Jean, My apologies for no config file (now attached). I do have ppolicy enabled in the LDAP server, though I am also running another module called "smbkrb5pwd" which synchronizes/updates the user's Kerberos password as well. I am not sure if this has any effect, though it may. I can confirm that user changing password through SOGo preferences immediately updates both Kerberos and LDAP passwords successfully, and user can authenticate through Kerberos or LDAP with no issues using their new password with other services.
As you can see, I have now disabled the manual setting of SOGoCacheCleanupInterval. I only had that set due to another post I had read, not because I felt I needed it. (Bad idea on my part.) The most interesting thing I have found is that when the "issue" happens, I am not able to log in using any browser for a period of time. I feel that changing SOGoCacheCleanupInterval to default affects this even more, though I really have no idea. SOGo authenticates successfully, but never makes it past the login screen. The URL that shows after attempted (successful?) login is https://sogo.myemaildomain.com/SOGo/lpeterson ... Not the usual https://sogo.myemaildomain.com/SOGo/so/lpeter...@myemaildomain.com/Mail/view. And if I type a bad password (for example, the old password), it does respond with incorrect password I am thinking there must be the old password cached somewhere between SOGo, LDAP, KDC, or IMAP, but the updated password works quickly for LDAP, KDC, and IMAP services. Relevant services along with SOGo 2.1.1 (Ubuntu 12.04.3) are OpenLDAP v2.4.28 (Ubuntu 12.04.3) and Dovecot v2.1.7 (Ubuntu 13.04). Today is a really bad day for me, but as soon as I get a chance, I am going to look into the smbkrb5pwd module that is running alongside ppolicy. I will gladly take any other suggestions, too. I do appreciate your help very much. If there is anything I can do to help provide more information, please let me know how I can do that. Thanks again Jean. This is a wonderful piece of software and I am very grateful for your efforts. ~Laz On Thursday, November 21, 2013 06:45 AM PST, Jean Raby <jr...@inverse.ca> wrote: On 13-11-21 6:45 AM, Jean Raby wrote: > On 13-11-21 12:09 AM, Laz C. Peterson wrote: >> Yikes. >> >> Then if it shouldn’t matter, I’m sure there’s something else going on here. > I'll test it. But why are you running with a 10 seconds cache expiration? > that's > really low. > I think you're running with passwordpolicy enable in sogo, but the passowrdpolicy overlay is not enabled in openldap. Just disable password policy in your sogo user source and it will work properly. Also, you didn't provide your config file, it would have saved us time and trouble if you had... (finally, unless you have a good reason to set the cache cleanup interval so low, you're probably better off keeping it at its default value) -- users@sogo.nu https://inverse.ca/sogo/lists
sogo.conf
Description: Binary data
