General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Sogo with Active Directory


Chronological Thread 
  • From: "Daniel Müller" < >
  • To: ,
  • Subject: Re: [SOGo] Sogo with Active Directory
  • Date: Fri, 27 Jul 2012 08:19:17 +0200

So your sogo user can login your ADS.
The next step would be, can sogo communicate with SOGos database?
Do you use postgresql or mysql? Is your apache installation as it should.
And do not use sieve in the first run. Try it later when everything else is
working. Is your Dovecot working with your ads:
telnet your.dovecot.server 143
login username password
This shoul show up: * Dovecot ready

Good Luck
Daniel

-------- Original-Nachricht --------
> Datum: Thu, 26 Jul 2012 15:34:10 +0200
> Von: Nicolas Cauchie
> < >
> An:
>
> Betreff: Re: [SOGo] Sogo with Active Directory

> Le 26/07/2012 15:07, "Daniel Müller" a écrit :
> > http://www.sogo.nu/files/docs/SOGo%20Installation%20Guide.pdf
> > Is the user sogo established in your ADS?
> > Can you logon to your ADS with sogo and the password? If you succed with
> this you can go on.
> >
> > Compare and you will see what is missing:
> > SOGoUserSources =
> > (
> > {
> > type = ldap;
> > CNFieldName = cn;
> > IDFieldName = cn;
> > UIDFieldName = sAMAccountName;
> > baseDN = "cn=Users,dc=acme,dc=com";
> > bindDN = "cn=sogo,cn=Users,dc=acme,dc=com";
> > bindFields = (sAMAccountName);
> > bindPassword = qwerty;
> > canAuthenticate = YES;
> > displayName = "Active Directory";
> > hostname = 10.0.0.1;
> > id = directory;
> > isAddressBook = YES;
> > port = 389; <---sometimes you use SSL, you need to change???
> > }
> > );
> >
> > -------- Original-Nachricht --------
> >> Datum: Thu, 26 Jul 2012 12:05:40 +0200
> >> Von: Nicolas Cauchie
> >> < >
> >> An:
> >>
> >> Betreff: Re: [SOGo] Sogo with Active Directory
> >> Le 26/07/2012 09:41, Nicolas Cauchie a écrit :
> >>> Le 25/07/2012 20:40, "Daniel Müller" a écrit :
> >>>> If your users can logon to your ADs and your email-server with the
> same
> >> password and user credentials than they can logon to SOGo.
> >>>> Just find out the right uids for your users
> >>>> -------- Original-Nachricht --------
> >>>>> Datum: Wed, 25 Jul 2012 10:29:51 -0400 (EDT)
> >>>>> Von:
> >>>>> An:
> >>>>> Betreff: [SOGo] Sogo with Active Directory
> >>>>> Hi All !
> >>>>>
> >>>>> I've just installed a Debian 6.0.5 to create a SOGo server.
> >>>>>
> >>>>> I already have an Active Directory wich works fine.
> >>>>>
> >>>>> I've done all configuration of SOGo, but I can't login with an
> account
> >> of
> >>>>> my
> >>>>> AD.
> >>>>>
> >>>>> Here's my config file (I deleted configs that I thank useless) :
> >>>>>
> >>>>>
> >>>>> <key>OCSFolderInfoURL</key>
> >>>>>
> >>
>
> <string>mysql://sogo:pwsd@localhost:3306/sogo/sogo_folder_info</string>
> >>>>> <key>OCSSessionsFolderURL</key>
> >>>>>
> >>>>>
> >>
> <string>mysql://sogo:pswd@localhost:3306/sogo/sogo_sessions_folder</string>
> >>>>> <key>SOGoAuthenticationMethod</key>
> >>>>> <string>LDAP</string>
> >>>>>
> >>>>> <key>SOGoProfileURL</key>
> >>>>>
> >>>>>
> >>
> <string>mysql://sogo:sogo@localhost:3306/sogo/sogo_user_profile</string>
> >>>>> <key>SOGoSieveScriptsEnabled</key>
> >>>>> <string>YES</string>
> >>>>>
> >>>>> <key>SOGoSieveServer</key>
> >>>>> <string>sieve://mx.resfrox.lan:2000</string>
> >>>>>
> >>>>> <key>SOGoUserSources</key>
> >>>>> <key>SOGoUserSources</key>
> >>>>> <array>
> >>>>> <dict>
> >>>>> <key>type</key>
> >>>>> <string>ldap</string>
> >>>>>
> >>>>>
> >>>>> <key>CNFieldName</key>
> >>>>> <string>cn</string>
> >>>>>
> >>>>> <key>IDFieldName</key>
> >>>>> <string>cn</string>
> >>>>>
> >>>>> <key>UIDFieldName</key>
> >>>>> <string>sAMAccountName</string>
> >>>>>
> >>>>> <key>baseDN</key>
> >>>>> <string>cn=Users,dc=<domain>,dc=lan</string>
> >>>>>
> >>>>> <key>bindDN</key>
> >>>>>
> >>>>> <string> </string>
> >>>>> (also used DOMAIN\sogo,
> >>>>> cn=sogo,dc=domain,dc=lan)
> >>>>>
> >>>>> <key>bindPassword</key>
> >>>>> <string><SOGoADAccountPasswd></string>
> >>>>>
> >>>>> #<key>bindFields</key>
> >>>>> #<string>sAMAccountName</string> (with or without, no
> >>>>> change...)
> >>>>>
> >>>>>
> >>>>> <key>canAuthenticate</key>
> >>>>> <string>YES</string>
> >>>>>
> >>>>> <key>displayName</key>
> >>>>> <string>Active Directory</string>
> >>>>>
> >>>>> <key>hostname</key>
> >>>>> <string>192.168.x.x</string>
> >>>>>
> >>>>> <key>id</key>
> >>>>> <string>ActiveDirectory</string>
> >>>>>
> >>>>> <key>isAddressBook</key>
> >>>>> <string>NO</string>
> >>>>>
> >>>>> <key>port</key>
> >>>>> <string>389</string>
> >>>>>
> >>>>> <key>scope</key>
> >>>>> <string>sub</string>
> >>>>> </dict>
> >>>>>
> >>>>> </array>
> >>>>>
> >>>>> <key>WOWorkersCount</key>
> >>>>> <string>3</string>
> >>>>> </dict>
> >>>>> </dict>
> >>>>> </plist>
> >>>>>
> >>>>> And here's the log file :
> >>>>> Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Cache
> cleanup
> >>>>> interval
> >>>>> set every 300.000000 seconds
> >>>>> Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Using
> host(s)
> >>>>> 'localhost' as server(s)
> >>>>> 2012-07-25 16:24:36.319 sogod[13802] Note(SoObject):
> SoDebugKeyLookup
> >> is
> >>>>> enabled!
> >>>>> 2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): SoDebugBaseURL
> is
> >>>>> enabled!
> >>>>> 2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): relative base
> >> URLs
> >>>>> are
> >>>>> enabled.
> >>>>> 2012-07-25 16:24:36.322 sogod[13802] ERROR(-[NGBundleManager
> >>>>> bundleWithPath:]):
> >>>>> could not create bundle for path:
> >>>>>
> >>
> '/usr/share/GNUstep/Libraries/gnustep-base/Versions/1.20/Resources/SSL.bundle'
> >>>>> 2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: pool
> embedding
> >> is
> >>>>> on.
> >>>>> 2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: id logging
> is
> >> on.
> >>>>> Jul 25 16:24:36 sogod [13802]: SOGoRootPage Login for user
> >>>>> ' '
> >>>>> might not have worked - password policy: 65535 grace: -1 expire: -1
> >>>>> bound: 0
> >>>>> localhost - - [25/Jul/2012:16:24:36 GMT] "POST /SOGo/connect
> HTTP/1.1"
> >> 403
> >>>>> 34/66 0.018 - - 2M
> >>>>> 2012-07-25 16:25:16.245 sogod[13802] Note: Using UTF-8 as URL
> encoding
> >> in
> >>>>> NGExtensions.
> >>>>> Jul 25 16:25:16 sogod [13802]: SOGoRootPage Login for user
> >>>>> ' '
> >>>>> might not have worked - password policy: 65535 grace: -1 expire: -1
> >>>>> bound: 0
> >>>>> localhost - - [25/Jul/2012:16:25:16 GMT] "POST /SOGo/connect
> HTTP/1.1"
> >> 403
> >>>>> 34/104 0.004 - - 12K
> >>>>>
> >>>>> I also add that I've a server for SOGo, another one for Mails
> >>>>> (Postfix/dovecot), and onther one for AD. Mails user do their
> >>>>> authentication on
> >>>>> AD server without problem.
> >>>>>
> >>>>> I'm becoming silly, thanks for your help ;)
> >>>>>
> >>>>> Nicolas
> >>>>> --
> >>>>>
> >>>>> https://inverse.ca/sogo/lists
> >>> You're right, that's why I'm becoming mad...
> >>>
> >>> Can sieve block any connexion to SOGo ?
> >>>
> >>> I use SOGo Webmin module, and when I "test" sieve parameters, it
> >>> returns me :
> >>> Failed: IO::Socket::INET: connect: Connection refused.
> >>>
> >>> I think it's my mail server fault...
> >>> If it's not urgent, I'll check it later, but if it disables users
> >>> connexion, I'll check it first before continue...
> >>>
> >>> Thanks in advance ;)
> >>>
> >>>
> >>>
> >> I'm confuse, I don't know why it isn't work...
> >>
> >> For the test, I placed "sogo" user who'll bind to the DC and a "normal"
> >> user in "Users" group.
> >>
> >> I re-give my "new" configuration files :
> >>
> >> sogo :
> >> <key>SOGoUserSources</key>
> >> <array>
> >> <dict>
> >> <key>CNFieldName</key>
> >> <string>cn</string>
> >>
> >> <key>IDFieldName</key>
> >> <string>uid</string>
> >>
> >> <key>MailFieldNames</key>
> >> <string>(mail)</string>
> >>
> >> <key>UIDFieldName</key>
> >> <string>sAMAccountName</string>
> >>
> >> <key>baseDN</key>
> >> <string>cn=Users,dc=<domain>,dc=lan</string>
> >>
> >> <key>bindDN</key>
> >> <string>sogo@<domain>.lan</string>
> >>
> >> <key>bindPassword</key>
> >> <string>********</string>
> >>
> >> <key>canAuthenticate</key>
> >> <string>YES</string>
> >>
> >> <key>displayName</key>
> >> <string>Active Directory</string>
> >>
> >> <key>hostname</key>
> >> <string><DCServer></string>
> >>
> >> <key>id</key>
> >> <string>ActiveDirectory</string>
> >>
> >> <key>isAddressBook</key>
> >> <string>NO</string>
> >>
> >> <key>passwordPolicy</key>
> >> <string>NO</string>
> >>
> >> <key>port</key>
> >> <string>389</string>
> >>
> >> <key>scope</key>
> >> <string>SUB</string>
> >>
> >> <key>type</key>
> >> <string>ldap</string>
> >>
> >> </dict>
> >> </array>
> >>
> >> And my Dovecot' configuration file, maybe it'll help...
> >> hosts = <DCServer>:389
> >> ldap_version = 3
> >> auth_bind = yes
> >> dn =
> >>
> >> dnpass = *********
> >> base = ou=%d,dc=<domain>,dc=lan (my AD is
> multi-domain,
> >> so, I class users in OU wich have their domain-name. For example,
> >>
> >> will be in an OU called domain1.fr)
> >> scope = subtree
> >> deref = never
> >> user_filter =
> >>
> (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
> >> pass_filter =
> >>
> (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
> >> pass_attrs = userPassword=password
> >> default_pass_scheme = CRYPT
> >> user_attrs = <maildirs>
> >>
> >> With those SOGo parameters, here's the log file just after a reboot of
> >> the SOGo service :
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object:
> >> <SOGo[0x0x86990e8]: name=SOGo>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D object is
> public.
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key SOGo
> of
> >> object: <SOGo[0x0x86990e8]: name=SOGo>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D found no
> security
> >> info for key (class SOGo): SOGo
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D default is allow
> ...
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key
> connect
> >> of object: <SOGo[0x0x86990e8]: name=SOGo>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate
> permission
> >> '<public>' on object: <SOGo[0x0x86990e8]: name=SOGo>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> >> validated permission '<public>'.
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> >> validated key (connect).
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object:
> >> <0x0x88d7060[SoPageInvocation]: class=SOGoRootPage action=connect bound
> >> instantiated product=<0x0x86b7650[SoProduct]: loaded code-loaded
> >> bundle=/usr/lib/GNUstep/SOGo/MainUI.SOGo #classes=8 #categories=4
> >> rm=0x0x86b98c0>>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D object is
> public.
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key
> connect
> >> of object: <SOGo[0x0x86990e8]: name=SOGo>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate
> permission
> >> '<public>' on object: <SOGo[0x0x86990e8]: name=SOGo>
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> >> validated permission '<public>'.
> >> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> >> validated key (connect).
> >> ---> Jul 26 11:37:36 sogod [7228]: SOGoRootPage Login for user
> >> '<user>' might not have worked - password policy: 65535 grace: -1
> >> expire: -1 bound: 0
> >> localhost - - [26/Jul/2012:11:37:36 GMT] "POST /SOGo/connect
> >> HTTP/1.1" 403 34/76 0.007 - - 0
> >>
> >> Also, I installed LDAPTools, and this command works (it returns me the
> >> list of my AD users) :
> >> ldapsearch -h <DCServer> -b "cn=Users,dc=<domain>,dc=lan" -D
> >> "cn=sogo,cn=users,dc=<domain>,dc=lan" -W objectclass=person
> >>
> >> Thanks in advance for your advices :)
> >>
> >> Nicolas
> >>
> >>
> >>
> >>
> >> --
> >>
> >> https://inverse.ca/sogo/lists
> I'm working with the installation guide, wich works only when
> everything's OK :)
>
> sogo user is in "Users", and I can login from a Windows workstation when
> using it.
>
> I'm OK with the configuration you've posted, still doesn't work...
>
> Am I supposed to :
> - Do something in the AD ? (sogo is a normal user created the same way
> as another one...)
> - Install SOGo a special way ? I've done this by install Debian, and, in
> order : mysql-server, phpmyadmin, webmin (+SOGo module), SOGo (I've
> commented tmreaper line..) and LDAPtools.
>
> Is there a special user to manage SOGo ? Who's SOGo administrator ? Is
> there one regardless the config file ? (By web interface I mean)
>
> AD server answers to ping from SOGo server, Webmin tests are all OK even
> LDAP test
>
> 3 Days I spent on SOGo, I've already never see WebInterface excepted the
> logon page... There's something wrong :(
>
> What may block ?!
>
> Thank you ;)
>
> Nicolas
>
>
>
> --
>
> https://inverse.ca/sogo/lists



Archive powered by MHonArc 2.6.18.

Top of page