On Mon, 2012-04-09 at 13:33 +0200, Christian Rößner wrote: > > I did some further testing. If croessners account is working as expected, > > then eroessners is broken. If I do log in to eroessner over the > > webinterface, both accounts seem to work for some minutes (less than 5 mins > > I guess). I then can add entries on both iPads and it works. But then after > > some moments, one session seems to die and that user, who did the last > > changes, i.e. deleting or removing something, wins. > > > > I attach my sogo.log. Maybe somebody can see the problem there. This log > > includes also sogo restart and both situations. the first, where both users > > can work for just a few moments and the second, which kills one users > > session. > > > > If somebody does have ANY idea on that, I really would be extremely happy :) > > > I found the problem :-) It is SOGoBindAsCurrentUser that does not work as > expected. I enabled this and the SOGoChangePasswordEnabled feature to give > users the chance to change their password over the web interface. I have a > LDAP proxyuser that should find the correct DN in LDAP and rebind as this > user. And this does work wrong! > > User croessner in LDAP is: > uid=de10000,ou=people,ou=it,dc=roesner-net,dc=de > > User eroessner in LDAP is: > uid=de10008,ou=people,ou=it,dc=roessner-net,dc=de > > If croessner is working, then you find de10000 entries in LDAP log, if stats > are enabled. If I open the iPad calendar of user eroessner, I see this in the > logs: > > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 fd=37 ACCEPT from > IP=[2a01:4f8:131:1081:88:198:80:229]:53774 (IP=[::]:389) > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=0 EXT > oid=1.3.6.1.4.1.1466.20037 > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=0 STARTTLS > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=0 RESULT oid= err=0 text= > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 fd=37 TLS established > tls_ssf=128 ssf=128 > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=1 BIND > dn="uid=de10000,ou=people,ou=it,dc=roessner-net,dc=de" method=128 > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=1 BIND > dn="uid=de10000,ou=people,ou=it,dc=roessner-net,dc=de" mech=SIMPLE ssf=0 > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=1 RESULT tag=97 err=0 > text= > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=2 SRCH > base="ou=it,dc=roessner-net,dc=de" scope=2 deref=0 > filter="(|(uniqueIdentifier=eroessner)(mail=eroessner)(cn=eroessner))" > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=2 SRCH attr=* > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=2 SEARCH RESULT tag=101 > err=0 nentries=0 text= > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 op=3 UNBIND > Apr 9 12:10:12 roessner1 slapd[7641]: conn=15961 fd=37 closed > > And this is the bug. SOGo uses the wrong DN from user croessner and not the > one for eroessner and therefor does not get read access to foreign objects. > > Temporary workaround is to disable BindAsCurrentUser. > > Do I need to open a bug ticket for this? > > -Christian Rößner
try adjusting the variables to suit your needs and run as root. users will login with their mail address -- much more logical (imho) cheers m #!/bin/bash TIMEZONE="Europe/Zurich" MAILDOMAIN="domain.com" SMTPSERVER="192.168.1.1" IMAPURI="imaps://192.168.1.1:993" SUPERUSER="[email protected]" MYSQLHOST=localhost MYSQLUSER="sogo" MYSQLUSERPASS="yipee" LDAP_BASE="dc=domain,dc=com" LDAP_ADMIN_BIND="cn=ldapadmin,dc=domain,dc=com" LDAP_ADMIN_PASS="yeehaw" sudo -u sogo defaults write sogod SOGoTimeZone "$TIMEZONE" sudo -u sogo defaults write sogod SOGoMailDomain $MAILDOMAIN sudo -u sogo defaults write sogod SOGoLanguage English sudo -u sogo defaults write sogod SOGoAppointmentSendEMailNotifications YES sudo -u sogo defaults write sogod SOGoFoldersSendEMailNotifications YES sudo -u sogo defaults write sogod SOGoACLsSendEMailNotifications YES sudo -u sogo defaults write sogod WOWorkersCount 5 sudo -u sogo defaults write sogod WOLogFile /var/log/sogo/sogo.log sudo -u sogo defaults write sogod SxVMemLimit 512 sudo -u sogo defaults write sogod SOGoMemcachedHost localhost sudo -u sogo defaults write sogod SOGoMailingMechanism smtp sudo -u sogo defaults write sogod SOGoSMTPServer $SMTPSERVER sudo -u sogo defaults write sogod SOGoIMAPServer $IMAPURI sudo -u sogo defaults write sogod SOGoDraftsFolderName Drafts sudo -u sogo defaults write sogod SOGoSentFolderName Sent sudo -u sogo defaults write sogod SOGoTrashFolderName Trash sudo -u sogo defaults write sogod SOGoForceIMAPLoginWithEmail YES sudo -u sogo defaults write sogod SOGoSuperUsernames "($SUPERUSER)" sudo -u sogo defaults write sogod SOGoContactsDefaultRoles '(ObjectViewer, ObjectEditor, ObjectCreator, ObjectEraser)' sudo -u sogo defaults write sogod SOGoProfileURL "mysql://$MYSQLUSER: $MYSQLUSERPASS@$MYSQLHOST:3306/sogo/sogo_user_profile" sudo -u sogo defaults write sogod OCSFolderInfoURL "mysql://$MYSQLUSER: $MYSQLUSERPASS@$MYSQLHOST:3306/sogo/sogo_folder_info" sudo -u sogo defaults write sogod OCSSessionsFolderURL "mysql://$MYSQLUSER:$MYSQLUSERPASS@ $MYSQLHOST:3306/sogo/sogo_sessions_folder" sudo -u sogo defaults write sogod SOGoUserSources '({ CNFieldName = cn; IDFieldName = uid; UIDFieldName = mail; IMAPHostFieldName = mailHost; baseDN = LDAP_BASE; bindDN = LDAP_ADMIN_BIND; bindFields = (mail); bindPassword = LDAP_ADMIN_PASS; canAuthenticate = YES; displayName = MAILDOMAIN; hostname = ldap.MAILDOMAIN; encryption = ssl; id = public; isAddressBook = YES; scope = SUB; port=636; })' -- [email protected] https://inverse.ca/sogo/lists
