[SOGo] LDAP group auth problems

[Sean M. Pappalardo]

Hello again.




What am I doing wrong??

The LDAP hierarchy:

dc=example,dc=com
  o=Company & Associates
    cn=Everyone         <- (dynamic) groupOfNames
    cn=Region1          <- (dynamic) groupOfNames
  o=Main Company
    cn=Everyone         <- (dynamic) groupOfNames
  ou=users
    uid=testuser        <- comes up in both C&A groups above
      ou=address books
    uid=testuser2       <- comes up in MC group above
    cn=sogo             <- system user

The relevant .GNUStepDefaults section:
sogod domains '{
    example1 = {
        SOGoMailDomain = example1.net;
        SOGoTimeZone = America/Chicago;
        SOGoUserSources = (
            {
                CNFieldName = cn;
                IDFieldName = uid;
                UIDFieldName = uid;
                abOU = "ou=address books";
                baseDN = "o=Company & Associates,dc=example,dc=com";
                bindDN = "cn=sogo,ou=users,dc=example,dc=com";
                bindPassword = "secret";
                canAuthenticate = YES;
                displayName = "All personnel";
                hostname = localhost;
                id = example1_everyone;
                isAddressBook = YES;
                port = 389;
                type = ldap;
            }
        );
    };
    example = {
        SOGoMailDomain = example.com;
        SOGoTimeZone = Europe/Berlin;
        SOGoUserSources = (
            {
                CNFieldName = cn;
                IDFieldName = uid;
                UIDFieldName = uid;
                abOU = "ou=address books";
                baseDN = "o=Main Company,dc=example,dc=com";
                bindDN = "cn=sogo,ou=users,dc=example,dc=com";
                bindPassword = "secret";
                canAuthenticate = YES;
                displayName = Everyone;
                hostname = localhost;
                id = example_everyone;
                isAddressBook = YES;
                port = 389;
                type = ldap;
            }
        );
    };
}'



Thank you for any help or references you can provide.



Sincerely,
Sean M. Pappalardo

I'm trying to set up a multi-domain SOGo system that uses LDAP groups for authentication (and as address books) and it's not authenticating at all. When I try to log in as a user in any domain with their correct password, I only get this in the log: Jun 29 09:33:00 sogod [14894]: SOGoRootPage Login for user 'testuser' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 91.62.250.230 - - [29/Jun/2012:09:33:00 GMT] "POST /sogo/connect HTTP/1.1" 403 34/43 0.007 - - 0 If I set SOGOUserSources to just use ou=users,dc=example,dc=com then it authenticates, but it lets all users connect to the first domain. I tried using a filter in conjunction with that (o=Main Company, since the user records have o attribues) but that doesn't have any effect. (I think the filter aspect might be broken.) (And I must add that using .GNUStepDefaults via 'defaults write' is really messy for domain use. I have to re-define all domains (and escape spaces and other special characters) every time I want to change anything. Seems to me that a standard .conf file would make a ton more sense and be less error prone.)

<<attachment: spappalardo.vcf>>

smime.p7s
Description: S/MIME Cryptographic Signature