Le 26/07/2012 09:41, Nicolas Cauchie a écrit :
Le 25/07/2012 20:40, "Daniel Müller" a écrit :
If your users can logon to your ADs and your email-server with the same 
password and user credentials than they can logon to SOGo.
Just find out the right uids for your users
-------- Original-Nachricht --------
Datum: Wed, 25 Jul 2012 10:29:51 -0400 (EDT)
Betreff: [SOGo] Sogo with Active Directory
Hi All !

I've just installed a Debian 6.0.5 to create a SOGo server.

I already have an Active Directory wich works fine.

I've done all configuration of SOGo, but I can't login with an account of

Here's my config file (I deleted configs that I thank useless) :












                <string>s...@domain.lan</string> (also used DOMAIN\sogo,

        #<string>sAMAccountName</string> (with or without, no change...)


                <string>Active Directory</string>








And here's the log file :
Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Cache cleanup
set every 300.000000 seconds
Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Using host(s)
'localhost' as server(s)
2012-07-25 16:24:36.319 sogod[13802] Note(SoObject): SoDebugKeyLookup is
2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): SoDebugBaseURL is
2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): relative base URLs
2012-07-25 16:24:36.322 sogod[13802] ERROR(-[NGBundleManager
could not create bundle for path:
2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: pool embedding is
2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: id logging is on.
Jul 25 16:24:36 sogod [13802]: SOGoRootPage Login for user
might not have worked - password policy: 65535  grace: -1  expire: -1
bound: 0
localhost - - [25/Jul/2012:16:24:36 GMT] "POST /SOGo/connect HTTP/1.1" 403
34/66 0.018 - - 2M
2012-07-25 16:25:16.245 sogod[13802] Note: Using UTF-8 as URL encoding in
Jul 25 16:25:16 sogod [13802]: SOGoRootPage Login for user
might not have worked - password policy: 65535  grace: -1  expire: -1
bound: 0
localhost - - [25/Jul/2012:16:25:16 GMT] "POST /SOGo/connect HTTP/1.1" 403
34/104 0.004 - - 12K

I also add that I've a server for SOGo, another one for Mails
(Postfix/dovecot), and onther one for AD. Mails user do their
authentication on
AD server without problem.

I'm becoming silly, thanks for your help ;)

You're right, that's why I'm becoming mad...

Can sieve block any connexion to SOGo ?

I use SOGo Webmin module, and when I "test" sieve parameters, it returns me :
Failed: IO::Socket::INET: connect: Connection refused.

I think it's my mail server fault...
If it's not urgent, I'll check it later, but if it disables users connexion, I'll check it first before continue...

Thanks in advance ;)


I'm confuse, I don't know why it isn't work...

For the test, I placed "sogo" user who'll bind to the DC and a "normal" user in "Users" group.

I re-give my "new" configuration files :

sogo :








        <string>Active Directory</string>









And my Dovecot' configuration file, maybe it'll help...
    hosts           = <DCServer>:389
    ldap_version    = 3
    auth_bind       = yes
    dn              = u...@domain.lan
    dnpass          = *********
base = ou=%d,dc=<domain>,dc=lan (my AD is multi-domain, so, I class users in OU wich have their domain-name. For example, j...@domain1.fr will be in an OU called domain1.fr)
    scope           = subtree
    deref           = never
user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
    pass_attrs      = userPassword=password
    default_pass_scheme = CRYPT
    user_attrs      = <maildirs>

With those SOGo parameters, here's the log file just after a reboot of the SOGo service : Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object: <SOGo[0x0x86990e8]: name=SOGo>
    Jul 26 11:37:36 sogod [7228]: <[so-security]>D   object is public.
Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key SOGo of object: <SOGo[0x0x86990e8]: name=SOGo> Jul 26 11:37:36 sogod [7228]: <[so-security]>D found no security info for key (class SOGo): SOGo
    Jul 26 11:37:36 sogod [7228]: <[so-security]>D   default is allow ...
Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key connect of object: <SOGo[0x0x86990e8]: name=SOGo> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate permission '<public>' on object: <SOGo[0x0x86990e8]: name=SOGo> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully validated permission '<public>'. Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully validated key (connect). Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object: <0x0x88d7060[SoPageInvocation]: class=SOGoRootPage action=connect bound instantiated product=<0x0x86b7650[SoProduct]: loaded code-loaded bundle=/usr/lib/GNUstep/SOGo/MainUI.SOGo #classes=8 #categories=4 rm=0x0x86b98c0>>
    Jul 26 11:37:36 sogod [7228]: <[so-security]>D   object is public.
Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key connect of object: <SOGo[0x0x86990e8]: name=SOGo> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate permission '<public>' on object: <SOGo[0x0x86990e8]: name=SOGo> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully validated permission '<public>'. Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully validated key (connect). ---> Jul 26 11:37:36 sogod [7228]: SOGoRootPage Login for user '<user>' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 localhost - - [26/Jul/2012:11:37:36 GMT] "POST /SOGo/connect HTTP/1.1" 403 34/76 0.007 - - 0

Also, I installed LDAPTools, and this command works (it returns me the list of my AD users) : ldapsearch -h <DCServer> -b "cn=Users,dc=<domain>,dc=lan" -D "cn=sogo,cn=users,dc=<domain>,dc=lan" -W objectclass=person

Thanks in advance for your advices :)




Reply via email to