General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Authentication Problem Using Samba4


Chronological Thread 
  • From: "Keith Howard" ( ) < >
  • To:
  • Subject: Re: [SOGo] Authentication Problem Using Samba4
  • Date: Tue, 9 Apr 2019 15:16:01 -0400
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca B9BC11DE5198

Hi Christian,

Good catch. 
I forgot to mention that I editted my samba.conf to allow non SSL ldap traffic.
I tested/verified that by connecting to my Samba server with an LDAP editor (non-ssl) and it worked.

So, will SOGo work unencrypted?

Thanks!

Keith


On Tue, Apr 9, 2019 at 3:12 PM Christian Naumer < > wrote:
Iam not 100% sure but you connect without ssl/TLS I don't know if Samba
AD permits this.
We use LDAPS and it works. You then need to configure
/etc/openldap/ldap.conf to accept your certificates.

Regards

Christian

Am 09.04.19 um 17:16 schrieb Keith Howard ( ):
> Hello,
>
> I am using Samba 4.9.4 compiled from source, MariaDB 5.5..60-1 (RPM), and
> SOGo 4.0.7 (nightly RPMs).
>
> sogo.conf:
>
> {
>   /* *********************  Main SOGo configuration file
> **********************
>
> *
> *
>    * Since the content of this file is a dictionary in OpenStep plist
> format,  *
>    * the curly braces enclosing the body of the configuration are
> mandatory.   *
>    * See the Installation Guide for details on the
> format.                     *
>
> *
> *
>    * C and C++ style comments are
> supported.                                   *
>
> *
> *
>    * This example configuration contains only a subset of all
> available        *
>    * configuration parameters. Please see the installation guide more
> details. *
>
> *
> *
>    * ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this
> file,    *
>    * make sure to move it away to avoid unwanted parameter
> overrides.          *
>
> *
> *
>    *
> **************************************************************************/
>
>   /* Database configuration (mysql:// or postgresql://) */
>   SOGoProfileURL =
> "mysql://sogo:<redacted>@localhost:3306/sogo/sogo_user_profile";
>   OCSFolderInfoURL = "mysql://sogo: <redacted>
> @localhost:3306/sogo/sogo_folder_info";
>   OCSSessionsFolderURL = "mysql://sogo: <redacted>
> @localhost:3306/sogo/sogo_sessions_folder";
>
>   /* Mail */
>   SOGoDraftsFolderName = Drafts;
>   SOGoSentFolderName = Sent;
>   SOGoTrashFolderName = Trash;
>   SOGoIMAPServer = localhost;
>   SOGoSieveServer = sieve://127.0.0.1:4190;
>   SOGoSMTPServer = 127.0.0.1;
>   SOGoMailDomain = medinaco.lan;
>   SOGoMailingMechanism = smtp;
>   //SOGoForceExternalLoginWithEmail = NO;
>   //SOGoMailSpoolPath = /var/spool/sogo;
>   //NGImap4ConnectionStringSeparator = "/";
>
>   /* Notifications */
>   //SOGoAppointmentSendEMailNotifications = NO;
>   //SOGoACLsSendEMailNotifications = NO;
>   //SOGoFoldersSendEMailNotifications = NO;
>
>   /* Authentication */
>   //SOGoPasswordChangeEnabled = YES;
>
>   /* LDAP authentication example */
>   //SOGoUserSources = (
>   //  {
>   //    type = ldap;
>   //    CNFieldName = cn;
>   //    UIDFieldName = uid;
>   //    IDFieldName = uid; // first field of the DN for direct binds
>   //    bindFields = (uid, mail); // array of fields to use for indirect
> binds
>   //    baseDN = "dc=medinaco,dc=lan";
>   //    bindDN = "uid=sogo,ou=users,dc=acme,dc=com";
>   //    bindPassword = qwerty;
>   //    canAuthenticate = YES;
>   //    displayName = "Shared Addresses";
>   //    hostname = ldap://127.0.0.1:389;
>   //    id = public;
>   //    isAddressBook = YES;
>   //  }
>   //);
>
>   /* LDAP AD/Samba4 example */
>   SOGoUserSources = (
>     {
>       type = ldap;
>       CNFieldName = cn;
>       IDFieldName = sAMAccountName;
>       UIDFieldName = sAMAccountName;
>       baseDN = "CN=Users,DC=medinaco,DC    =lan";
>       bindDN = "CN=Administrator,CN=Users,DC=medinaco,DC=lan";
>       bindFields = (sAMAccountName,mail,userPrincipalName);
>       bindPassword =  <redacted> ;
>       canAuthenticate = YES;
>       displayName = "Public";
>       hostname = "ldap://localhost";
>       id = public;
>       isAddressBook = YES;
>       scope = SUB;
>
>     }
>   );
>
>
>   /* SQL authentication example */
>   /*  These database columns MUST be present in the view/table:
>    *    c_uid - will be used for authentication -  it's the username or
> )
>    *    c_name - which can be identical to c_uid -  will be used to
> uniquely identify entries
>    *    c_password - password of the user, plain-text, md5 or sha encoded
> for now
>    *    c_cn - the user's common name - such as "John Doe"
>    *    mail - the user's mail address
>    *  See the installation guide for more details
>    */
>   //SOGoUserSources =
>   //  (
>   //    {
>   //      type = sql;
>   //      id = directory;
>   //      viewURL = "postgresql://sogo:sogo@127.0.0.1:5432/sogo/sogo_view";
>   //      canAuthenticate = YES;
>   //      isAddressBook = YES;
>   //      userPasswordAlgorithm = md5;
>   //    }
>   //  );
>
>   /* Web Interface */
>   SOGoPageTitle = SOGo;
>   SOGoVacationEnabled = YES;
>   SOGoForwardEnabled = YES;
>   SOGoSieveScriptsEnabled = YES;
>   //SOGoMailAuxiliaryUserAccountsEnabled = YES;
>   //SOGoTrustProxyAuthentication = NO;
>   //SOGoXSRFValidationEnabled = YES;
>
>   /* General - SOGoTimeZone *MUST* be defined */
>   SOGoLanguage = English;
>   SOGoTimeZone = America/New_York;
>   //SOGoCalendarDefaultRoles = (
>   //  PublicDAndTViewer,
>   //  ConfidentialDAndTViewer
>   //);
>   SOGoSuperUsernames = (khoward); // This is an array - keep the parens!
>   SxVMemLimit = 1000;
>   //WOPidFile = "/var/run/sogo/sogo.pid";
>   SOGoMemcachedHost = "/var/run/memcached.sock";
>
>   /* Debug */
>   //SOGoDebugRequests = YES;
>   //SoDebugBaseURL = YES;
>   //ImapDebugEnabled = YES;
>   //LDAPDebugEnabled = YES;
>   //PGDebugEnabled = YES;
>   //MySQL4DebugEnabled = YES;
>   //SOGoUIxDebugEnabled = YES;
>   //WODontZipResponse = YES;
>   //WOLogFile = /var/log/sogo/sogo.log;
> }
> ***** END SOGO.CONF*****
>
> The sogod service starts, and I goto http://medinaco.lan/SOGo, to which I
> am presented with the SOGo login page.
> I attempt to login and receive a wrong username or password error.
>
> In my sogo.log:
> 2019-04-09 11:10:39.298 sogod[17938:17938] Creating NGLdapConnection
> instance for bindDN 'CN=Administrator,CN=Users,DC=medinaco,DC=lan'
> Apr 09 11:10:39 sogod [17938]: SOGoRootPage Login from '172.16.42.253' for
> user 'khoward' might not have worked - password policy: 65535  grace: -1
> expire: -1  bound: 0
> Apr 09 11:10:39 sogod [17938]: 172.16.42.253 "POST /SOGo/connect HTTP/1.1"
> 403 34/67 0.046 - - 40K
>
> I can login to mariadb using sogo user/pass and view/edit tables.
> I can login to Windows authenticating with SAMBA AD username/password.
>
> I don't know what else to do to get this to work.
> Could someone assist me with this?
>
> Thanks.
>
> Keith
>

--
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail , homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Manfred Bender,
Ludger Roedder
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
--

https://inverse.ca/sogo/lists



Archive powered by MHonArc 2.6.18.

Top of page