General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Authentication via Linux, Active Directory, and Active Directory Containers


Chronological Thread 
  • From: "Eslam Basyouni" ( ) < >
  • To:
  • Subject: Re: [SOGo] Authentication via Linux, Active Directory, and Active Directory Containers
  • Date: Sun, 7 Jul 2019 16:19:03 +0000 (UTC)
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 47A4B1DE5154

Hello Paul,

it's very easy , for me i'm using LDAP through FREEIPA and here is my configuration try to use it and tell me what is the status

>   SOGoUserSources = (
> {
>  type = ldap;
>  CNFieldName = cn;
>  IDFieldName = uid;
>  UIDFieldName = uid;
>  baseDN = "cn=users,cn=accounts,dc=mydomain,dc=com";
>  bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
>  bindPassword = P@ssw0rd2;
>  canAuthenticate = YES;
>  displayName = "Users";
>  hostname = ldap://192.168.0.10:389;
>  id =users;
>  isAddressBook = YES;
> },
> {
>  type = ldap;
>  CNFieldName = cn;
>  IDFieldName = cn;
>  UIDFieldName = cn;
>  baseDN = "cn=groups,cn=accounts,dc=mydomain,dc=com";
>  bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
>  bindPassword = P@ssw0rd2;
>  canAuthenticate = YES;
>  displayName = "Groups";
>  hostname = ldap://192.168.0.10:389;
>  id = groups;
>  isAddressBook = YES;
>         },
>      {
>       type = ldap;
>       CNFieldName = cn;
>       UIDFieldName = uid;
>       IDFieldName = uid; // first field of the DN for direct binds
>       bindFields = (uid, mail); // array of fields to use for indirect binds
>       bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
>       bindPassword = P@ssw0rd2;
>       canAuthenticate = YES;
>       hostname = ldap://192.168.0.10:389;
>       id = public;
>       isAddressBook = no;
>     }
>   );







 

On Sunday, July 7, 2019, 06:07:29 PM GMT+2, Webb, Paul < > wrote:


Hi all,

Just got a SOGo server set up, and I'm running MySQL as the back-end database.

On my (Ubuntu) server, its possible via SSSD/PAM/Winbind for Active Directory users to log in to the server directly with their AD credentials.

I'm looking for a way to replicate this in SOGo. I could not find a way to connect to the linux accounts on the server, so I then went down the path of using LDAP as an authenticator for AD. Unfortunately, testing this connector (debugging turned on, using tail -f /var/log/sogo/sogo.log as I try sample user accounts) has proven difficult. In addition, I need the ability to have SOGo check multiple OUs within the BaseDN, and this does not seem to be possible within the current configuration framework of SOGo. I did try using OU=%d,DN=domain,DN=local does not seem to work (?).

This leads to the question: Is there a way to get SOGo to look at the Linux credentials as an authenticator? Example query:
- IF an existing Linux user exists AND their password matches
- THEN authenticate them and reference/create their profile in MySQL.

In this way you could then use the PAM/SSSD/Winbind connector between the Linux server and Active Directory as a connector.

Thoughts?

Thanks!
--
Paul
--

https://inverse.ca/sogo/lists



Archive powered by MHonArc 2.6.18.

Top of page