If I use the deprecated way of specifying a starttls ldap addess things
work ie. :
sudo -u sogo defaults write sogod SOGoUserSources '({CNFieldName = cn;
IDFieldName = cn; UIDFieldName = uid;
baseDN="ou=people,dc=strategicit,dc=homelinux,dc=net";
bindDN="cn=admin,dc=strategicit,dc=homelinux,dc=net";
bindFields = (uid); usePasswordAlgorithm = ssha;
bindPassword = xxxxxx; canAuthenticate = YES; displayName =
"Shared Addresses"; hostname =
fusion.strategicit.homelinux.net; id = shared;
port = 389;
encryption = starttls;
isAddressBook = YES;})'
...but if I do things the new way ... ie:
sudo -u sogo defaults write sogod SOGoUserSources '({CNFieldName = cn;
IDFieldName = cn; UIDFieldName = uid;
baseDN="ou=people,dc=strategicit,dc=homelinux,dc=net";
bindDN="cn=admin,dc=strategicit,dc=homelinux,dc=net";
bindFields = (uid); usePasswordAlgorithm = ssha;
bindPassword = xxxxxx; canAuthenticate = YES; displayName =
"Shared Addresses"; hostname =
ldap://fusion.strategicit.homelinux.net/????!StartTLS; id = shared;
isAddressBook = YES;})'
...SOGo fails to bind to LDAP. From /var/log/sogo/sogo.log :
Sep 25 03:21:21 sogod [7923]: <0x0x7ffc74b043f0[SOGoCache]> Using
host(s) 'localhost' as server(s)
2013-09-25 03:21:21.237 sogod[7923] Note(SoObject): SoDebugKeyLookup is
enabled!
2013-09-25 03:21:21.237 sogod[7923] Note(SoObject): SoDebugBaseURL is
enabled!
2013-09-25 03:21:21.237 sogod[7923] Note(SoObject): relative base URLs
are enabled.
2013-09-25 03:21:21.240 sogod[7923] ERROR(-[NGBundleManager
bundleWithPath:]): could not create bundle for path:
'/usr/share/GNUstep/Libraries/gnustep-base/Versions/1.22/Resources/SSL.bundle'
2013-09-25 03:21:21.246 sogod[7923] WOCompoundElement: pool embedding is on.
2013-09-25 03:21:21.246 sogod[7923] WOCompoundElement: id logging is on.
192.168.1.109 - - [25/Sep/2013:03:21:21 GMT] "GET /SOGo HTTP/1.1" 302
0/0 0.129 - - 2M
2013-09-25 03:21:21.379 sogod[7923] WARNING(-[NSNull(misc) count]):
called NSNull -count (returns 0) !!!
192.168.1.109 - - [25/Sep/2013:03:21:21 GMT] "GET /SOGo/ HTTP/1.1" 200
3874/0 0.020 11821 67% 1M
Sep 25 03:21:30 sogod [7923]: [ERROR] <0x0x7ffc74b7d930[LDAPSource]>
Could not bind to the LDAP server
ldap://fusion.strategicit.homelinux.net????!StartTLS (389) using the
bind DN: cn=admin,dc=strategicit,dc=homelinux,dc=net
Sep 25 03:21:30 sogod [7923]: [ERROR] <0x0x7ffc74b7d930[LDAPSource]>
<NSException: 0x7ffc74af69e0> NAME:LDAPException REASON:operation bind
failed: Confidentiality required (0xD) INFO:{login =
"cn=admin,dc=strategicit,dc=homelinux,dc=net"; }
Sep 25 03:21:30 sogod [7923]: SOGoRootPage Login from '192.168.1.109'
for user 'fd-admin' might not have worked - password policy: 65535
grace: -1 expire: -1 bound: 0
192.168.1.109 - - [25/Sep/2013:03:21:30 GMT] "POST /SOGo/connect
HTTP/1.1" 403 34/44 0.003 - - 476K
Sep 25 03:31:31 sogod [7899]: <0x0x7ffc74808b20[WOWatchDog]> Terminating
with SIGINT or SIGTERM
The only strange things I'm doing are setting options requiring certs in
OpenLDAP, ie:
olcTLSVerifyClient: demand
olcLocalSSF: 256
olcTLSCipherSuite: SECURE256
olcSecurity: ssf=256
...although I'm not sure if that could be making a difference.
--
Mark Pavlichuk
Strategic IT
ph. (07)47242890
m. 0409 124577
--
users@sogo.nu
https://inverse.ca/sogo/lists
