General discussion on installation and configuration of SOGo

Text archives Help


[SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP


Chronological Thread 
  • From: lloydsystems < >
  • To:
  • Subject: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
  • Date: Thu, 28 Mar 2013 16:32:16 -0400 (EDT)

Dear SOGo Group,

I am having difficulty getting SOGo/OpenChange to work with Outlook 2010.
SOGo
itself works through its web interface, but email with Outlook does not. I
have been messing around with it for days without success, so I thought I
would
ask for some help.

Setup: Server is running CentOS 6.4 with Postfix 2.6 and Cyrus-IMAP 2.4. The
email system was setup and tested before starting with SOGo. I also had
Samba4
from the SOGo repo already installed and AD setup and tested.

DNS: Here I will call the server domain example.local, so AD is setup with
domain EXAMPLE, realm example.local. The server is also hosting a real world
domain example.com, so there is a split DNS setup. The example.local is
managed by Samba using BIND with DLZ plugin, and example.com has traditional
BIND zone files. All setup and tested.

The users are in Samba4 AD, but will have

as their email
address. Postfix is setup with example.com as a virtual mailbox domain and
delivers mail to Cyrus-IMAP. I used Cyrus-IMAP because, being a sealed system
makes it well suited to virtual domains. It authenticates users by SASL
(saslauthd) configured for PAM. The /etc/pam.d/imap file uses pam_krb5 to
authenticate email users by Kerberos against AD. All works.

I installed SOGo following the guide with MySQL database backend. For LDAP
authentication I used the template in the Outlook configuration guide.

Side note: I read somewhere that the SOGo configuration is being changed to a
proper “sogo.conf” file rather than using that awful “defaults” method,
but maybe it was only for Debian. Can this be done for RHEL/CentOS? I got so
sick of it I actually wrote a script to do the config. Is anyone aware that
running ‘defaults –u sogo’ blows away the existing file? I learned that
the hard way.

When finished I started SOGo and could login from the web interface with my
EXAMPLE\testuser AD account. Calendar, contacts and email (as
)
all worked perfectly.

I then followed the Outlook configuration guide to install and configure the
SOGo/OpenChange packages. The only part I did not follow initially was under
the IMAP trust section. It reads like a couple of lines thrown in there as an
afterthought, and with no example to follow, so it did not make sense at the
time. I will come back to this.

All steps appeared to work OK. Adding testuser to OpenChange initially failed
with “not found”. I discovered from the code that it only looks in
CN=Users, but my users are under OU=People in order to apply group policy.
When I moved testuser it worked OK and I could see the extended attributes. I
assume that, after this step, users could be moved back to an OU without any
issues? I left testuser in CN=Users for now.

At the end the services start OK and I login as testuser from a VM client
joined to the EXAMPLE domain. I create the Outlook profile and start
Outlook.
It appears to work – Outlook says it is connected to Exchange, but there is
no mail folder creation and no email visible. However, the calendar and
contact items are there.

Eventually Outlook says it is disconnected, and Samba is rather unhappy and
appears to have stopped working and must be restarted.

If I run the “Test Email AutoConfiguration” utility it fails. The Apache
logs show requests for “autodiscover” returning 401 or 502 errors. But I
had setup DNS for autodiscover. In DNS Manager I tried both methods – using
a SRV entry and adding a CNAME alias. I also added an alias to the
example.com
DNS just in case.

In the maillog I see cyrus-imap errors for badlogin, SASL(-13), authentication
failure. This, with the 401 error, suggests SOGo/OpenChange will not connect
to Cyrus-IMAP.

I revisited the IMAP trust section and attempted to use ‘sasl_pwcheck_method
= alwaystrue’. However, I found that on EL this is not available because the
option is not enabled at compile. So I downloaded the cyrus-sasl source RPM,
rebuilt it with ‘--enable-alwaystrue’ and installed it. I could now use
the ‘imtest’ utility to authenticate as testuser with any password. Seems
OK. I setup ‘cyrus.conf’ with separate imap services, one bound to
127.0.0.1 and the other to the server IP, using different ‘imapd.conf’
files. The only difference being one has ‘sasl_pwcheck_method = saslauthd’
and the other ‘sasl_pwcheck_method = alwaystrue’.

I tried again with Outlook, but this time it hangs at the splash screen. It
will not open at all. There is no information in the logs to tell me what is
happening. Only in the maillog shows testuser successfully logged in from
127.0.0.1, and then connection closed, but the messages appear together only
when I cancel Outlook.

I also realised that the guide talks about Cyrus-IMAP 2.4, but the packaged EL
version is 2.3, so I found a stable 2.4 source RPM, built it and upgraded, but
nothing changed. It works from SOGo web but not Outlook/OpenChange.

I am really at a loss. I am considering swapping Cyrus-IMAP for Dovecot, but
would rather not. Yes, the Cyrus documentation woeful, which is probably why
people consider it difficult to use, but I think it’s solid and well suited
to virtual hosting. Compared to Dovecot with its labyrinth of config files
and
nested calls it doesn’t seem too bad to me. But I don’t want to go to the
trouble of installing Dovecot and then find I have the same problem.

If anyone has an explanation for this problem, or an example of a working
setup
with Cyrus-IMAP, I would appreciate their help.

Regards,

Stephen Jones


  • [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP, lloydsystems, 03/28/2013

Archive powered by MHonArc 2.6.18.

Top of page