Re: [SOGo] Login issues with LDAP
On 16/05/2016 20:47, Matthias Boindl (matthias.boi...@gmx.at) wrote:
I am running a SOGO (2.2.9+git20141017-1) on Debian 8.0 and cannot login
via web interface. It tells me that username/password is wrong.
At a first glance, your setup looks like it should work. I have a
similar setup. My SOGOUserSources looks like this:
SOGoUserSources = (
{
CNFieldName = cn;
IDFieldName = uid;
UIDFieldName = uid;
baseDN = "ou=People,dc=example,dc=com";
bindDN = "cn=access,dc=example,dc=com";
bindFields = (
uid
);
bindPassword = XXX;
canAuthenticate = YES;
displayName = "Example addresses";
hostname = localhost;
id = public;
isAddressBook = YES;
port = 389;
type = ldap;
}
)
I see the following in the slapd log:
May 17 13:54:43 sogohost slapd[1997]: conn=198522 fd=44 ACCEPT from
IP=127.0.0.1:51315 (IP=127.0.0.1:389)
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=0 BIND
dn="cn=access,dc=example,dc=com" method=128
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=0 BIND
dn="cn=access,dc=example,dc=com" mech=SIMPLE ssf=0
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=0 RESULT tag=97
err=0 text=
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=1 SRCH
base="ou=people,dc=example,dc=com" scope=2 deref=0 filter="(uid=test)"
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=1 SRCH attr=dn
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
May 17 13:54:43 sogohost slapd[1997]: conn=198523 fd=45 ACCEPT from
IP=127.0.0.1:51316 (IP=127.0.0.1:389)
May 17 13:54:43 sogohost slapd[1997]: conn=198523 op=0 BIND
dn="uid=test,ou=people,dc=example,dc=com" method=128
May 17 13:54:43 sogohost slapd[1997]: conn=198523 op=0 BIND
dn="uid=test,ou=People,dc=example,dc=com" mech=SIMPLE ssf=0
May 17 13:54:43 sogohost slapd[1997]: conn=198523 op=0 RESULT tag=97
err=0 text=
May 17 13:54:43 sogohost slapd[1997]: conn=198523 op=1 UNBIND
May 17 13:54:43 sogohost slapd[1997]: conn=198523 fd=45 closed
May 17 13:54:43 sogohost slapd[1997]: conn=198522 op=2 UNBIND
May 17 13:54:43 sogohost slapd[1997]: conn=198522 fd=44 closed
If you try your ldpasearch, do you see that binding via cn=Manager?
My experience of this setup is that you have to be 100% sure LDAP really
is working the way you think before even looking at SOGo.
Good luck.
--
Jim Hague - jim.ha...@acm.org Never trust a computer you can't
lift.
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] Dovecot 2.2
On Wednesday 03 Oct 2012 12:19:27 Jeroen Dekkers wrote: > I'm using SOGo 1.3 together with dovecot 1.2.15 (from Debian > squeeze). As far as I know nothing is missed by using Dovecot. FWIW, Group ACLs don't work with Dovecot 1.2. You need Dovecot 2 for that. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Calender events deleted after upgrade 1.3.17 to 1.3.18
On Friday 07 Sep 2012 21:44:27 Francis Lachapelle wrote: > FYI, SOGo 1.3.18 doesn't delete random events. Thank God. :) Thank God indeed. I must admit than I do wonder if it was a user problem. > > And is there a way I can undelete the events? > > Update your tables (c_deleted = 0) and use sogo-tool to restore the entries > in the quick tables : > > su - sogo > mkdir foo > sogo-tool backup foo jim.hague > sogo-tool restore -F ALL foo jim.hague > rm -fR foo > exit Brilliant. Thanks for your help, Francis. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Calender events deleted after upgrade 1.3.17 to 1.3.18
Hi all, I'm running SOGo with MySQL on a x86 Debian Stable server using the Inverse packages from the Inverse apt repository. I recently upgraded 1.3.17-1 to the latest 1.3.18-1. Shortly after the upgrade, I started getting complaints from users that some current and future events had vanished from a shared calendar. This calendar is the main focus of use in our company; there might well have been similar on personal calendars, but they are lightly used and I have not had a report. Poking around in the database, I find the events are present in the main table but marked as deleted (c_deleted is 1). They have been removed from the corresponding _quick table. Has anyone else seen similar? And is there a way I can undelete the events? Thanks. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Shared mail folders? Dovecot
On Saturday 05 May 2012 05:53:14 acjohn...@pcdomain.com wrote: > The proxy server received an invalid response from an upstream server. > The proxy server could not handle the request GET > /SOGo/so/jacks/Mail/0/folderINBOX/acls. > > Reason: Error reading from remote server > > > From reading the mailing lists it looks like I need to configure folder > sharing in Dovecot, but is that all I need to do to get rid of this error, > or is there something that I need to add to my Apache config? I don't remember addding anything to my Apache config when setting up shared folders. Note that to support ACLs in SOGo completely you need Dovecot v2. v1 does not support all the ACL options SOGo offers. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] sogo not binding to LDAP
On Wednesday 07 Mar 2012 13:55:24 Bunjes Friedemann wrote: > sogo seems not to be able to bind to our LDAP server: > [...] > sogo.log: > > Mar 06 09:58:47 sogod [4778]: SOGoRootPage Login for user 'fbunjes' might > not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 > localhost - - [06/Mar/2012:09:58:47 GMT] "POST /SOGo/connect HTTP/1.1" 403 > 34/42 0.025 - - 2M > > Commandline ldapsearch using user sogo is working: > > ldapsearch -h localhost -b "ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local" > -D > "uid=sogo,ou=Users,ou=EDV,ou=HIH,dc=neurologie.uni-tuebingen.de,dc=local" > -W objectclass=person > > How can we further debug this? Any way to make the log more verbose? I found the best way to debug these sorts of issues is to set the LDAP server to log the queries, so you can see exactly what the difference is between successful and unsuccessful transactions. If, like me, you are using OpenLDAP, I find that running with olcLogLevel: stats usually gives me sufficient clues. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Assistance with delegated e-mail and calendars not appearing
On Wednesday 09 Nov 2011 10:05:19 Anthony Callegaro wrote: > On 09/11/11 09:51, Sven Schwedas wrote: > > Yes, mail sharing is done by the mail server. If it doesn't support ACLs > > (as far as I know Dovecot doesn't – cyrus does, though), > > Seems like dovecot does support it : > http://wiki.dovecot.org/SharedMailboxes/Shared I haven't try to > configure it though. Dovecot does support ACLs and can be used successfully with SOGo to share mailboxes. Two caveats: 1. You'll need Dovecot 2.0 to handle group ACLs properly. They are broken in 1.2. 2. Mail storage (e.g. Maildir) permissions will have to be set to allow Dovecot to access the shared folders. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Group ACLs and Dovecot
Debian Stable, SOGo 1.3.7a, LDAP and Dovecot 1.2.15. I'm experimenting with sharing mailboxes with SOGo in the above configuration. I have individual and 'anyone' ACLs working fine via the Dovecot imap_acl plugin. Group ACLs don't work, though. The primary reasons seems to be that Dovecot is hardwired to expect group names to be prefixed with '$' (and claims implicit RFC authority for this). SOGo sends group names prefixed with '@', so Dovecot doesn't understand them as groups. Is there a way to configure SOGo to use '$' as a group prefix in IMAP ACLs? -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Groups not recognised on event invites
I'm running 1.3.6 (just upgraded from 1.3.5a) via the Debian packages on a
Debian Squeeze host. I'm using an OpenLDAP system on the same host for user
authentication and authorisation.
I'm having a small problem with groups in the web interface. Groups appear in
auto-complete as expected when composing mail or setting calendar ACLs. But
they do not appear when preparing invites to events.
Copying a group address from LDAP to the personal address book causes the
group address to appear in auto-complete when preparing invites.
Entering the group address this way, or by hand, works - the group is expanded
to the list of group members on saving the event.
The group configuration is as follows (domain names and passwords changed).
Groups are LDAP groupOfNames.
CNFieldName
cn
IDFieldName
cn
UIDFieldName
cn
bindDN
cn=access,dc=example,dc=com
bindPassword
password
baseDN
ou=Groups,dc=example,dc=com
canAuthenticate
YES
displayName
LAIC groups
hostname
localhost
id
publicgroup
isAddressBook
YES
port
389
type
ldap
--
Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift.
--
users@sogo.nu
https://inverse.ca/sogo/lists
Re: [SOGo] Alternative sender
On Friday 18 Mar 2011 11:06:16 Alessio Fattorini wrote: > Il 18/03/2011 12:01, Paul van der Vlis ha scritto: > > Hello, > > > > Is it possible for users to have more then one identitie for sending > > mail? For e.g. private mail, bussiness mail, more official mail, etc. > > It's a recursive question: > You Need to define the email addresses in the mail attribute of your ldap > users. The SOGo web interface then allows users to choose from any of the > addresses when composing emails. I've done this, and it works well. However, be warned that if you have clients set up to use your LDAP as an address book, you can't be sure which of the multiple addresses they will choose to display as your email. I carefully set up OpenLDAP to return addresses in a particular order, hoping that the first would always be the one displayed as the address book address, which mostly worked, but then found that iCal doesn't pick the first. Dunno how it does choose. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Free/Busy not displayed in web?
On Thursday 17 Mar 2011 16:37:11 Louis-Philippe Gauthier wrote: > > However, on the calendar, when I invite attendees known to SOGo, I never > > see > > their free/busy information. Or rather, they are presented as invariably > > free, > > in both web and Lightning. > > Have you set SOGoCalendarDefaultRoles in SOGo configuration? > > "PublicDAndTViewer" for public event ? > "PrivateDAndTViewer" for private event ? > "ConfidentialDAndTViewer" for confidential event? > > With these three parameters, you'll see that there is something in the > calendar (but you didn't see what it is ) Wonderful. Thanks, that was the missing bit of the puzzle. -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Free/Busy not displayed in web?
I've installed SOGo on a Debian Squeeze host, via apt from the Inverse repository. I'm up to date, at 1.3.5a. I have configured SOGo to use our LDAP server, and thus far most things seem to be working fine. However, on the calendar, when I invite attendees known to SOGo, I never see their free/busy information. Or rather, they are presented as invariably free, in both web and Lightning. I've checked this against the 1.3.5 ZEG and I see exactly the same thing. Here's what I did in the ZEG: 1. Log in as sogo1. Create an event for tomorrow from 12:45-13:45. Log out. 2. Log in as sogo2. Create an event for tomorrow from 12:45-16:45. Save. 3. Open event and click 'Invite Attendees'. I see my current user, sogo2, is invited, and marked as busy between 12:45 and 16:45. 4. Click 'Add attendee', and enter 'John Doe', which is filled in as sogo1 as expected. Hit Return to confirm address, and his free/busy info is displayed as completely free. I expected to see 12:45-13:45 blocked in blue as busy. Both sogo1 and sogo2 Personal Calendars have 'Include in free/busy' checked. Am I completely misunderstanding something, or is this just broken at the moment? -- Jim Hague - jim.ha...@acm.org Never trust a computer you can't lift. -- users@sogo.nu https://inverse.ca/sogo/lists
