General discussion on installation and configuration of SOGo

Text archives Help


Re: [SOGo] Authentication via Linux, Active Directory, and A


Chronological Thread 
  • From: "Eslam Basyouni" ( ) < >
  • To: " " < >, " " < >
  • Subject: Re: [SOGo] Authentication via Linux, Active Directory, and A
  • Date: Mon, 8 Jul 2019 19:17:23 +0000 (UTC)
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca DFE431DE4F93

Hello Paul,

I need more details for your environment to be able to understand your topology. 

And I'm very happy to helping you.. And if you want to add me on Facebook or what's App to chat will be very good. 

 00201227011270





On Mon, Jul 8, 2019 at 8:26 PM, Webb, Paul
< > wrote:

Eslam,

First, thank you for your response!

I used your LDAP configuration as a template, but I still cannot get it to work. As a test, I took the identical settings (via copy and paste) and added them into OpnSense as an additional authentication container (System >> Servers >> SOGo, if it matters) and then used the Test utility in there to try a valid user authentication. It worked fine. So I'm thinking I have something else going on? Here's what my sogo.log looks like. I've got Debugging turned on for all sections.

Jul 08 14:14:31 sogod [28932]: |SOGo| request took 0.013332 seconds to execute
Jul 08 14:14:31 sogod [28932]: 10.254.21.6 "GET /SOGo HTTP/1.1" 302 0/0 0.015 - - 2M
Jul 08 14:14:31 sogod [28932]: |SOGo| starting method 'GET' on uri '/SOGo/'
Jul 08 14:14:31 sogod [28932]: |SOGo|   constructed root-url: /SOGo/
Jul 08 14:14:31 sogod [28932]: |SOGo|   setting root-url in context: /SOGo/
Jul 08 14:14:31 sogod [28932]: |SOGo| ROOT baseURL(no container, name=(null)):
  own: /SOGo/
Jul 08 14:14:31 sogod [28932]: |SOGo| request took 0.019771 seconds to execute
Jul 08 14:14:31 sogod [28932]: 10.254.21.6 "GET /SOGo/ HTTP/1.1" 200 27426/0 0.024 - - 748K
Jul 08 14:15:20 sogod [28932]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
2019-07-08 14:15:20.506 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'cwebb';
2019-07-08 14:15:20.506 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10>   query has results, entering fetch-mode.
Jul 08 14:15:20 sogod [28932]: SOGoRootPage Login from '10.254.21.6' for user 'cwebb' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Jul 08 14:15:20 sogod [28932]: |SOGo| request took 0.001323 seconds to execute
Jul 08 14:15:20 sogod [28932]: 10.254.21.6 "POST /SOGo/connect HTTP/1.1" 403 34/64 0.003 - - 0
Jul 08 14:15:37 sogod [28932]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
2019-07-08 14:15:37.334 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10> SQL: SELECT c_password FROM sogo_users WHERE c_uid = ' ';
2019-07-08 14:15:37.335 sogod[28932:28932] <MySQL4Channel[0x0x55c9262ecfb0] connection=0x0x55c9263d3f10>   query has results, entering fetch-mode.
Jul 08 14:15:37 sogod [28932]: SOGoRootPage Login from '10.254.21.6' for user ' ' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Jul 08 14:15:37 sogod [28932]: |SOGo| request took 0.001709 seconds to execute
Jul 08 14:15:37 sogod [28932]: 10.254.21.6 "POST /SOGo/connect HTTP/1.1" 403 34/83 0.003 - - 0

Any and all help is appreciated! :-)

-Paul


On 7/7/2019 12:19 PM, Eslam Basyouni ( ) wrote:
Hello Paul,

it's very easy , for me i'm using LDAP through FREEIPA and here is my configuration try to use it and tell me what is the status

>   SOGoUserSources = (
> {
>  type = ldap;
>  CNFieldName = cn;
>  IDFieldName = uid;
>  UIDFieldName = uid;
>  baseDN = "cn=users,cn=accounts,dc=mydomain,dc=com";
>  bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
>  bindPassword = P@ssw0rd2;
>  canAuthenticate = YES;
>  displayName = "Users";
>  hostname = ldap://192.168.0.10:389;
>  id =users;
>  isAddressBook = YES;
> },
> {
>  type = ldap;
>  CNFieldName = cn;
>  IDFieldName = cn;
>  UIDFieldName = cn;
>  baseDN = "cn=groups,cn=accounts,dc=mydomain,dc=com";
>  bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
>  bindPassword = P@ssw0rd2;
>  canAuthenticate = YES;
>  displayName = "Groups";
>  hostname = ldap://192.168.0.10:389;
>  id = groups;
>  isAddressBook = YES;
>         },
>      {
>       type = ldap;
>       CNFieldName = cn;
>       UIDFieldName = uid;
>       IDFieldName = uid; // first field of the DN for direct binds
>       bindFields = (uid, mail); // array of fields to use for indirect binds
>       bindDN = "uid=user2,cn=users,cn=accounts,dc=mydomain,dc=com";
>       bindPassword = P@ssw0rd2;
>       canAuthenticate = YES;
>       hostname = ldap://192.168.0.10:389;
>       id = public;
>       isAddressBook = no;
>     }
>   );







 

On Sunday, July 7, 2019, 06:07:29 PM GMT+2, Webb, Paul < > wrote:


Hi all,

Just got a SOGo server set up, and I'm running MySQL as the back-end database.

On my (Ubuntu) server, its possible via SSSD/PAM/Winbind for Active Directory users to log in to the server directly with their AD credentials.

I'm looking for a way to replicate this in SOGo. I could not find a way to connect to the linux accounts on the server, so I then went down the path of using LDAP as an authenticator for AD. Unfortunately, testing this connector (debugging turned on, using tail -f /var/log/sogo/sogo.log as I try sample user accounts) has proven difficult. In addition, I need the ability to have SOGo check multiple OUs within the BaseDN, and this does not seem to be possible within the current configuration framework of SOGo. I did try using OU=%d,DN=domain,DN=local does not seem to work (?).

This leads to the question: Is there a way to get SOGo to look at the Linux credentials as an authenticator? Example query:
- IF an existing Linux user exists AND their password matches
- THEN authenticate them and reference/create their profile in MySQL.

In this way you could then use the PAM/SSSD/Winbind connector between the Linux server and Active Directory as a connector.

Thoughts?

Thanks!
--
Paul
--

https://inverse.ca/sogo/lists



Archive powered by MHonArc 2.6.18.

Top of page