[SOGo] 2 Bugs: Same username in multiple domains & LDAP password cache

2014-02-11 Thread Laz C . Peterson 
Hello everyone,

I sent these in a while ago, but it seems the problems will most definitely 
carry through to the next stable release of SOGo.

This first issue presents a serious security risk.  With two users in separate 
domains that have the same UID, authentication works okay, but sometimes (not 
always) SOGo pulls and applies the LDAP email address from the wrong domain.  
This affects calendar as well as mail functions.  I have not tested the 
contacts yet.  In this case, mail seems to not load, as the IMAP server still 
needs to authenticate the user with the proper credentials, however, the 
calendar DOES load pulls the calendar from the wrong user!  In my environment, 
I am not using bindAsCurrentUser.

The second issue, as noticed by a user back many years ago 
(https://lists.inverse.ca/sogo/arc/users/2010-08/msg00243.html), deals with the 
most appropriate cache cleanup interval being far too much time for LDAP 
passwords to be changed.  I feel it is relatively awkward to tell a user that 
it may take up to 5 minutes for them to be able to log back into SOGo, 
especially since the email and LDAP servers are both already authenticating 
with the new password.  Any suggestion on how I can separate the LDAP password 
cache from the rest of the cache?  Am I the only user having this problem?  
This is the case both for OpenLDAP and Active Directory password changes.  Or 
quite possibly, clearing the user's password cache when the user clicks 
“Change” on the Password preferences tab.

Any suggestions?

Thank you again.
~Laz Peterson-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] 2 Bugs: Same username in multiple domains & LDAP password cache

2014-02-11 Thread Laz C. Peterson 
Regarding the first issue, the SOGo web interface works exactly as expected.  
This only affects CardDav and CalDav clients.


On Feb 11, 2014, at 10:56 AM, Laz C. Peterson  wrote:

> Hello everyone,
> 
> I sent these in a while ago, but it seems the problems will most definitely 
> carry through to the next stable release of SOGo.
> 
> This first issue presents a serious security risk.  With two users in 
> separate domains that have the same UID, authentication works okay, but 
> sometimes (not always) SOGo pulls and applies the LDAP email address from the 
> wrong domain.  This affects calendar as well as mail functions.  I have not 
> tested the contacts yet.  In this case, mail seems to not load, as the IMAP 
> server still needs to authenticate the user with the proper credentials, 
> however, the calendar DOES load pulls the calendar from the wrong user!  In 
> my environment, I am not using bindAsCurrentUser.
> 
> The second issue, as noticed by a user back many years ago 
> (https://lists.inverse.ca/sogo/arc/users/2010-08/msg00243.html), deals with 
> the most appropriate cache cleanup interval being far too much time for LDAP 
> passwords to be changed.  I feel it is relatively awkward to tell a user that 
> it may take up to 5 minutes for them to be able to log back into SOGo, 
> especially since the email and LDAP servers are both already authenticating 
> with the new password.  Any suggestion on how I can separate the LDAP 
> password cache from the rest of the cache?  Am I the only user having this 
> problem?  This is the case both for OpenLDAP and Active Directory password 
> changes.  Or quite possibly, clearing the user's password cache when the user 
> clicks “Change” on the Password preferences tab.
> 
> Any suggestions?
> 
> Thank you again.
> ~Laz Peterson

-- 
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] create task not in my own calendar

2014-02-11 Thread Systeembeheer 
Hello,
As we are in the process of migrating from Exchange to SOGo I want to know the 
following:
The receptionist must be able to plan a task for the technical department.
I am now using the latest ZEG version of SOGo. We use the webinterface with 
firefox on Debian 7.3.
I got as far as being able to see the tasklist from sogo2 user in the window 
from sogo1 user.
But when I create a task I am only able to select the personal calender from 
the user himself not from the other.
I know in Exchange you have to give permission to be able to do this but I do 
not know if this is nessesary in SOGo and
cannot find where and how in SOGo.

Can anyone shed some light on this?


Kind regards,

Systemmanagement
W. Krelekamp

systeembeh...@obg.nu



-- 
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] create task not in my own calendar

2014-02-11 Thread Nigel Pegram 
Hello,

Yes, you do need to grant permissions for other to view or alter others'
calendars.

Try right clicking on the calendar, then select sharing from the menu.

Regards,
Nigel

On 11/02/14 20:46, Systeembeheer wrote:
>
> Hello,
>
> As we are in the process of migrating from Exchange to SOGo I want to
> know the following:
>
> The receptionist must be able to plan a task for the technical department.
>
> I am now using the latest ZEG version of SOGo. We use the webinterface
> with firefox on Debian 7.3.
>
> I got as far as being able to see the tasklist from sogo2 user in the
> window from sogo1 user.
>
> But when I create a task I am only able to select the personal
> calender from the user himself not from the other.
>
> I know in Exchange you have to give permission to be able to do this
> but I do not know if this is nessesary in SOGo and
>
> cannot find where and how in SOGo.
>
>  
>
> Can anyone shed some light on this?
>
>  
>
>  
>
> Kind regards,
>
>  
>
> Systemmanagement
>
> W. Krelekamp
>
>  
>
> systeembeh...@obg.nu 
>
>  
>
>  
>
>  
>

-- 
users@sogo.nu
https://inverse.ca/sogo/lists