[SOGo] SOGo authentication with LDAP (UCS) not working

"Benjamin Kurschies" Mon, 16 Feb 2026 03:37:59 -0800

Hi all,

 
I’ve got a problem getting SOGo “talk” to my LDAP server – I’ve got some basic 
knowledge but I’m by far no expert, so any idea what went wrong would be 
appreciated.


 
Just for the background: I’m running a UCS Server with kopano for my Family – 
about 10 mail boxes. Since kopano is not supported on UCS any more (at least 
not for free), I want to replace it with something else. Only requirement: it 
must support Active-Sync (my parents would kill me if they cannot use their 
outlook app 😉). So the idea was born to to use SOGo on top of UCS, Dovecot and 
Postfix. Current test setup: Server 1 with UCS LDAP & AD, Server 2 with UCS 
LDAP, Postfix and Dovecot, Server 3 with Debian 13 (Trixie) and SOGo.

 
The Logfile (trying to login via web):

Feb 16 10:43:33 sogod [36771]: <0x0x55caadbfd5a0[NGLdapConnection]> Using 
ldap_initialize for LDAP URL: ldap://10.15.0.1:7389

Feb 16 10:43:33 sogod [36771]: <0x0x55caae267fa0[NGLdapConnection]> Using 
ldap_initialize for LDAP URL: ldap://10.15.0.1:7389

2026-02-16 10:43:33.483 sogod[36771:36771] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base '' filter 
'(objectClass=*)' for attrs 'subschemaSubentry'

2026-02-16 10:43:33.483 sogod[36771:36771] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 'cn=Subschema' 
filter '(objectClass=*)' for attrs 'objectclasses'

2026-02-16 10:43:33.515 sogod[36771:36771] -[NGLdapConnection 
_searchAtBaseDN:qualifier:attributes:scope:]: search at base 
'ou=users,dc=ldap,dc=example,dc=com' filter 
'(&(uid=user1)(objectClass=person)(mailPrimaryAddress=*))' for attrs 'dn'

Feb 16 10:43:33 sogod [36771]: SOGoRootPage Login from '10.15.2.1' for user 
'user1' might not have worked - password policy: 65535  grace: -1  expire: -1  
bound: 0

 
 
The Config:

SOGoUserSources = (

        {

            type = ldap;

            id = users;

            canAuthenticate = YES;

            isAddressBook = NO;

            displayName = "LDAP Authentication";

 
            hostname = "ldap://10.15.0.1:7389";;

            baseDN = "ou=users,dc=ldap,dc=example,dc=com";

            bindDN = "uid=vmail,cn=users,dc=ldap,dc=example,dc=com";

            bindPassword = "password";

            filter = "objectClass=person AND mailPrimaryAddress='*'";

            scope = SUB;

 
            bindAsCurrentUser = YES;

 
            CNFieldName = cn;

            IDFieldName = uid;

            UIDFieldName = uid;

            IMAPLoginFieldName = uid;

            MailFieldNames = (mailPrimaryAddress);

            bindFields = (uid);

        },

        {

            type = ldap;

            id = global_addressbook;

            canAuthenticate = NO;

            isAddressBook = YES;

            displayName = "Global Address Book";

            bindAsCurrentUser = YES;

 
            listRequiresDot = NO;

 
            hostname = "ldap://10.15.0.1:7389";;

            baseDN = "dc=ldap,dc=example,dc=com";

            bindDN = "uid=vmail,cn=users,dc=ldap,dc=example,dc=com";

            bindPassword = "password";

            filter = "objectClass=person AND mailPrimaryAddress='*'";

            scope = SUB;

 
            IDFieldName = uid;

            bindFields = (uid);

            UIDFieldName = uid;

            IMAPLoginFieldName = uid;

 
            CNFieldName = cn;

            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, 
shadowAddress, departmentNumber);

 
        }

    );

 
Ldapsearch output:

ldapsearch -x -H ldap://ldap.example.com:7389 -D 
'uid=vmail,cn=users,dc=ldap,dc=example,dc=com' -b 
'cn=users,dc=ldap,dc=example,dc=com' -w "password" 
'(&(uid=user1)(objectClass=person)(mailPrimaryAddress=*))'

# extended LDIF

#

# LDAPv3

# base <cn=users,dc=ldap,dc=example,dc=com> with scope subtree

# filter: (&(uid=user1)(objectClass=person)(mailPrimaryAddress=*)) 

# requesting: ALL

#

 
# user1, users, ldap.example.de

dn: uid=user1,cn=users,dc=ldap,dc=example,dc=com

krb5MaxLife: 86400

krb5MaxRenew: 604800

uid: user1

uidNumber: 2015

givenName: test

sn: user1

gecos: test user1

displayName: test user1

homeDirectory: /home/user1

loginShell: /bin/bash

univentionMailHomeServer: srv02.ldap.example.com

mailPrimaryAddress:[email protected] <mailto:[email protected]> 

mailForwardCopyToSelf: 0

univentionObjectIdentifier: a3631e3d-266c-4342-9005-b89e1f96cedc

univentionMailUserQuota: 0

cn: test user1

krb5PrincipalName:[email protected]

sambaBadPasswordCount: 0

sambaAcctFlags: [U          ]

objectClass: univentionObject

objectClass: krb5Principal

objectClass: posixAccount

objectClass: sambaSamAccount

objectClass: organizationalPerson

objectClass: person

objectClass: inetOrgPerson

objectClass: univentionPWHistory

objectClass: shadowAccount

objectClass: krb5KDCEntry

objectClass: automount

objectClass: top

objectClass: univentionMail

gidNumber: 5001

sambaPrimaryGroupSID: S-1-5-21-1299172284-2437626162-3948588380-513

univentionObjectType: users/user

sambaSID: S-1-5-21-1299172284-2437626162-3948588380-1118

shadowLastChange: 20498

 
# search result

search: 2

result: 0 Success

 
# numResponses: 2

# numEntries: 1

 
Ldapwhoami (just to check the login is correct)

ldapwhoami -x -w "Test123" -D "uid=user1,cn=users,dc=ldap,dc=example,dc=com"  
-H ldap://ldap.example.com:7389                                                 
                                dn:uid=user1,cn=users,dc=ldap,dc=example,dc=com

[SOGo] SOGo authentication with LDAP (UCS) not working

Reply via email to