General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Authentication via Linux, Active Directory, and Active Directory Containers


Chronological Thread 
  • From: "\"Webb, Paul\"" ( ) < >
  • To:
  • Subject: Re: [SOGo] Authentication via Linux, Active Directory, and Active Directory Containers
  • Date: Mon, 8 Jul 2019 14:21:20 -0400
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca BAC201DE50E4

Eslam,

First, thank you for your response!

I used your LDAP configuration as a template, but I still cannot get it to work. As a test, I took the identical settings (via copy and paste) and added them into OpnSense as an additional authentication container (System >> Servers >> SOGo, if it matters) and then used the Test utility in there to try a valid user authentication. It worked fine. So I'm thinking I have something else going on? Here's what my sogo.log looks like. I've got Debugging turned on for all sections.

Jul 08 14:14:31 sogod [28932]: |SOGo| request took 0.013332 seconds to execute
Jul 08 14:14:31 sogod [28932]: 10.254.21.6 "GET /SOGo HTTP/1.1" 302 0/0 0.015 - - 2M
Jul 08 14:14:31 sogod [28932]: |SOGo| starting method 'GET' on uri '/SOGo/'
Jul 08 14:14:31 sogod [28932]: |SOGo|   constructed root-url: /SOGo/
Jul 08 14:14:31 sogod [28932]: |SOGo|   setting root-url in context: /SOGo/
Jul 08 14:14:31 sogod [28932]: |SOGo| ROOT baseURL(no container, name=(null)):
  own: /SOGo/
Jul 08 14:14:31 sogod [28932]: |SOGo| request took 0.019771 seconds to execute
Jul 08 14:14:31 sogod [28932]: 10.254.21.6 "GET /SOGo/ HTTP/1.1" 200 27426/0 0.024 - - 748K
Jul 08 14:15:20 sogod [28932]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
2019-07-08 14:15:20.506 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'cwebb';
2019-07-08 14:15:20.506 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10>   query has results, entering fetch-mode.
Jul 08 14:15:20 sogod [28932]: SOGoRootPage Login from '10.254.21.6' for user 'cwebb' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Jul 08 14:15:20 sogod [28932]: |SOGo| request took 0.001323 seconds to execute
Jul 08 14:15:20 sogod [28932]: 10.254.21.6 "POST /SOGo/connect HTTP/1.1" 403 34/64 0.003 - - 0
Jul 08 14:15:37 sogod [28932]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
2019-07-08 14:15:37.334 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> SQL: SELECT c_password FROM sogo_users WHERE c_uid = ' ';
2019-07-08 14:15:37.335 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10>   query has results, entering fetch-mode.
Jul 08 14:15:37 sogod [28932]: SOGoRootPage Login from '10.254.21.6' for user ' ' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Jul 08 14:15:37 sogod [28932]: |SOGo| request took 0.001709 seconds to execute
Jul 08 14:15:37 sogod [28932]: 10.254.21.6 "POST /SOGo/connect HTTP/1.1" 403 34/83 0.003 - - 0

Any and all help is appreciated! :-)

-Paul


On 7/7/2019 12:19 PM, Eslam Basyouni ( ) wrote:
Hello Paul,

it's very easy , for me i'm using LDAP through FREEIPA and here is my configuration try to use it and tell me what is the status

>   SOGoUserSources = ( > { >  type = ldap; >  CNFieldName = cn; >  IDFieldName = uid; >  UIDFieldName = uid; >  baseDN = "cn=users,cn=accounts,dc=mydomain,dc=com"; >  bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com"; >  bindPassword = P@ssw0rd2; >  canAuthenticate = YES; >  displayName = "Users"; >  hostname = ldap://192.168.0.10:389; >  id =users; >  isAddressBook = YES; > }, > { >  type = ldap; >  CNFieldName = cn; >  IDFieldName = cn; >  UIDFieldName = cn; >  baseDN = "cn=groups,cn=accounts,dc=mydomain,dc=com"; >  bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com"; >  bindPassword = P@ssw0rd2; >  canAuthenticate = YES; >  displayName = "Groups"; >  hostname = ldap://192.168.0.10:389; >  id = groups; >  isAddressBook = YES; >         }, >      { >       type = ldap; >       CNFieldName = cn; >       UIDFieldName = uid; >       IDFieldName = uid; // first field of the DN for direct binds >       bindFields = (uid, mail); // array of fields to use for indirect binds >       bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com"; >       bindPassword = P@ssw0rd2; >       canAuthenticate = YES; >       hostname = ldap://192.168.0.10:389; >       id = public; >       isAddressBook = no; >     } >   ); > 







 

On Sunday, July 7, 2019, 06:07:29 PM GMT+2, Webb, Paul < > wrote:


Hi all,

Just got a SOGo server set up, and I'm running MySQL as the back-end database.

On my (Ubuntu) server, its possible via SSSD/PAM/Winbind for Active Directory users to log in to the server directly with their AD credentials.

I'm looking for a way to replicate this in SOGo. I could not find a way to connect to the linux accounts on the server, so I then went down the path of using LDAP as an authenticator for AD. Unfortunately, testing this connector (debugging turned on, using tail -f /var/log/sogo/sogo.log as I try sample user accounts) has proven difficult. In addition, I need the ability to have SOGo check multiple OUs within the BaseDN, and this does not seem to be possible within the current configuration framework of SOGo. I did try using OU=%d,DN=domain,DN=local does not seem to work (?).

This leads to the question: Is there a way to get SOGo to look at the Linux credentials as an authenticator? Example query:
- IF an existing Linux user exists AND their password matches
- THEN authenticate them and reference/create their profile in MySQL.

In this way you could then use the PAM/SSSD/Winbind connector between the Linux server and Active Directory as a connector.

Thoughts?

Thanks!
--
Paul
--

https://inverse.ca/sogo/lists
--

https://inverse.ca/sogo/lists

Attachment: pEpkey.asc
Description: application/pgp-keys




Archive powered by MHonArc 2.6.18.

Top of page