clone 803197 -1
reassign -1 libsope1 2.2.9-2
retitle -1 libsope1: closing all fds breaks SOGo with LDAP+TLS in jessie
found -1 2.2.17-1+b1
affects -1 sogo
tag -1 fixed-upstream
thanks
Dear sope maintainers,
#803197 is a bug between libldap and gnutls that breaks SOGo configured
to use LDAP with TLS security for authentication.
I reproduced the problem in jessie and unstable by installing sogo and
adding to /etc/sogo/sogo.conf:
SOGoUserSources = (
{
type = ldap;
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "dc=example,dc=com";
canAuthenticate = YES;
hostname = "ldap://ldap.example.com/????!StartTLS";;
id = public;
}
);
With that configuration, logging into the web interface sends SOGo into
an endless loop, logging messages like:
Jan 31 00:40:34 sogod [8006]: [ERROR] <0x0x5561a42d7920[WOWatchDog]> No child
available to handle incoming request!
Jan 31 00:40:34 sogod [8024]: [ERROR] <0x0x5561a44d14e0[WOHttpAdaptor]> http server
caught: <NGCouldNotAcceptException: 0x5561a4955410> NAME:NGCouldNotAcceptException
REASON:Could not accept: descriptor is not a socket descriptor INFO:(null)
Sope upstream have committed a workaround for this, until it can be
fixed in either gnutls or libldap.
https://github.com/inverse-inc/sope/pull/32
It is included in Sope 2.3.3 and later.
thanks,
Ryan
