from:"Dmytro Lysytsyn"

Re: [SOGo] Unable to get access to SOGo for unknown reason.

2019-02-28 Thread Dmytro Lysytsyn


On 19.02.19 21:09, Dmytro Lysytsyn wrote:
Symptoms are: when I'm trying to log on to SOGo under any username 
('sogoadm' for example) using 'https://kntest3.ldvtest.org.ua/SOGo' 
link, this is happened:
1. it redirects me to '/SOGo/', where  is that 
what I'm trying to log on with. And it still shows me SOGo 
white-and-green login page.
2. If I try to login again (now with 
'https://kntest3.ldvtest.org.ua/SOGo/sogoadm' URL) it redirects me 
again. New URL is 'https://kntest3.ldvtest.org.ua/SOGo/so/sogoadm'.
3. If I'll still try to login it will silently redirect me on what 
last page again and again, i.g. URL will now always 
'https://kntest3.ldvtest.org.ua/SOGo/so/sogoadm' and nothing more 
happenes.
I tried number of configuration settings but all the same. Tried 
different logins too.

[skipped]


For those who were interested: I've managed to fix that.
It was LDAP ACLs that were completely mangled  by myself :-)
So SOGo's binding DN was able to authenticate from LDAP but has no 
ability to read data it needed to perform further.
I just wondering why there was no sign of corresponding error message in 
log... :-/



--
Kind regards,
Dmytro Lysytsyn

--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Unable to get access to SOGo for unknown reason.

2019-02-26 Thread Dmytro Lysytsyn


On 22.02.19 15:41, Christian Mack (christian.m...@uni-konstanz.de) wrote:

Could you add the following line to your Apache config:
RequestHeader set "x-webobjects-server-url" "https://%{HTTP_HOST}e";


Hello Christian,

Thank you for your reply!
Suggested line already was in my Apache config and it didn't work.
I've commented it out on purpose, because it was one of first 
recommendations I got from here to make things work :-)



--
Kind regards,
Dmytro Lysytsyn
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Unable to get access to SOGo for unknown reason.

2019-02-20 Thread Dmytro Lysytsyn


On 20.02.19 14:20, Christian Mack (christian.m...@uni-konstanz.de) wrote:
Is Apache module headers active? What is in 
/etc/letsencrypt/options-ssl-apache.conf ?

Hello Christian,

Thank you for your answer!

As far as I see 'headers' module is active:

root@kntest3:~# apachectl -M
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 expires_module (shared)
 filter_module (shared)
 headers_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php7_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)

Also here's content of 'options-ssl-apache.conf':

root@kntest3:~# grep -Ev '^(#|$)' < /etc/letsencrypt/options-ssl-apache.conf
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite 
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

SSLHonorCipherOrder on
SSLCompression  off
SSLOptions +StrictRequire
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" 
vhost_combined

LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
root@kntest3:~#


--
Kind regards,
Dmytro Lysytsyn
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Unable to get access to SOGo for unknown reason.

2019-02-20 Thread Dmytro Lysytsyn


On 19.02.19 22:05, Andrey Cherepanov (c...@altlinux.org) wrote:

From mail from Julian Kippels at 21.09.2018 in users@sogo.nu:
I found the problem. It wasn't anything in the /etc/sogo/sogo.conf at 
all. The problem was with the Apache configuration. When I comment out 
this line RequestHeader set "x-webobjects-server-url" 
"https://%{HTTP_HOST}e"env=HTTP_HOST


from /etc/httpd/conf.d/SOGo.conf everything works as it should. See 
also fix in package:

http://git.altlinux.org/people/cas/packages/sogo.git?p=sogo.git;a=commit;h=6003f42429088b092ace1944d8d9b92fc48a7507


Hello Andrey,

Thank you for your answer!

I tried to comment out line you've mentioned but that doesn't change 
SOGO's behavior at all.

And of course I did restart Apache after config changes.
And also cleared browser's cache just in case.

Here is my whole Apache configuration for SOGo and FD site:
--- 8< -

    ServerName kntest3.ldvtest.org.ua
    ServerAdmin webmas...@kntest3.ldvtest.org.ua
    ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_error.log
    CustomLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_http_access.log 
combined

    Redirect "/" "https://kntest3.ldvtest.org.ua";



    
    ServerName kntest3.ldvtest.org.ua
    DocumentRoot /var/www/html/kntest3.ldvtest.org.ua
    ServerAdmin webmas...@kntest3.ldvtest.org.ua
    ErrorLog ${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_error.log
    CustomLog 
${APACHE_LOG_DIR}/kntest3.ldvtest.org.ua_https_access.log combined

    SSLEngine on
    SSLCertificateFile 
/etc/letsencrypt/live/kntest3.ldvtest.org.ua/cert.pem
    SSLCertificateKeyFile 
/etc/letsencrypt/live/kntest3.ldvtest.org.ua/privkey.pem

    Include /etc/letsencrypt/options-ssl-apache.conf
    
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
    
    Alias /fusiondirectory /usr/share/fusiondirectory/html
    
    SSLOptions +StdEnvVars
    
    
    SSLOptions +StdEnvVars
    
    BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0

    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    
    
    php_admin_flag engine on
    php_admin_flag register_globals off
    php_admin_flag allow_call_time_pass_reference off
    php_admin_flag expose_php off
    php_admin_flag zend.ze1_compatibility_mode off
    php_admin_flag register_long_arrays off
    php_admin_value upload_tmp_dir /var/spool/fusiondirectory/
    php_admin_value session.cookie_lifetime 0
    
    
    
    Order Allow,Deny
    # Changed IP here
    Allow from 1.2.3.4
    
    Alias /SOGo.woa/WebServerResources/ 
/usr/lib/GNUstep/SOGo/WebServerResources/
    Alias /SOGo/WebServerResources/ 
/usr/lib/GNUstep/SOGo/WebServerResources/

    
    AllowOverride None
    
    Order deny,allow
    Allow from all
    
    = 2.4>
    Require all granted
    
    
    ExpiresActive On
    ExpiresDefault "access plus 1 year"
    
    
    ProxyRequests Off
    SetEnv proxy-nokeepalive 1
    ProxyPreserveHost On
    ProxyPass /SOGo http://127.0.0.1:2/SOGo retry=0
    http://127.0.0.1:2/SOGo>
    
    RequestHeader set "x-webobjects-server-port" "443"
    SetEnvIf Host (.*) HTTP_HOST=$1
    RequestHeader set "x-webobjects-server-name" 
"%{HTTP_HOST}e" env=HTTP_HOST

    RequestHeader unset "x-webobjects-remote-user"
    RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
    
    AddDefaultCharset UTF-8
    Order allow,deny
    Allow from all
    
    
    RewriteEngine On
    RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
    RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
    
    

--- 8< -


--
Kind regards,
Dmytro Lysytsyn
--
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] Unable to get access to SOGo for unknown reason.

2019-02-19 Thread Dmytro Lysytsyn

type = ldap;
    CNFieldName = cn;
    UIDFieldName = uid;
    IDFieldName = uid; // first field of the DN for direct binds
    baseDN = "ou=people,dc=kntest3,dc=ldvtest,dc=org,dc=ua";
    bindDN = 
"uid=sogoconnect,ou=people,dc=kntest3,dc=ldvtest,dc=org,dc=ua";

    bindPassword = "fR2Gq7Kc6Mfu9Aqf1TxU";
    canAuthenticate = YES;
    displayName = "Shared Addresses";
    hostname = ldap://127.0.0.1:389;
    id = public;
    isAddressBook = YES;
    passwordPolicy = NO;
    }
);
SOGoLanguage = English;
SOGoTimeZone = Europe/Stockholm;
SOGoSuperUsernames = (sogodn, sogoconnect, sogoadm); // This is an array 
- keep the parens!

SOGoMemcachedHost = "127.0.0.1";

/* Debug*/
SOGoDebugRequests = YES;
SoDebugBaseURL = YES;
ImapDebugEnabled = YES;
LDAPDebugEnabled = YES;
PGDebugEnabled = YES;
MySQL4DebugEnabled = YES;
SOGoUIxDebugEnabled = YES;
WODontZipResponse = YES;
WOLogFile = /var/log/sogo/sogo.log;
}
--- 8< 
- 


Client system: Ubuntu 18.04, all updates. Firefox and Chrome.

Any help whould be very appreciated.

--
Kind regards,
Dmytro Lysytsyn
--
users@sogo.nu
https://inverse.ca/sogo/lists

Re: [SOGo] Unable to get access to SOGo for unknown reason.

Re: [SOGo] Unable to get access to SOGo for unknown reason.

Re: [SOGo] Unable to get access to SOGo for unknown reason.

Re: [SOGo] Unable to get access to SOGo for unknown reason.

[SOGo] Unable to get access to SOGo for unknown reason.

5 matches

Site Navigation

Mail list logo

Footer information