On 5/27/2010 9:32 AM, Donny Brooks wrote:
On Thursday, May 27, 2010 08:30 AM CDT, Ludovic Marcotte<[email protected]>
wrote:
Donny Brooks wrote:
I am running both the SOGo and OpenLDAP machines on Centos 5.4, and yes
they are separate machines. My openldap is version openldap-2.3.43-12.el5 on my
LDAP server. My sogo version is sogo-1.2_20100505-1.el5 from the yum repository
and it's ldap version is openldap-2.3.43-3.el5.
If you use the password policy code, you'll have to run a very recent
version of OpenLDAP (v2.4.17 and up) server/client libraries.
Futhermore, you'll have to recompile the sope49-ldap package to link
them to the recent OpenLDAP libraries.
The reason for all of this is that the password policy code is
relatively buggy in OpenLDAP and it's still a changing target (ie., the
specification is still in draft stage). SOGo (or rather, our
modifications to sope49-ldap) makes use of the ldap control object which
is tied to the innards of OpenLDAP.
We eventually plan to provide OpenLDAP RPMs for RHEL v5 (i386 and
x86_64) for those who want to use it on this platform and update the
documentation accordingly for its usage.
Regards,
--
Ludovic Marcotte
[email protected] :: +1.514.755.3630 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
So I need to update my SOGo *AND* OpenLDAP machines to 2.4.17 or greater
correct? Should I also upgrade my mail server or does that really matter since
it isn't dealing with anything but authentication. Thanks for the insight. It
has been working just fine until I implemented the password policy stuff. So
that makes perfect sense.
Ok, I have the ldap server setup to use openldap-2.4.21 on fedora 13. I
am still getting the following lines in the ldap.log and sogo.log. These
are unedited incase I cut something I didn't need to. Plus it is only
accessible internally so I think I am ok.
ldap.log
Jul 28 14:13:30 ldap slapd[977]: conn=1160 fd=14 ACCEPT from
IP=10.8.3.220:35117 (IP=0.0.0.0:389)
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 BIND
dn="uid=dbrooks,ou=people,dc=mdah,dc=state,dc=ms,dc=us" method=128
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 BIND
dn="uid=dbrooks,ou=People,dc=mdah,dc=state,dc=ms,dc=us" mech=SIMPLE ssf=0
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=0 RESULT tag=97 err=0 text=
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 EXT
oid=1.3.6.1.4.1.4203.1.11.1
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 PASSMOD
id="uid=dbrooks,ou=people,dc=mdah,dc=state,dc=ms,dc=us" old new
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=1 RESULT oid= err=50 text=
Jul 28 14:13:30 ldap slapd[977]: conn=1160 op=2 UNBIND
Jul 28 14:13:30 ldap slapd[977]: conn=1160 fd=14 closed
sogo.log
Jul 28 13:13:30 sogod: SOGo watchdog [14124]:
<0x0x109aee10[NGLdapConnection]> change password - ldap_find_control
call failed
127.0.0.1 - - [28/Jul/2010:13:13:30 GMT] "POST /SOGo/so/changePassword
HTTP/1.1" 204 0/74 0.006 - - 0
Does the sogo machine need to have the updated openldap also? Or just
the ldap server? Any pointers are VERY welcome.
Donny B.
--
[email protected]
https://inverse.ca/sogo/lists
