http://www.sogo.nu/files/docs/SOGo%20Installation%20Guide.pdf
Is the user sogo established in your ADS?
Can you logon to your ADS with sogo and the password? If you succed with this
you can go on.
Compare and you will see what is missing:
SOGoUserSources =
(
{
type = ldap;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = sAMAccountName;
baseDN = "cn=Users,dc=acme,dc=com";
bindDN = "cn=sogo,cn=Users,dc=acme,dc=com";
bindFields = (sAMAccountName);
bindPassword = qwerty;
canAuthenticate = YES;
displayName = "Active Directory";
hostname = 10.0.0.1;
id = directory;
isAddressBook = YES;
port = 389; <---sometimes you use SSL, you need to change???
}
);
-------- Original-Nachricht --------
> Datum: Thu, 26 Jul 2012 12:05:40 +0200
> Von: Nicolas Cauchie <nico...@franceoxygene.fr>
> An: users@sogo.nu
> Betreff: Re: [SOGo] Sogo with Active Directory
> Le 26/07/2012 09:41, Nicolas Cauchie a écrit :
> > Le 25/07/2012 20:40, "Daniel Müller" a écrit :
> >> If your users can logon to your ADs and your email-server with the same
> password and user credentials than they can logon to SOGo.
> >> Just find out the right uids for your users
> >> -------- Original-Nachricht --------
> >>> Datum: Wed, 25 Jul 2012 10:29:51 -0400 (EDT)
> >>> Von:nico...@franceoxygene.fr
> >>> An:users@sogo.nu
> >>> Betreff: [SOGo] Sogo with Active Directory
> >>> Hi All !
> >>>
> >>> I've just installed a Debian 6.0.5 to create a SOGo server.
> >>>
> >>> I already have an Active Directory wich works fine.
> >>>
> >>> I've done all configuration of SOGo, but I can't login with an account
> of
> >>> my
> >>> AD.
> >>>
> >>> Here's my config file (I deleted configs that I thank useless) :
> >>>
> >>>
> >>> <key>OCSFolderInfoURL</key>
> >>>
> <string>mysql://sogo:pwsd@localhost:3306/sogo/sogo_folder_info</string>
> >>>
> >>> <key>OCSSessionsFolderURL</key>
> >>>
> >>>
> <string>mysql://sogo:pswd@localhost:3306/sogo/sogo_sessions_folder</string>
> >>>
> >>> <key>SOGoAuthenticationMethod</key>
> >>> <string>LDAP</string>
> >>>
> >>> <key>SOGoProfileURL</key>
> >>>
> >>>
> <string>mysql://sogo:sogo@localhost:3306/sogo/sogo_user_profile</string>
> >>>
> >>> <key>SOGoSieveScriptsEnabled</key>
> >>> <string>YES</string>
> >>>
> >>> <key>SOGoSieveServer</key>
> >>> <string>sieve://mx.resfrox.lan:2000</string>
> >>>
> >>> <key>SOGoUserSources</key>
> >>> <key>SOGoUserSources</key>
> >>> <array>
> >>> <dict>
> >>> <key>type</key>
> >>> <string>ldap</string>
> >>>
> >>>
> >>> <key>CNFieldName</key>
> >>> <string>cn</string>
> >>>
> >>> <key>IDFieldName</key>
> >>> <string>cn</string>
> >>>
> >>> <key>UIDFieldName</key>
> >>> <string>sAMAccountName</string>
> >>>
> >>> <key>baseDN</key>
> >>> <string>cn=Users,dc=<domain>,dc=lan</string>
> >>>
> >>> <key>bindDN</key>
> >>> <string>s...@domain.lan</string> (also used DOMAIN\sogo,
> >>> cn=sogo,dc=domain,dc=lan)
> >>>
> >>> <key>bindPassword</key>
> >>> <string><SOGoADAccountPasswd></string>
> >>>
> >>> #<key>bindFields</key>
> >>> #<string>sAMAccountName</string> (with or without, no change...)
> >>>
> >>>
> >>> <key>canAuthenticate</key>
> >>> <string>YES</string>
> >>>
> >>> <key>displayName</key>
> >>> <string>Active Directory</string>
> >>>
> >>> <key>hostname</key>
> >>> <string>192.168.x.x</string>
> >>>
> >>> <key>id</key>
> >>> <string>ActiveDirectory</string>
> >>>
> >>> <key>isAddressBook</key>
> >>> <string>NO</string>
> >>>
> >>> <key>port</key>
> >>> <string>389</string>
> >>>
> >>> <key>scope</key>
> >>> <string>sub</string>
> >>> </dict>
> >>>
> >>> </array>
> >>>
> >>> <key>WOWorkersCount</key>
> >>> <string>3</string>
> >>> </dict>
> >>> </dict>
> >>> </plist>
> >>>
> >>> And here's the log file :
> >>> Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Cache cleanup
> >>> interval
> >>> set every 300.000000 seconds
> >>> Jul 25 16:24:36 sogod [13802]: <0x0x9338218[SOGoCache]> Using host(s)
> >>> 'localhost' as server(s)
> >>> 2012-07-25 16:24:36.319 sogod[13802] Note(SoObject): SoDebugKeyLookup
> is
> >>> enabled!
> >>> 2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): SoDebugBaseURL is
> >>> enabled!
> >>> 2012-07-25 16:24:36.320 sogod[13802] Note(SoObject): relative base
> URLs
> >>> are
> >>> enabled.
> >>> 2012-07-25 16:24:36.322 sogod[13802] ERROR(-[NGBundleManager
> >>> bundleWithPath:]):
> >>> could not create bundle for path:
> >>>
> '/usr/share/GNUstep/Libraries/gnustep-base/Versions/1.20/Resources/SSL.bundle'
> >>> 2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: pool embedding
> is
> >>> on.
> >>> 2012-07-25 16:24:36.327 sogod[13802] WOCompoundElement: id logging is
> on.
> >>> Jul 25 16:24:36 sogod [13802]: SOGoRootPage Login for user
> >>> 'u...@mydomain.lan'
> >>> might not have worked - password policy: 65535 grace: -1 expire: -1
> >>> bound: 0
> >>> localhost - - [25/Jul/2012:16:24:36 GMT] "POST /SOGo/connect HTTP/1.1"
> 403
> >>> 34/66 0.018 - - 2M
> >>> 2012-07-25 16:25:16.245 sogod[13802] Note: Using UTF-8 as URL encoding
> in
> >>> NGExtensions.
> >>> Jul 25 16:25:16 sogod [13802]: SOGoRootPage Login for user
> >>> 'u...@mydomain.lan'
> >>> might not have worked - password policy: 65535 grace: -1 expire: -1
> >>> bound: 0
> >>> localhost - - [25/Jul/2012:16:25:16 GMT] "POST /SOGo/connect HTTP/1.1"
> 403
> >>> 34/104 0.004 - - 12K
> >>>
> >>> I also add that I've a server for SOGo, another one for Mails
> >>> (Postfix/dovecot), and onther one for AD. Mails user do their
> >>> authentication on
> >>> AD server without problem.
> >>>
> >>> I'm becoming silly, thanks for your help ;)
> >>>
> >>> Nicolas
> >>> --
> >>> users@sogo.nu
> >>> https://inverse.ca/sogo/lists
> > You're right, that's why I'm becoming mad...
> >
> > Can sieve block any connexion to SOGo ?
> >
> > I use SOGo Webmin module, and when I "test" sieve parameters, it
> > returns me :
> > Failed: IO::Socket::INET: connect: Connection refused.
> >
> > I think it's my mail server fault...
> > If it's not urgent, I'll check it later, but if it disables users
> > connexion, I'll check it first before continue...
> >
> > Thanks in advance ;)
> >
> >
> >
> I'm confuse, I don't know why it isn't work...
>
> For the test, I placed "sogo" user who'll bind to the DC and a "normal"
> user in "Users" group.
>
> I re-give my "new" configuration files :
>
> sogo :
> <key>SOGoUserSources</key>
> <array>
> <dict>
> <key>CNFieldName</key>
> <string>cn</string>
>
> <key>IDFieldName</key>
> <string>uid</string>
>
> <key>MailFieldNames</key>
> <string>(mail)</string>
>
> <key>UIDFieldName</key>
> <string>sAMAccountName</string>
>
> <key>baseDN</key>
> <string>cn=Users,dc=<domain>,dc=lan</string>
>
> <key>bindDN</key>
> <string>sogo@<domain>.lan</string>
>
> <key>bindPassword</key>
> <string>********</string>
>
> <key>canAuthenticate</key>
> <string>YES</string>
>
> <key>displayName</key>
> <string>Active Directory</string>
>
> <key>hostname</key>
> <string><DCServer></string>
>
> <key>id</key>
> <string>ActiveDirectory</string>
>
> <key>isAddressBook</key>
> <string>NO</string>
>
> <key>passwordPolicy</key>
> <string>NO</string>
>
> <key>port</key>
> <string>389</string>
>
> <key>scope</key>
> <string>SUB</string>
>
> <key>type</key>
> <string>ldap</string>
>
> </dict>
> </array>
>
> And my Dovecot' configuration file, maybe it'll help...
> hosts = <DCServer>:389
> ldap_version = 3
> auth_bind = yes
> dn = u...@domain.lan
> dnpass = *********
> base = ou=%d,dc=<domain>,dc=lan (my AD is multi-domain,
> so, I class users in OU wich have their domain-name. For example,
> j...@domain1.fr will be in an OU called domain1.fr)
> scope = subtree
> deref = never
> user_filter =
> (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
> pass_filter =
> (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
> pass_attrs = userPassword=password
> default_pass_scheme = CRYPT
> user_attrs = <maildirs>
>
> With those SOGo parameters, here's the log file just after a reboot of
> the SOGo service :
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object:
> <SOGo[0x0x86990e8]: name=SOGo>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D object is public.
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key SOGo of
> object: <SOGo[0x0x86990e8]: name=SOGo>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D found no security
> info for key (class SOGo): SOGo
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D default is allow ...
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key connect
> of object: <SOGo[0x0x86990e8]: name=SOGo>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate permission
> '<public>' on object: <SOGo[0x0x86990e8]: name=SOGo>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> validated permission '<public>'.
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> validated key (connect).
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate object:
> <0x0x88d7060[SoPageInvocation]: class=SOGoRootPage action=connect bound
> instantiated product=<0x0x86b7650[SoProduct]: loaded code-loaded
> bundle=/usr/lib/GNUstep/SOGo/MainUI.SOGo #classes=8 #categories=4
> rm=0x0x86b98c0>>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D object is public.
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate key connect
> of object: <SOGo[0x0x86990e8]: name=SOGo>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D validate permission
> '<public>' on object: <SOGo[0x0x86990e8]: name=SOGo>
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> validated permission '<public>'.
> Jul 26 11:37:36 sogod [7228]: <[so-security]>D successfully
> validated key (connect).
> ---> Jul 26 11:37:36 sogod [7228]: SOGoRootPage Login for user
> '<user>' might not have worked - password policy: 65535 grace: -1
> expire: -1 bound: 0
> localhost - - [26/Jul/2012:11:37:36 GMT] "POST /SOGo/connect
> HTTP/1.1" 403 34/76 0.007 - - 0
>
> Also, I installed LDAPTools, and this command works (it returns me the
> list of my AD users) :
> ldapsearch -h <DCServer> -b "cn=Users,dc=<domain>,dc=lan" -D
> "cn=sogo,cn=users,dc=<domain>,dc=lan" -W objectclass=person
>
> Thanks in advance for your advices :)
>
> Nicolas
>
>
>
>
> --
> users@sogo.nu
> https://inverse.ca/sogo/lists
--
users@sogo.nu
https://inverse.ca/sogo/lists
