First, start connecting LDAP with unencrypted LDAP, without !StartTLS .
It's possible 389ds is not configured to run StartTLS or baybe there is
a certificate trust problem.
Second, do not use DM account to read LDAP. Look here how to create
system account (example)
https://freeipa.xyz/a/3a29e627-6ff0-4ef4-9604-7c3a4c0af1cb
On 2025-02-21 01:26, Voilier Voilier (voilie...@yahoo.com) wrote:
Hello
My configuration
Linux Fedora 41 with SOGo 5.11.2 and LDAP '389-ds-base-3.1.1-3"
With the configuration to access to LDAP in Sogo :
SOGoPasswordChangeEnabled = YES;
/* LDAP authentication example */
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = uid; // first field of the DN for direct binds
bindFields = (uid, mail); // array of fields to use for
indirect binds
baseDN = "ou=users,dc=www,dc=xxxxx,dc=xxx";
bindDN = "cn=Directory Manager";
bindPassword = "xxxxxxxxx";
canAuthenticate = YES;
passwordPolicy = YES;
displayName = "Shared Addresses";
hostname = "ldap://127.0.0.1/";;
id = public;
isAddressBook = YES;
}
);
I can connect to Sogo with the user defined in the LDAP database but I
cannot change the password
If I replace hostname = "ldap://127.0.0.1/";; by hostname =
"ldap://127.0.0.1/????!StartTLS";; or hostname = "ldaps://127.0.0.1/";
The login in Sogo is not working
I have in LDAP log:
[20/Feb/2025:23:20:03.610460327 +0100] conn=12 fd=64 slot=64
connection from 127.0.0.1 to 127.0.0.1
[20/Feb/2025:23:20:03.610761436 +0100] conn=12 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="start_tls_plugin"
[20/Feb/2025:23:20:03.610897502 +0100] conn=12 op=0 RESULT err=0
tag=120 nentries=0 wtime=0.000150326 optime=0.000142930 etime=0.000289348
[20/Feb/2025:23:20:03.619519746 +0100] conn=12 TLS1.3 128-bit AES-GCM
[20/Feb/2025:23:20:03.619561201 +0100] conn=12 op=-1 fd=64
Disconnect - Bad Ber Tag or uncleanly closed connection - B1
and in sogo.log
Feb 20 23:20:03 sogod [46485]: 192.168.0.254 "POST
/SOGo/so/passwordRecoveryEnabled HTTP/1.1" 403 0/36 0.002 - - 0 - 11
Feb 20 23:20:03 sogod [46485]: [ERROR]
<0x0x5639f6593e90[LDAPSource]> Could not bind to the LDAP server
ldap://127.0.0.1/????!StartTLS (389) using the bind DN: cn=Directory
Manager
Feb 20 23:20:03 sogod [46485]: [ERROR]
<0x0x5639f6593e90[LDAPSource]> <NSException: 0x5639f6bb28a0>
NAME:LDAPException REASON:operation bind failed: Can't contact LDAP
server (0xFFFFFFFF) INFO: {"error_code" = "-1"; login =
"cn=Directory Manager"; }
Feb 20 23:20:03 sogod [46485]: SOGoRootPage Login from
'192.168.0.254' for user 'Bob' might not have worked - password
policy: 65535 grace: -1 expire: -1 bound: 0
Feb 20 23:20:03 sogod [46485]: 192.168.0.254 "POST /SOGo/connect
HTTP/1.1" 403 33/76 0.014 - - 0 - 11
If I try with "ldappasswd -Z -D 'cn=directory manager' -w xxxxxxxxxx
-S "uid=Bob,ou=users,dc=www,dc=xxxxxxxx,dc=xxxx" it's working
I don't know what to do.
help is welcome
Laurent
