General discussion on installation and configuration of SOGo

Text archives Help


[SOGo] LDAP group auth problems


Chronological Thread 
  • From: "Sean M. Pappalardo" < >
  • To:
  • Subject: [SOGo] LDAP group auth problems
  • Date: Fri, 29 Jun 2012 16:01:11 +0200
  • Organization: Renegade Technologies

Hello again.

I'm trying to set up a multi-domain SOGo system that uses LDAP groups for authentication (and as address books) and it's not authenticating at all. When I try to log in as a user in any domain with their correct password, I only get this in the log:
Jun 29 09:33:00 sogod [14894]: SOGoRootPage Login for user 'testuser' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
91.62.250.230 - - [29/Jun/2012:09:33:00 GMT] "POST /sogo/connect HTTP/1.1" 403 34/43 0.007 - - 0

What am I doing wrong??

The LDAP hierarchy:

dc=example,dc=com
o=Company & Associates
cn=Everyone <- (dynamic) groupOfNames
cn=Region1 <- (dynamic) groupOfNames
o=Main Company
cn=Everyone <- (dynamic) groupOfNames
ou=users
uid=testuser <- comes up in both C&A groups above
ou=address books
uid=testuser2 <- comes up in MC group above
cn=sogo <- system user

The relevant .GNUStepDefaults section:
sogod domains '{
example1 = {
SOGoMailDomain = example1.net;
SOGoTimeZone = America/Chicago;
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
abOU = "ou=address books";
baseDN = "o=Company & Associates,dc=example,dc=com";
bindDN = "cn=sogo,ou=users,dc=example,dc=com";
bindPassword = "secret";
canAuthenticate = YES;
displayName = "All personnel";
hostname = localhost;
id = example1_everyone;
isAddressBook = YES;
port = 389;
type = ldap;
}
);
};
example = {
SOGoMailDomain = example.com;
SOGoTimeZone = Europe/Berlin;
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
abOU = "ou=address books";
baseDN = "o=Main Company,dc=example,dc=com";
bindDN = "cn=sogo,ou=users,dc=example,dc=com";
bindPassword = "secret";
canAuthenticate = YES;
displayName = Everyone;
hostname = localhost;
id = example_everyone;
isAddressBook = YES;
port = 389;
type = ldap;
}
);
};
}'

If I set SOGOUserSources to just use ou=users,dc=example,dc=com then it authenticates, but it lets all users connect to the first domain. I tried using a filter in conjunction with that (o=Main Company, since the user records have o attribues) but that doesn't have any effect. (I think the filter aspect might be broken.)

Thank you for any help or references you can provide.

(And I must add that using .GNUStepDefaults via 'defaults write' is really messy for domain use. I have to re-define all domains (and escape spaces and other special characters) every time I want to change anything. Seems to me that a standard .conf file would make a ton more sense and be less error prone.)

Sincerely,
Sean M. Pappalardo
begin:vcard
fn:Sean M. Pappalardo
n:Pappalardo;Sean
org:Renegade Technologies
email;internet:
 
title:Sr. Networks Engineer
tel;work:630-631-6188
x-mozilla-html:FALSE
url:http://www.renegadetech.com
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



  • [SOGo] LDAP group auth problems, Sean M. Pappalardo, 06/29/2012

Archive powered by MHonArc 2.6.18.

Top of page