HelloFirst, start connecting LDAP with unencrypted LDAP, Yes It's working
It's possible 389ds is not configured to run StartTLS or baybe there is a
certificate trust problem.
It's woorking with ldappasswd -Z so StartTLS is working alsoI try with and
admin account but the connection failed with SOGO before using the binding
[20/Feb/2025:23:20:03.619561201 +0100] conn=12 op=-1 fd=64 Disconnect - Bad Ber
Tag or uncleanly closed connection - B1
Laurent
On Friday, February 21, 2025 at 02:00:50 AM GMT+1, \"Alexey D. Filimonov\""
(ale...@filimonic.net) <users@sogo.nu> wrote:
First, start connecting LDAP with unencrypted LDAP, without !StartTLS . It's
possible 389ds is not configured to run StartTLS or baybe there is a
certificate trust problem.
Second, do not use DM account to read LDAP. Look here how to create system
account (example) https://freeipa.xyz/a/3a29e627-6ff0-4ef4-9604-7c3a4c0af1cb
On 2025-02-21 01:26, Voilier Voilier (voilie...@yahoo.com) wrote:
Hello My configuration Linux Fedora 41 with SOGo 5.11.2 and LDAP
'389-ds-base-3.1.1-3" With the configuration to access to LDAP in Sogo :
SOGoPasswordChangeEnabled = YES;
/* LDAP authentication example */
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = uid; // first field of the DN for direct binds
bindFields = (uid, mail); // array of fields to use for indirect binds
baseDN = "ou=users,dc=www,dc=xxxxx,dc=xxx";
bindDN = "cn=Directory Manager";
bindPassword = "xxxxxxxxx";
canAuthenticate = YES;
passwordPolicy = YES;
displayName = "Shared Addresses";
hostname = "ldap://127.0.0.1/";;
id = public;
isAddressBook = YES;
}
);
I can connect to Sogo with the user defined in the LDAP database but I cannot
change the password
If I replace hostname = "ldap://127.0.0.1/";; by hostname =
"ldap://127.0.0.1/????!StartTLS";; or hostname = "ldaps://127.0.0.1/"; The
login in Sogo is not working I have in LDAP log:
[20/Feb/2025:23:20:03.610460327 +0100] conn=12 fd=64 slot=64 connection from
127.0.0.1 to 127.0.0.1
[20/Feb/2025:23:20:03.610761436 +0100] conn=12 op=0 EXT
oid="1.3.6.1.4.1.1466.20037" name="start_tls_plugin"
[20/Feb/2025:23:20:03.610897502 +0100] conn=12 op=0 RESULT err=0 tag=120
nentries=0 wtime=0.000150326 optime=0.000142930 etime=0.000289348
[20/Feb/2025:23:20:03.619519746 +0100] conn=12 TLS1.3 128-bit AES-GCM
[20/Feb/2025:23:20:03.619561201 +0100] conn=12 op=-1 fd=64 Disconnect -
Bad Ber Tag or uncleanly closed connection - B1 and in sogo.log Feb 20
23:20:03 sogod [46485]: 192.168.0.254 "POST /SOGo/so/passwordRecoveryEnabled
HTTP/1.1" 403 0/36 0.002 - - 0 - 11
Feb 20 23:20:03 sogod [46485]: [ERROR] <0x0x5639f6593e90[LDAPSource]>
Could not bind to the LDAP server ldap://127.0.0.1/????!StartTLS (389) using
the bind DN: cn=Directory Manager
Feb 20 23:20:03 sogod [46485]: [ERROR] <0x0x5639f6593e90[LDAPSource]>
<NSException: 0x5639f6bb28a0> NAME:LDAPException REASON:operation bind failed:
Can't contact LDAP server (0xFFFFFFFF) INFO: {"error_code" = "-1"; login
= "cn=Directory Manager"; }
Feb 20 23:20:03 sogod [46485]: SOGoRootPage Login from '192.168.0.254' for
user 'Bob' might not have worked - password policy: 65535 grace: -1 expire:
-1 bound: 0
Feb 20 23:20:03 sogod [46485]: 192.168.0.254 "POST /SOGo/connect HTTP/1.1"
403 33/76 0.014 - - 0 - 11
If I try with "ldappasswd -Z -D 'cn=directory manager' -w xxxxxxxxxx -S
"uid=Bob,ou=users,dc=www,dc=xxxxxxxx,dc=xxxx" it's working
I don't know what to do. help is welcome Laurent
