogod [152]: <0x0x55beb1c68aa0[SOGoProductLoader]> AdministrationUI.SOGo, Appointments.SOGo, CommonUI.SOGo, Contacts.SOGo, ContactsUI.SOGo, MailPartViewers.SOGo, Mailer.SOGo, MailerUI.SOGo, MainUI.SOGo, PreferencesUI.SOGo, SchedulerUI.SOGo
May 07 05:50:49 sogod [152]: <0x0x55beb1c68aa0[SOGoProductLoader]> SOGo products loaded from '/usr/lib/GNUstep/SOGo':
May 07 05:50:49 sogod [152]: <0x0x55beb1c68aa0[SOGoProductLoader]> AdministrationUI.SOGo, Appointments.SOGo, CommonUI.SOGo, Contacts.SOGo, ContactsUI.SOGo, MailPartViewers.SOGo, Mailer.SOGo, MailerUI.SOGo, MainUI.SOGo, PreferencesUI.SOGo, SchedulerUI.SOGo
May 07 05:50:49 sogod [152]: All products loaded - current memory usage at 91 MB
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> listening on 127.0.0.1:20000
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> watchdog process pid: 152
May 07 05:50:49 sogod [152]: <0x0x7f0b0b345420[WOWatchDogChild]> watchdog request timeout set to 10 minutes
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> preparing 8 children
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 153
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 154
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 155
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 156
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 157
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 158
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 159
May 07 05:50:49 sogod [152]: <0x0x55beb1c97a00[WOWatchDog]> child spawned with pid 160
May 07 05:50:49 sogod [156]: <0x0x55beb1f2e2e0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [153]: <0x0x55beb1f2e2c0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [155]: <0x0x55beb1f2e2c0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [159]: <0x0x55beb1f2e2d0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [158]: <0x0x55beb1f2e2d0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [157]: <0x0x55beb1f2dea0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [160]: <0x0x55beb1f2dea0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:49 sogod [154]: <0x0x55beb1f2dea0[WOHttpAdaptor]> notified the watchdog that we are ready
May 07 05:50:59 sogod [154]: |SOGo| starting method 'GET' on uri '/SOGo/'
May 07 05:50:59 sogod [154]: <0x0x55beb1f8bd30[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
May 07 05:50:59 sogod [154]: <0x0x55beb1f8bd30[SOGoCache]> Using host(s) '192.168.5.229' as server(s)
May 07 05:50:59 sogod [154]: [WARN] <0x0x7f0b0b363160[WOxElemBuilder]> could not locate builders: WOxExtElemBuilder,WOxExtElemBuilder
May 07 05:50:59 sogod [154]: |SOGo| request took 0.042288 seconds to execute
May 07 05:50:59 sogod [154]: 51.15.104.199, 192.168.5.9 "GET /SOGo/ HTTP/1.1" 200 9137/0 0.044 37167 75% 5M - 11
May 07 05:51:09 sogod [154]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
May 07 05:51:09 sogod [154]: <0x0x55beb1f8b890[LDAPSource]> <NSException: 0x55beb20f3800> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "uid=user1,ou=users,dc=ldap,dc=local"; }
May 07 05:51:09 sogod [154]: SOGoRootPage Login from '51.15.104.199, 192.168.5.9' for user 'user1' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
May 07 05:51:09 sogod [154]: |SOGo| request took 0.002991 seconds to execute
May 07 05:51:09 sogod [154]: 51.15.104.199, 192.168.5.9 "POST /SOGo/connect HTTP/1.1" 403 33/75 0.004 - - 960K - 11
May 07 05:51:09 sogod [154]: |SOGo| starting method 'POST' on uri '/SOGo/so/passwordRecoveryEnabled'
May 07 05:51:09 sogod [154]: |SOGo| request took 0.000299 seconds to execute
May 07 05:51:09 sogod [154]: 51.15.104.199, 192.168.5.9 "POST /SOGo/so/passwordRecoveryEnabled HTTP/1.1" 403 0/34 0.001 - - 0 - 11
sogo.conf:
{
SOGoProfileURL = "postgresql://postgres:Lenovo777@192.168.5.229:5432/sogo/sogo_user_profile";
OCSFolderInfoURL = "postgresql://postgres:Lenovo777@192.168.5.229:5432/sogo/sogo_folder_info";
OCSSessionsFolderURL = "postgresql://postgres:Lenovo777@192.168.5.229:5432/sogo/sogo_sessions_folder";
OCSAdminURL = "postgresql://postgres:Lenovo777@192.168.5.229:5432/sogo/sogo_admin_data";
SOGoLanguage = English;
SOGoPageTitle = "Webmail";
SOGoAppointmentSendEMailNotifications = NO;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = "smtp-relay.sendinblue.com";
SOGoSMTPAuthenticationType = "PLAIN"; // Or another suitable method like LOGIN
SOGoSMTPUsername = "adro...@yandex.ru";
SOGoSMTPPassword = "Password";
SOGoMailDomain = "yandex.ru";
SOGoMailsFrom = "adro...@yandex.ru";
SOGoSMTPPort = 587; // Common ports are 25, 465 (SSL), 587 (TLS)
SOGoSMTPConnectionType = "NONE"; // Options are "NONE", "SSL", "TLS", "STARTTLS"
SOGoTimeZone = UTC;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoDraftsFolderName = Drafts;
SOGoIMAPServer = "imaps://192.168.5.229:143/?tls=YES";
SOGoIMAPAclConformsToIMAPExt = NO;
SOGoVacationEnabled = NO;
SOGoForwardEnabled = NO;
SOGoSieveScriptsEnabled = YES;
SOGoFirstDayOfWeek = 0;
SOGoMailMessageCheck = manually;
SOGoMailAuxiliaryUserAccountsEnabled = NO;
SOGoMemcachedHost = 192.168.5.229;
WOWorkersCount = 8;
SOGoSuperUsernames = ( user1 );
/* SQL authentication */
// SOGoUserSources = (
// {
// type = sql;
// id = directory;
// viewURL = "postgresql://postgres:Password@192.168.5.229:5432/sogo/sogo_view";
// canAuthenticate = YES;
// isAddressBook = YES;
// displayName = "Shared Addresses";
// userPasswordAlgorithm = plain;
/* LDAP authentication */
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
IMAPHostFieldName = mailHost;
baseDN = "OU=users,DC=ldap,DC=local";
bindDN = "CN=user1,OU=users,OU=All,DC=ldap,DC=local";
bindPassword = "Lenovo777";
canAuthenticate = YES;
displayName = "Shared Addresses";
hostname = "ldap://192.168.5.78:389";
id = public;
isAddressBook = YES;
}
);
// Logging options
SOGoDebugRequests = YES;
SOGoDebugBaseURL = YES;
SOGoVacationEnabled = YES;
SOGoRefreshViewCheck = every_1_minutes;
SOGoRefreshViewOnForeground = YES;
SOGoMailReplyPlacement = below;
SOGoMailSignaturePlacement = below;
SOGoMailMessageForwarding = inline;
SOGoLoggingLevel = debug;
}
