General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] OpenLDAP password change


Chronological Thread 
  • From: Donny Brooks < >
  • To:
  • Subject: Re: [SOGo] OpenLDAP password change
  • Date: Tue, 03 Aug 2010 16:53:04 -0500

On 7/28/2010 2:44 PM, Donny Brooks wrote:
On 5/27/2010 9:32 AM, Donny Brooks wrote:
On Thursday, May 27, 2010 08:30 AM CDT, Ludovic Marcotte< > wrote:

Donny Brooks wrote:
I am running both the SOGo and OpenLDAP machines on Centos 5.4, and yes they are separate machines. My openldap is version openldap-2.3.43-12.el5 on my LDAP server. My sogo version is sogo-1.2_20100505-1.el5 from the yum repository and it's ldap version is openldap-2.3.43-3.el5.

If you use the password policy code, you'll have to run a very recent
version of OpenLDAP (v2.4.17 and up) server/client libraries.
Futhermore, you'll have to recompile the sope49-ldap package to link
them to the recent OpenLDAP libraries.

The reason for all of this is that the password policy code is
relatively buggy in OpenLDAP and it's still a changing target (ie., the
specification is still in draft stage). SOGo (or rather, our
modifications to sope49-ldap) makes use of the ldap control object which
is tied to the innards of OpenLDAP.

We eventually plan to provide OpenLDAP RPMs for RHEL v5 (i386 and
x86_64) for those who want to use it on this platform and update the
documentation accordingly for its usage.

Regards,

--
Ludovic Marcotte

:: +1.514.755.3630 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)



So I need to update my SOGo *AND* OpenLDAP machines to 2.4.17 or greater correct? Should I also upgrade my mail server or does that really matter since it isn't dealing with anything but authentication. Thanks for the insight. It has been working just fine until I implemented the password policy stuff. So that makes perfect sense.



Ok, I have the ldap server setup to use openldap-2.4.21 on fedora 13. I am still getting the following lines in the ldap.log and sogo.log. These are unedited incase I cut something I didn't need to. Plus it is only accessible internally so I think I am ok.

ldap.log
Jul 28 14:13:30 ldap slapd[977]: conn=1160 fd=14 ACCEPT from IP=10.8.3.220:35117 (IP=0.0.0.0:389)
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 BIND dn="uid=dbrooks,ou=people,dc=mdah,dc=state,dc=ms,dc=us" method=128
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 BIND dn="uid=dbrooks,ou=People,dc=mdah,dc=state,dc=ms,dc=us" mech=SIMPLE ssf=0
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 RESULT tag=97 err=0 text=
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 EXT oid=1.3.6.1.4.1.4203.1.11.1
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 PASSMOD id="uid=dbrooks,ou=people,dc=mdah,dc=state,dc=ms,dc=us" old new
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 RESULT oid= err=50 text=
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=2 UNBIND
Jul 28 14:13:30 ldap slapd[977]: conn=1160 fd=14 closed

sogo.log
Jul 28 13:13:30 sogod: SOGo watchdog [14124]: <0x0x109aee10[NGLdapConnection]> change password - ldap_find_control call failed
127.0.0.1 - - [28/Jul/2010:13:13:30 GMT] "POST /SOGo/so/changePassword HTTP/1.1" 204 0/74 0.006 - - 0

Does the sogo machine need to have the updated openldap also? Or just the ldap server? Any pointers are VERY welcome.


Donny B.

Anyone have an idea? If I have to update openldap on the sogo box also I may as well change from centos 5.5 to fedora 13.



Archive powered by MHonArc 2.6.16.

Top of page