Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword
2013/1/28 Jean Raby jr...@inverse.ca On 13-01-28 12:20 PM, Luis Angel Fernandez Fernandez wrote: Using tcpdump I don't see sogo using binddn anywhere, just the simple bind with the user dn. What am I missing? bindFields. please see this thread: https://inverse.ca/sogo/lists/**arc/users/2012-05/msg00021.**htmlhttps://inverse.ca/sogo/lists/arc/users/2012-05/msg00021.html https://inverse.ca/sogo/lists/**arc/users/2012-05/msg00032.**htmlhttps://inverse.ca/sogo/lists/arc/users/2012-05/msg00032.html I am already using them. I even tried to put a few fields so maybe one them would match and I could see anything in logs. These are de bind fields I am trying in one of the domains: bindFields=(uid, cn, mail, userPassword); But, still, I am seeing the same bind and the same error in logs.. At least it uses the right baseDN each time. -- Linkedin profile (http://es.linkedin.com/in/lafdez) G+ profile (https://plus.google.com/u/0/115320207805121303027/about) Twitter (@lafdez @_lafdez_) Identi.ca (@lafdez) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword
Hi, I got the same error witch 2.0.4 update. My configuration is in .GnuDefaults format, and bindFields is set (it was working on 2.0.3a. I tried to use sogo-tool dump-defaults, without success : WARNING: Using default signature for dataWithPropertyList:format:options:error: ... either the method for that selector is not implemented by the receiver, or you must be using an old/faulty version of the Objective-C runtime library. sogo-tool: Uncaught exception NSInvalidArgumentException, reason: Can not determine type information for +[NSPropertyListSerialization dataWithPropertyList:format:options:error:] Here is our sanitarized conf file : { NSGlobalDomain = { }; sogod = { OCSFolderInfoURL = postgresql://user:password@localhost:5432/sogo_db/sogo_folder_info; OCSSessionsFolderURL = postgresql://user:password@localhost:5432/sogo_db/sogo_sessions_folder; SOGoProfileURL = postgresql://user:password@localhost:5432/sogo_db/sogo_user_profile; SOGoACLsSendEMailNotifications = YES; SOGoAppointmentSendEMailNotifications = YES; SOGoFoldersSendEMailNotifications = YES; SOGoIMAPServer = imaps://localhost:993; SOGoLanguage = French; SOGoMailDomain = mydomain.com; SOGoMailingMechanism = smtp; SOGoSMTPServer = localhost; SOGoTimeZone = Europe/Paris; SOGoPageTitle = 3SRMail; SOGoLoginModule = Mail; SOGoVacationEnabled = YES; SOGoForwardEnabled = YES; SOGoSieveScriptsEnabled = YES; SOGoMailMessageCheck = every_5_minute; NGImap4ConnectionStringSeparator = .; SOGoFaviconRelativeURL = https://mydomain.com/favicon.ico; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = middleName; IMAPLoginFieldName = middleName; baseDN = OU=Users,DC=domain,DC=local; bindDN = binddn@domain.local; bindPassword = bindpassword; bindFields = (middleName); filter = (objectClass=person OR (objectcategory=group AND sAMAccountType=268435457)); canAuthenticate = YES; displayName = Directory; hostname = ldap; id = public; isAddressBook = YES; port = 389; scope = sub; } ); }; } Cheers, rémi Le 28/01/2013 18:20, Luis Angel Fernandez Fernandez a écrit : Hi I am still trying to set up a multi domain SOGo but with no success so far. When I try to log into SOGo this is what I get in samba logs: [2013/01/28 18:15:17, 3] ../lib/ldb-samba/ldb_wrap.c:318(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2013/01/28 18:15:17, 3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)] auth_check_password_send: mapped user is: [ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)] [2013/01/28 18:15:17, 3] ../libcli/auth/ntlm_check.c:228(hash_password_check) ntlm_password_check: NO NT password stored for user $8CE6ED97-A469161AE3BF0489. [2013/01/28 18:15:17, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [ALIRATIUN\$8CE6ED97-A469161AE3BF0489] FAILED with error NT_STATUS_WRONG_PASSWORD [2013/01/28 18:15:17, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2013/01/28 18:15:17, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] and this in sogo logs: Jan 28 18:16:23 sogod [5721]: |SOGo| starting method 'POST' on uri '/SOGo/connect' Jan 28 18:16:23 sogod [5721]: |SOGo| traverse(acquire): SOGo = connect Jan 28 18:16:23 sogod [5721]: |SOGo| do traverse name: 'SOGo' Jan 28 18:16:23 sogod [5721]: [so-security]D validate object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D object is public. Jan 28 18:16:23 sogod [5721]: [so-security]D validate key SOGo of object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D found no security info for key (class SOGo): SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D default is allow ... Jan 28 18:16:23 sogod [5721]: |SOGo| do traverse name: 'connect' Jan 28 18:16:23 sogod [5721]: [so-security]D validate key connect of object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D validate permission 'public' on object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D successfully validated permission
Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword
2013/1/29 remi.caillet...@3sr-grenoble.fr Hi, I got the same error witch 2.0.4 update. My configuration is in .GnuDefaults format, and bindFields is set (it was working on 2.0.3a. I tried to use sogo-tool dump-defaults, without success : I can log into SOGo (although I can't see IMAP folders, but that is a different problem). I kept the bindFields and using ldapadmin ( http://www.ldapadmin.org/) I managed to change user password (it seems userPassword it is not used) and then I had to edit the field userAccountControl and change its value to 66048 that it means the account is enabled and the password will not expire. -- Linkedin profile (http://es.linkedin.com/in/lafdez) G+ profile (https://plus.google.com/u/0/115320207805121303027/about) Twitter (@lafdez @_lafdez_) Identi.ca (@lafdez) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword
On 13-01-29 5:54 AM, remi.caillet...@3sr-grenoble.fr wrote: Hi, I got the same error witch 2.0.4 update. My configuration is in .GnuDefaults format, and bindFields is set (it was working on 2.0.3a. I tried to use sogo-tool dump-defaults, without success : WARNING: Using default signature for dataWithPropertyList:format:options:error: ... either the method for that selector is not implemented by the receiver, or you must be using an old/faulty version of the Objective-C runtime library. sogo-tool: Uncaught exception NSInvalidArgumentException, reason: Can not determine type information for +[NSPropertyListSerialization dataWithPropertyList:format:options:error:] Ouch, sorry about that! This is fixed now, see this commit: https://github.com/inverse-inc/sogo/commit/ea13fd14c97ac3c58e1c50d3b82d0657715f1016 Here is our sanitarized conf file : { NSGlobalDomain = { }; sogod = { OCSFolderInfoURL = postgresql://user:password@localhost:5432/sogo_db/sogo_folder_info; OCSSessionsFolderURL = postgresql://user:password@localhost:5432/sogo_db/sogo_sessions_folder; SOGoProfileURL = postgresql://user:password@localhost:5432/sogo_db/sogo_user_profile; SOGoACLsSendEMailNotifications = YES; SOGoAppointmentSendEMailNotifications = YES; SOGoFoldersSendEMailNotifications = YES; SOGoIMAPServer = imaps://localhost:993; SOGoLanguage = French; SOGoMailDomain = mydomain.com; SOGoMailingMechanism = smtp; SOGoSMTPServer = localhost; SOGoTimeZone = Europe/Paris; SOGoPageTitle = 3SRMail; SOGoLoginModule = Mail; SOGoVacationEnabled = YES; SOGoForwardEnabled = YES; SOGoSieveScriptsEnabled = YES; SOGoMailMessageCheck = every_5_minute; NGImap4ConnectionStringSeparator = .; SOGoFaviconRelativeURL = https://mydomain.com/favicon.ico; SOGoUserSources = ( { type = ldap; CNFieldName = cn; IDFieldName = cn; UIDFieldName = middleName; IMAPLoginFieldName = middleName; baseDN = OU=Users,DC=domain,DC=local; bindDN = binddn@domain.local; bindPassword = bindpassword; bindFields = (middleName); filter = (objectClass=person OR (objectcategory=group AND sAMAccountType=268435457)); canAuthenticate = YES; displayName = Directory; hostname = ldap; id = public; isAddressBook = YES; port = 389; scope = sub; } ); }; } What errors do you see in the sogo log file and could you post a log of the ldap requests made by sogo? Cheers, rémi Le 28/01/2013 18:20, Luis Angel Fernandez Fernandez a écrit : Hi I am still trying to set up a multi domain SOGo but with no success so far. When I try to log into SOGo this is what I get in samba logs: [2013/01/28 18:15:17, 3] ../lib/ldb-samba/ldb_wrap.c:318(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2013/01/28 18:15:17, 3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)] auth_check_password_send: mapped user is: [ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)] [2013/01/28 18:15:17, 3] ../libcli/auth/ntlm_check.c:228(hash_password_check) ntlm_password_check: NO NT password stored for user $8CE6ED97-A469161AE3BF0489. [2013/01/28 18:15:17, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [ALIRATIUN\$8CE6ED97-A469161AE3BF0489] FAILED with error NT_STATUS_WRONG_PASSWORD [2013/01/28 18:15:17, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2013/01/28 18:15:17, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] and this in sogo logs: Jan 28 18:16:23 sogod [5721]: |SOGo| starting method 'POST' on uri '/SOGo/connect' Jan 28 18:16:23 sogod [5721]: |SOGo| traverse(acquire): SOGo = connect Jan 28 18:16:23 sogod [5721]: |SOGo| do traverse name: 'SOGo' Jan 28 18:16:23 sogod [5721]: [so-security]D validate object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D object is public. Jan 28 18:16:23 sogod [5721]: [so-security]D validate key SOGo of object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D found no security info for key (class SOGo): SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D default is allow ... Jan 28 18:16:23 sogod [5721]: |SOGo| do traverse name:
Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword
Le 29/01/2013 16:40, Jean Raby a écrit : On 13-01-29 5:54 AM, remi.caillet...@3sr-grenoble.fr wrote: Hi, I got the same error witch 2.0.4 update. My configuration is in .GnuDefaults format, and bindFields is set (it was working on 2.0.3a. I tried to use sogo-tool dump-defaults, without success : WARNING: Using default signature for dataWithPropertyList:format:options:error: ... either the method for that selector is not implemented by the receiver, or you must be using an old/faulty version of the Objective-C runtime library. sogo-tool: Uncaught exception NSInvalidArgumentException, reason: Can not determine type information for +[NSPropertyListSerialization dataWithPropertyList:format:options:error:] Ouch, sorry about that! This is fixed now, see this commit: https://github.com/inverse-inc/sogo/commit/ea13fd14c97ac3c58e1c50d3b82d0657715f1016 thx for reactivity ;) What errors do you see in the sogo log file and could you post a log of the ldap requests made by sogo? Here is debug log with LDAPDebugEnabled.It's from our test server, which face the same issue. Jan 29 17:52:20 sogod [1633]: 0x0x7f92ec44d1a0[NGLdapConnection] Using ldap_init (deprecated) for LDAP host:port ***:389 Jan 29 17:52:20 sogod [1633]: 0x0x7f92ec48a5b0[NGLdapConnection] Using ldap_init (deprecated) for LDAP host:port ***:389 2013-01-29 17:52:20.767 sogod[1633] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter for attrs 2013-01-29 17:52:20.768 sogod[1633] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter for attrs 2013-01-29 17:52:20.784 sogod[1633] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search with at base filter for attrs Jan 29 17:52:20 sogod [1633]: 0x0x7f92ec3b3f30[LDAPSource] NSException: 0x7f92ec58d160 NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{login = cn=r\\C3\\A9mi cailletaud,ou=utilisateurs,dc=domain,dc=local; } Jan 29 17:52:20 sogod [1633]: SOGoRootPage Login for user 'cailletaud.remi' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 localhost - - [29/Jan/2013:17:52:20 GMT] POST /SOGo/connect HTTP/1.1 403 34/53 0.040 - - 636K Cheers, rémi Le 28/01/2013 18:20, Luis Angel Fernandez Fernandez a écrit : Hi I am still trying to set up a multi domain SOGo but with no success so far. When I try to log into SOGo this is what I get in samba logs: [2013/01/28 18:15:17, 3] ../lib/ldb-samba/ldb_wrap.c:318(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2013/01/28 18:15:17, 3] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)] auth_check_password_send: mapped user is: [ALIRATIUN]\[$8CE6ED97-A469161AE3BF0489]@[(null)] [2013/01/28 18:15:17, 3] ../libcli/auth/ntlm_check.c:228(hash_password_check) ntlm_password_check: NO NT password stored for user $8CE6ED97-A469161AE3BF0489. [2013/01/28 18:15:17, 2] ../source4/auth/ntlm/auth.c:420(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [ALIRATIUN\$8CE6ED97-A469161AE3BF0489] FAILED with error NT_STATUS_WRONG_PASSWORD [2013/01/28 18:15:17, 3] ../source4/smbd/service_stream.c:63(stream_terminate_connection) Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' [2013/01/28 18:15:17, 3] ../source4/smbd/process_single.c:104(single_terminate) single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED] and this in sogo logs: Jan 28 18:16:23 sogod [5721]: |SOGo| starting method 'POST' on uri '/SOGo/connect' Jan 28 18:16:23 sogod [5721]: |SOGo| traverse(acquire): SOGo = connect Jan 28 18:16:23 sogod [5721]: |SOGo| do traverse name: 'SOGo' Jan 28 18:16:23 sogod [5721]: [so-security]D validate object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D object is public. Jan 28 18:16:23 sogod [5721]: [so-security]D validate key SOGo of object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D found no security info for key (class SOGo): SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D default is allow ... Jan 28 18:16:23 sogod [5721]: |SOGo| do traverse name: 'connect' Jan 28 18:16:23 sogod [5721]: [so-security]D validate key connect of object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D validate permission 'public' on object: SOGo[0x0x141c534]: name=SOGo Jan 28 18:16:23 sogod [5721]: [so-security]D successfully validated permission 'public'. Jan 28 18:16:23 sogod [5721]: [so-security]D successfully validated key (connect). Jan 28 18:16:23 sogod [5721]: [so-security]D validate object: 0x0x168572c[SoPageInvocation]: class=SOGoRootPage action=connect bound instantiated product=0x0x1409a4c[SoProduct]: loaded
Re: [SOGo] It seems sogo doesn't use bindDN and bindPassword
On 13-01-28 12:20 PM, Luis Angel Fernandez Fernandez wrote: Using tcpdump I don't see sogo using binddn anywhere, just the simple bind with the user dn. What am I missing? bindFields. please see this thread: https://inverse.ca/sogo/lists/arc/users/2012-05/msg00021.html https://inverse.ca/sogo/lists/arc/users/2012-05/msg00032.html -- Jean Raby jr...@inverse.ca :: +1.514.447.4918 (x120) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- users@sogo.nu https://inverse.ca/sogo/lists