Am 13.04.2016 um 14:46 schrieb Ian McMichael (ian.mcmich...@gmail.com):
On 13/04/16 10:04, Patrick Rauter (rau...@hs-weingarten.de) wrote:
at least I have found the settings for SAMBA4 to re enable simple
bind and SOGo is working again.
ldap server require strong auth = no
But this is somehow contrarious to the security update to prevent
MITM-Attacks...
So the question remains, is it possible to use SOGo with SASLAuth.
I have been busy reading about the changes Canonical plan to make to
SAMBA on Ubuntu 14.04 LTS from next Tuesday (19th April) to assess the
impact for our customers. My understanding from the release notes
(https://www.samba.org/samba/history/samba-4.3.8.html) of the version
they are planning to upgrade to leads me to believe the LDAP
authentication will continue to work if you use TLS.
From the SOGo manual, the syntax for this in sogo.conf is:
hostname = ldap://127.0.0.1/????!StartTLS;
(This assumes SAMBA is on the same box as SOGo but otherwise adjust
the IP address/hostname.)
This should operate correctly with either "ldap server require strong
auth = yes" (new default) or "ldap server require strong auth =
allow_sasl_over_tls" in your smb.conf and provide the MITM protection.
I am not in a position to be able to test this today, so it would be
great if you could and report back?
For me it is *not* working.
Besides using TLS, I need to set
ldap server require strong auth = no
in order to get ldap auth working in sogo.
All other options of this smb parameter result in "strong(er)
authentication required"-errors in sogo.log.
Any hints how to solve this?
Best regards
Heiner
--
users@sogo.nu
https://inverse.ca/sogo/lists