Hi all,
hope somebody can give me a hint ;)
we have here a multi domain configuration, each with a different
SOGoUserSource (bothsamba4 AD, but different AD's on different hosts,
with different base-dn and different users...)
- users, that log on with <username>@<domain_a> will be authenticated
against _both_ SOGoUserSources, of cource, failing at one, but succeed
on the other
- users, that log on with <username>@<domain_b> will be authenticated
against _both_ SOGoUserSources, again here, fail on one, and succeed on
the other.
now, often it happens, if memcached is running, that all users from
<domain_b> (the AD Server is quite a bit farer away, has a little higher
latency then AD of domain_a), won't work and only the sogoMessage
"object not found: SOGo => <username>@<domain_b>" is displayedin the web
interface.
Disabling memcached solves it, but throws thousands of caching-error
messages in the sogo.log,of course ;)
Now, did I understoodsomething wrong? - imho i thought,the users of
<domain_a> should only be authenticated against AD of <domain_a> cause,
for this, AD of domain_a is theonly SOGoUserSource, and of course, same
on <domain_b>
- or are always all UserSources are triedregardless if they are
configured in this domain or not.
- or did I simply made a config mistake :D
I hope idescriped it a little bit clear... :D
Currently we are running sogo with nightly version of (2.2.8?) - cause
2.2.7 had a bug that was only fixed in the nightly one.
I see this behaviour since our upgrade from 2.x (2.0.x ithink) to 2.2.7
and 2.2.8 nightly...
It's currently a ubuntu 14.04.1 LTS System,
and here's the config:
Thank you in advance! ;)
Michael
{
GCSFolderDebugEnabled = NO;
MySQL4DebugEnabled = NO;
LDAPDebugEnabled = YES;
OCSFolderInfoURL =
"mysql://<user>:<pass>@localhost:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"mysql://<user>:<pass>@localhost:3306/sogo/sogo_sessions_folder";
SOGoACLsSendEMailNotifications = YES;
SOGoACLsSendEmailNotifications = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoFoldersSendEMailNotifications = YES;
SOGoIMAPServer = "imaps://mail.DOMAIN.TLD:993";
SOGoLanguage = German;
SOGoMailingMechanism = sendmail;
SOGoProfileURL =
"mysql://<user>:<pass>@localhost:3306/sogo/sogo_user_profile";
SOGoSMTPServer = "mail.DOMAIN.TLD";
SOGoSieveScriptsEnabled = YES;
SOGoSieveServer = "sieve://mail.DOMAIN.TLD:4190";
SOGoSuperUsernames = (
pcpatch,
"pcpatch@domain.A",
"pcpatch@domain.B"
);
SOGoTimeZone = "Europe/Berlin";
SOGoVacationEnabled = YES;
SxVMemLimit = 1024;
WODebugZipResponse = NO;
WOWorkersCount = 32;
domains = {
"domain.A" = {
SOGoDraftsFolderName = Drafts;
SOGoHideSystemEMail = YES;
SOGoLanguage = German;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
SOGoMailDomain = "domain.A";
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = cn;
UIDFieldName = otherMailbox;
IMAPHostFieldName = mailHost;
KindFieldName = Kind;
MailFieldNames = (
mail
);
MultipleBookingsFieldName = Multiplebookings;
baseDN = "CN=Users,DC=<DOMAIN_A>,DC=local";
bindDN = "cn=Administrator,CN=Users,DC=<DOMAIN_A>,DC=local";
bindFields = (
otherMailbox
);
bindPassword = "<password>";
bindAsCurrentUser = YES;
canAuthenticate = YES;
displayName = "Globales Adressbuch";
hostname = "ldap://dc.DOMAIN_A.local:389";;
id = "public_<DOMAIN_A>_dc";
isAddressBook = YES;
scope = SUB;
type = ldap;
}
);
};
"domain.B" = {
SOGoDraftsFolderName = Drafts;
SOGoHideSystemEMail = YES;
SOGoLanguage = German;
SOGoMailAuxiliaryUserAccountsEnabled = YES;
SOGoMailDomain = "domain.B";
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoUserSources = (
{
CNFieldName = displayName;
IDFieldName = cn;
UIDFieldName = otherMailBox;
IMAPHostFieldName = mailHost;
KindFieldName = Kind;
MailFieldNames = (
mail
);
MultipleBookingsFieldName = Multiplebookings;
baseDN = "dc=<DOMAIN_B>,dc=local";
bindAsCurrentUser = YES;
bindDN = "cn=Administrator,cn=Users,dc=<DOMAIN_B>,dc=local";
bindFields = (
otherMailbox
);
bindPassword = "<password>";
canAuthenticate = YES;
displayName = "Globales Adressbuch";
hostname = "dc.<DOMAIN_B>.local";
id = "public_<DOMAIN_B>";
isAddressBook = NO;
port = 389;
scope = SUB;
type = ldap;
}
);
};
};
}
Mit den besten Grüßen
Michael Alzheimer
Leiter Technische Informationsverarbeitung
------------------------------------------------------------------------
bonitasprint gmbh
Max-von-Laue-Str. 31 · 97080 Würzburg
michael.alzhei...@bonitasprint.de <mailto:michael.alzhei...@bonitasprint.de>
www.bonitasprint.de <http://www.bonitasprint.de/> · www.printzipia.de
<http://www.printzipia.de/>
------------------------------------------------------------------------
RG Würzburg HRB 8930
Geschäftsführer: Dieter Körner
nature office - Klimaneutral drucken
--
users@sogo.nu
https://inverse.ca/sogo/lists
