General discussion on installation and configuration of SOGo

Text archives Help

Re: [SOGo] Account validation

Chronological Thread 
  • From: Louis-Philippe Gauthier < >
  • To: users < >
  • Subject: Re: [SOGo] Account validation
  • Date: Thu, 18 Apr 2013 13:06:40 -0400

2013/4/17 Marc Patermann < " target="_blank"> >

Louis-Philippe Gauthier schrieb (16.04.2013 15:47 Uhr):

I want to know which LDAP's fields SOGo validates to know if the user's account is active or not and the password expiration.
What do you mean by "active"?

Well, I discover some field in OpenLDAP like shadowExpire=15813 (yesterday, 2013-04-17)... If I connect via SSH to my server with this user, I have a message :

user1@server1's password:
Your account has expired; please contact your system administrator
Connection closed by server1

If I connect with the same user to SOGo, the shadowExpire is not verified. Is it a setup somewhere ?

Of course, server authentification  and SOGo authentification is made by the same LDAP.

And what does it mean "expire = -1" and "grace = -1" in the SOGo log ?
Apr 18 12:50:36 sogod [31284]: SOGoRootPage successful login from '' for user 'user1' - expire = -1  grace = -1

I know that Samba has the same field in seconds, but I don't remember the name and we don't use SOGo with Outlook.

If you want to store the information if someone is a SOGo user or not, you have to set an attribute accordingly and include this in your LDAP filter in SOGo conf.

You can set password expiration i.e. in openldap by the password policy overlay. But I'm not sure if SOGo honors this.

Someone can answer this ? :-)
In general SOGo does an LDAP bind with the credentials entered by the user which the LDAP server handles itself.

Is it the same validation with the Webmail and Thunderbird ?

There is documentation about this ?
If you are connecting to the SOGo services (SOGo Web GUI, CalDAV, CardDAV vie Thunderbird/iPhone/etc.), SOGo uses the configured authentication backend.
If you are connecting to other services - like your IMAP server - it uses the there configured authentication backends. In most case this should be the same.

Does this answer your questions?
If not you may have to provide more information/details.

Thanks for your help.

" target="_blank">

Louis-Philippe Gauthier

Archive powered by MHonArc 2.6.18.

Top of page