Usually AD requires TLS or SSL for LDAP. Have you tried switching this on?
Am 04.09.24 um 11:13 schrieb Илназ Шарафиев (il...@konstanta.pro):
Hello!
Sorry for disturbing with stupid questions. Please help me with SoGo
configuration. I installed iRedMail 1.7.1. on Debian 12. Successfully
configured Postfix and Dovecot, including LDAP (Active directory)
authentication. But I stucked with SoGo + Active Directory configuration.
Here is my configuration for LDAP
SOGoUserSources = (
{
// Used for user authentication
id = directory;
displayName = "Active Directory";
canAuthenticate = YES;
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = sAMAccountName;
baseDN = " ou=Users, dc=test,dc=com";
bindDN = "cn=vmail,oou=Users, dc=test,dc=com";
bindFields = (sAMAccountName);
bindPassword = password;
hostname = "ldap://test.com:389";;
isAddressBook = YES;
},
And logs:
Sep 04 11:10:24 sogod [155008]: |SOGo| starting method 'POST' on uri '/
SOGo/so/passwordRecoveryEnabled'
Sep 04 11:10:24 sogod [155008]: <0x0x558409596160[SOGoCache]> Cache
cleanup interval set every 300.000000 seconds
Sep 04 11:10:24 sogod [155008]: <0x0x558409596160[SOGoCache]> Using
host(s) '127.0.0.1' as server(s)
Sep 04 11:10:24 sogod [155008]: [WARN]
<0x0x7f57060d3b00[WOxElemBuilder]> could not locate builders:
WOxExtElemBuilder,WOxExtElemBuilder
Sep 04 11:10:24 sogod [155008]: |SOGo| request took 0.046520 seconds to
execute
Sep 04 11:10:24 sogod [155008]: 192.xxx.xxx.xxx "POST /SOGo/so/
passwordRecoveryEnabled HTTP/1.0" 403 0/47 0.056 - - 3M - 10
Sep 04 11:10:25 sogod [155008]: |SOGo| starting method 'POST' on uri '/
SOGo/so/passwordRecoveryEnabled'
Sep 04 11:10:25 sogod [155008]: |SOGo| request took 0.001057 seconds to
execute
Sep 04 11:10:25 sogod [155008]: 192.xxx.xxx.xxx "POST /SOGo/so/
passwordRecoveryEnabled HTTP/1.0" 403 0/47 0.004 - - 0 - 10
Sep 04 11:10:32 sogod [155008]: |SOGo| starting method 'POST' on uri '/
SOGo/connect'
Sep 04 11:10:32 sogod [155008]: <0x0x558409a68610[NGLdapConnection]>
Using ldap_initialize for LDAP URL: ldap://test.com:389
Sep 04 11:10:32 sogod [155008]: <0x0x558409a65de0[NGLdapConnection]>
Using ldap_initialize for LDAP URL: ldap://test.com:389
2024-09-04 11:10:32.698 sogod[155008:155008] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base '' filter
'(objectClass=*)' for attrs 'subschemaSubentry'
2024-09-04 11:10:32.698 sogod[155008:155008] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'CN=Aggregate,CN=Schema,CN=Configuration,DC=test,DC=com' filter
'(objectClass=*)' for attrs 'objectclasses'
2024-09-04 11:10:32.839 sogod[155008:155008] -[NGLdapConnection
_searchAtBaseDN:qualifier:attributes:scope:]: search at base
'ou=users,dc=test,dc=com' filter '(sAMAccountName=t...@konstanta.pro)'
for attrs 'dn'
Sep 04 11:10:32 sogod [155008]: SOGoRootPage Login from
'192.xxx.xxx.xxx' for user 't...@test.com' might not have worked -
password policy: 65535 grace: -1 expire: -1 bound: 0
Sep 04 11:10:32 sogod [155008]: |SOGo| request took 0.170584 seconds to
execute
Sep 04 11:10:32 sogod [155008]: 192.xxx.xxx.xxx "POST /SOGo/connect
HTTP/1.0" 403 33/87 0.173 - - 7M - 11
Sep 04 11:10:34 sogod [155008]: |SOGo| starting method 'GET' on uri '/
SOGo/so/'
Sep 04 11:10:34 sogod [155008]: |SOGo| request took 0.084647 seconds to
execute
Sep 04 11:10:34 sogod [155008]: 192.xxx.xxx.xxx "GET /SOGo/so/ HTTP/1.0"
200 13418/0 0.089 50514 73% 0 - 11
In the windows server logs I can see that authentication was successful.
Thanks
