Re: [SOGo] Sogo with Active Directory

Thu, 26 Jul 2012 06:34:49 -0700 

Le 26/07/2012 15:07, "Daniel Müller" a écrit :

http://www.sogo.nu/files/docs/SOGo%20Installation%20Guide.pdf
Is the user sogo established in your ADS?
Can you logon to your ADS with sogo and the password? If you succed with this 
you can go on.

Compare and you will see what is missing:
SOGoUserSources =
(
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = sAMAccountName;
baseDN = "cn=Users,dc=acme,dc=com";
bindDN = "cn=sogo,cn=Users,dc=acme,dc=com";
bindFields = (sAMAccountName);
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Active Directory";
hostname = 10.0.0.1;
id = directory;
isAddressBook = YES;
port = 389;  <---sometimes you use SSL, you need to change???
}
);

-------- Original-Nachricht --------

Datum: Thu, 26 Jul 2012 12:05:40 +0200
Von: Nicolas Cauchie <[email protected]>
An: [email protected]
Betreff: Re: [SOGo] Sogo with Active Directory
Le 26/07/2012 09:41, Nicolas Cauchie a écrit :

Le 25/07/2012 20:40, "Daniel Müller" a écrit :

If your users can logon to your ADs and your email-server with the same

password and user credentials than they can logon to SOGo.

Just find out the right uids for your users
-------- Original-Nachricht --------

Datum: Wed, 25 Jul 2012 10:29:51 -0400 (EDT)
Von:[email protected]
An:[email protected]
Betreff: [SOGo] Sogo with Active Directory
Hi All !

I've just installed a Debian 6.0.5 to create a SOGo server.

I already have an Active Directory wich works fine.

I've done all configuration of SOGo, but I can't login with an account

of

my
AD.

Here's my config file (I deleted configs that I thank useless) :


        <key>OCSFolderInfoURL</key>


        <string>mysql://sogo:pwsd@localhost:3306/sogo/sogo_folder_info</string>

        <key>OCSSessionsFolderURL</key>

<string>mysql://sogo:pswd@localhost:3306/sogo/sogo_sessions_folder</string>

        <key>SOGoAuthenticationMethod</key>
        <string>LDAP</string>

        <key>SOGoProfileURL</key>

<string>mysql://sogo:sogo@localhost:3306/sogo/sogo_user_profile</string>

        <key>SOGoSieveScriptsEnabled</key>
        <string>YES</string>

        <key>SOGoSieveServer</key>
        <string>sieve://mx.resfrox.lan:2000</string>

        <key>SOGoUserSources</key>
        <key>SOGoUserSources</key>
        <array>
            <dict>
        <key>type</key>
        <string>ldap</string>


                <key>CNFieldName</key>
                <string>cn</string>

                <key>IDFieldName</key>
                <string>cn</string>

                <key>UIDFieldName</key>
                <string>sAMAccountName</string>

                <key>baseDN</key>
                <string>cn=Users,dc=<domain>,dc=lan</string>

                <key>bindDN</key>
                <string>[email protected]</string> (also used DOMAIN\sogo,
cn=sogo,dc=domain,dc=lan)

                <key>bindPassword</key>
                <string><SOGoADAccountPasswd></string>
                
                   #<key>bindFields</key>
        #<string>sAMAccountName</string> (with or without, no change...)
        

                <key>canAuthenticate</key>
                <string>YES</string>

                <key>displayName</key>
                <string>Active Directory</string>

                <key>hostname</key>
                <string>192.168.x.x</string>

                <key>id</key>
                <string>ActiveDirectory</string>

                <key>isAddressBook</key>
                <string>NO</string>

                <key>port</key>
                <string>389</string>

                <key>scope</key>
                <string>sub</string>
            </dict>

        </array>  

        <key>WOWorkersCount</key>
        <string>3</string>
      </dict>
</dict>
</plist>

And here's the log file :
Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Cache cleanup
interval
set every 300.000000 seconds
Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Using host(s)
'localhost' as server(s)
2012-07-25 16:24:36.319 sogod[13802] Note(SoObject): SoDebugKeyLookup

is

enabled!
2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): SoDebugBaseURL is
enabled!
2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): relative base

URLs

are
enabled.
2012-07-25 16:24:36.322 sogod[13802] ERROR(-[NGBundleManager
bundleWithPath:]):
could not create bundle for path:


'/usr/share/GNUstep/Libraries/gnustep-base/Versions/1.20/Resources/SSL.bundle'

2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: pool embedding

is

on.
2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: id logging is

on.

Jul 25 16:24:36 sogod [13802]: SOGoRootPage Login for user
'[email protected]'
might not have worked - password policy: 65535  grace: -1  expire: -1
bound: 0
localhost - - [25/Jul/2012:16:24:36 GMT] "POST /SOGo/connect HTTP/1.1"

403

34/66 0.018 - - 2M
2012-07-25 16:25:16.245 sogod[13802] Note: Using UTF-8 as URL encoding

in

NGExtensions.
Jul 25 16:25:16 sogod [13802]: SOGoRootPage Login for user
'[email protected]'
might not have worked - password policy: 65535  grace: -1  expire: -1
bound: 0
localhost - - [25/Jul/2012:16:25:16 GMT] "POST /SOGo/connect HTTP/1.1"

403

34/104 0.004 - - 12K

I also add that I've a server for SOGo, another one for Mails
(Postfix/dovecot), and onther one for AD. Mails user do their
authentication on
AD server without problem.

I'm becoming silly, thanks for your help ;)

Nicolas
--
[email protected]
https://inverse.ca/sogo/lists

You're right, that's why I'm becoming mad...

Can sieve block any connexion to SOGo ?

I use SOGo Webmin module, and when I "test" sieve parameters, it
returns me :
Failed: IO::Socket::INET: connect: Connection refused.

I think it's my mail server fault...
If it's not urgent, I'll check it later, but if it disables users
connexion, I'll check it first before continue...

Thanks in advance ;)

        


I'm confuse, I don't know why it isn't work...

For the test, I placed "sogo" user who'll bind to the DC and a "normal"
user in "Users" group.

I re-give my "new" configuration files :

sogo :
      <key>SOGoUserSources</key>
      <array>
          <dict>
          <key>CNFieldName</key>
          <string>cn</string>

          <key>IDFieldName</key>
          <string>uid</string>

          <key>MailFieldNames</key>
          <string>(mail)</string>

          <key>UIDFieldName</key>
          <string>sAMAccountName</string>

          <key>baseDN</key>
<string>cn=Users,dc=<domain>,dc=lan</string>

          <key>bindDN</key>
          <string>sogo@<domain>.lan</string>

          <key>bindPassword</key>
          <string>********</string>

          <key>canAuthenticate</key>
          <string>YES</string>

          <key>displayName</key>
          <string>Active Directory</string>

          <key>hostname</key>
          <string><DCServer></string>

          <key>id</key>
          <string>ActiveDirectory</string>

          <key>isAddressBook</key>
          <string>NO</string>

          <key>passwordPolicy</key>
          <string>NO</string>

          <key>port</key>
          <string>389</string>

          <key>scope</key>
          <string>SUB</string>

          <key>type</key>
          <string>ldap</string>

          </dict>
      </array>

And my Dovecot' configuration file, maybe it'll help...
      hosts           = <DCServer>:389
      ldap_version    = 3
      auth_bind       = yes
      dn              = [email protected]
      dnpass          = *********
      base            = ou=%d,dc=<domain>,dc=lan (my AD is multi-domain,
so, I class users in OU wich have their domain-name. For example,
[email protected] will be in an OU called domain1.fr)
      scope           = subtree
      deref           = never
      user_filter     =
(&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
      pass_filter     =
(&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
      pass_attrs      = userPassword=password
      default_pass_scheme = CRYPT
      user_attrs      = <maildirs>

With those SOGo parameters, here's the log file just after a reboot of
the SOGo service :
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object:
<SOGo[0x0x86990e8]: name=SOGo>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D   object is public.
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key SOGo of
object: <SOGo[0x0x86990e8]: name=SOGo>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D   found no security
info for key (class SOGo): SOGo
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D   default is allow ...
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key connect
of object: <SOGo[0x0x86990e8]: name=SOGo>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate permission
'<public>' on object: <SOGo[0x0x86990e8]: name=SOGo>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
validated permission '<public>'.
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
validated key (connect).
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object:
<0x0x88d7060[SoPageInvocation]: class=SOGoRootPage action=connect bound
instantiated product=<0x0x86b7650[SoProduct]: loaded code-loaded
bundle=/usr/lib/GNUstep/SOGo/MainUI.SOGo #classes=8 #categories=4
rm=0x0x86b98c0>>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D   object is public.
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key connect
of object: <SOGo[0x0x86990e8]: name=SOGo>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate permission
'<public>' on object: <SOGo[0x0x86990e8]: name=SOGo>
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
validated permission '<public>'.
      Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
validated key (connect).
      --->   Jul 26 11:37:36 sogod [7228]: SOGoRootPage Login for user
'<user>' might not have worked - password policy: 65535 grace: -1
expire: -1  bound: 0
      localhost - - [26/Jul/2012:11:37:36 GMT] "POST /SOGo/connect
HTTP/1.1" 403 34/76 0.007 - - 0

Also, I installed LDAPTools, and this command works (it returns me the
list of my AD users) :
      ldapsearch -h <DCServer> -b "cn=Users,dc=<domain>,dc=lan" -D
"cn=sogo,cn=users,dc=<domain>,dc=lan" -W objectclass=person

Thanks in advance for your advices :)

Nicolas


        

--
[email protected]
https://inverse.ca/sogo/lists
I'm working with the installation guide, wich works only when everything's OK :)
sogo user is in "Users", and I can login from a Windows workstation when using it. 

I'm OK with the configuration you've posted, still doesn't work...

Am I supposed to :
- Do something in the AD ? (sogo is a normal user created the same way as another one...) - Install SOGo a special way ? I've done this by install Debian, and, in order : mysql-server, phpmyadmin, webmin (+SOGo module), SOGo (I've commented tmreaper line..) and LDAPtools.
Is there a special user to manage SOGo ? Who's SOGo administrator ? Is there one regardless the config file ? (By web interface I mean)
AD server answers to ping from SOGo server, Webmin tests are all OK even LDAP test
3 Days I spent on SOGo, I've already never see WebInterface excepted the logon page... There's something wrong :( 

What may block ?!

Thank you ;)

Nicolas

        

--
[email protected]
https://inverse.ca/sogo/lists

Reply via email to