Hi,
a note:
Commandline ldapsearch using user sogo is working recursively:
ldapsearch -h localhost -b "ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local" -D
"uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local" -W
objectclass=person
So the permissions are ok, right?
Best,
Friedemann
---
Hi,
>> we have configured the sogo connection to our LDAP server as follows:
>>
>> defaults write sogod SOGoUserSources '({CNFieldName = cn;
>> IDFieldName = uid; UIDFieldName = uid;
>> baseDN = "dc=neurologie.uni-tuebingen.de,dc=local";
>> bindDN =
>> "uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local";
>> bindPassword = ****************; canAuthenticate = YES; displayName =
>> "Addresses"; hostname = "localhost"; id = local;
>> isAddressBook = YES; port=389; filter = "(objectClass=person)"; scope =
>> "SUB"})'
>>
>> Still, sogo can find only persons in the baseDN level, not in ou's below
>> this.
>>
>> What are we doing wrong?
>
> How are the privileges set for user
> uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local
> in your LDAP?
> Does he have read permissions on all ou-Levels up to ou=Users?
> Does he have read permissions on the user entries in ou=Users?
I did an apt-get update/upgrade an checked the LDAP permissions:
olcDatabase={1}hdb.ldif:
dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=neurologie.uni-tuebingen.de,dc=local
olcAccess: {0}to * by dn="cn=admin,dc=neurologie.uni-tuebingen.de,dc=local"
write by * read
olcAccess: {1}to * attrs=userPassword,shadowLastChange by
dn="cn=admin,dc=neurologie.uni-tuebingen.de,dc=local" write by anonymous auth
by self write by * none
olcAccess: {2}to dn.base="" by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=neurologie.uni-tuebingen.de,dc=local
...
Now sogo seems not to be able to bind anymore:
.GNUstepDefaults:
<key>SOGoUserSources</key>
<array>
<dict>
<key>CNFieldName</key>
<string>cn</string>
<key>IDFieldName</key>
<string>uid</string>
<key>UIDFieldName</key>
<string>uid</string>
<key>baseDN</key>
<string>dc=neurologie.uni-tuebingen.de,dc=local</string>
<key>bindDN</key>
<string>uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local</string>
<key>bindPassword</key>
<string>***********</string>
<key>canAuthenticate</key>
<string>YES</string>
<key>displayName</key>
<string>Addresses</string>
<key>hostname</key>
<string>localhost</string>
<key>id</key>
<string>public</string>
<key>isAddressBook</key>
<string>YES</string>
<key>port</key>
<string>389</string>
<key>scope</key>
<string>SUB</string>
sogo.log:
Mar 06 09:58:47 sogod [4778]: SOGoRootPage Login for user 'fbunjes' might not
have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
localhost - - [06/Mar/2012:09:58:47 GMT] "POST /SOGo/connect HTTP/1.1" 403
34/42 0.025 - - 2M
Best,
Friedemann
>
>
> Kind regards,
> Christian Mack
>
> --
> Christian Mack
> Gruppe Informationsdienste
> Rechenzentrum Universität Konstanz
> --
> [email protected]
> https://inverse.ca/sogo/lists
--
Dr. rer. nat. Friedemann Bunjes
Hertie-Institut für Klinische Hirnforschung
Zentrum für Neurologie
Universitätsklinikum Tübingen
Otfried-Müller-Str. 27
72076 Tübingen
+49-7071-29-81999
--
[email protected]
https://inverse.ca/sogo/lists
