Re: [SOGo] LDAP entries with multiple mail addresses

Fri, 14 Sep 2018 14:58:04 -0700

At this point I tried a bunch of things, like separate sogo domains for each TLD and indirect binds using bindFields. However, as far as I can see, there is no way to control which email should be used as the login in the IMAP/SMTP server, since SOGo will use whatever is returned in the LDAP record. 

Is there any way to do variable substitution in Sogo.conf. Something like:

domains = {
  example.com = {
    SOGoMailDomain = example.com;
       SOGoUserSources = (
          type = ldap;
          UIDFieldName = %{uid}'@example.com';
...
}
I am just checking if there are any alternatives, otherwise I will just remodel the LDAP DIT so each record returns only mail attribute. 

Thanks,

Andrei







On 13/09/2018 19:08, Andrei Goldchleger (agoldchle...@vbtec.com.br) wrote:

Hi,

My LDAP users records contain multiple email addresses. For example:

-----

dn: uid=john-doe,ou=people,dc=example,dc=net
objectClass: inetOrgPerson
uid: john-doe
sn: Doe
givenName: John
cn: John Doe
userPassword: <PASSWORD>
mail: john-...@example.net
mail: john-...@example.com
mail: john-...@example.org
-----
Each of those email addresses maps to a different mailbox. They are handled by a single SMTP/IMAP server. This was tested with Thunderbird and the mailbox isolation works fine. 

I would like to achieve in SOGo the same kind of isolation:

1) User logs in with the email address
2) User only sees the mailbox that correspond to the address used to log in SOGo 

3) User can only send email with the login identity

My SogoUsersSources is like the following:

-----

SOGoUserSources = (
   {
      type = ldap;
      CNFieldName = cn;
      UIDFieldName = mail;
      IDFieldName = uid; // first field of the DN for direct binds
      bindFields = (mail); // array of fields to use for indirect binds
      IMAPLoginFieldName = mail;
      baseDN = "ou=people,dc=example,dc=net";
      bindDN = "uid=sogo,ou=automation,dc=example,dc=net";
      bindPassword = <PASSWORD>;
      canAuthenticate = YES;
      displayName = "Shared Addresses";
      hostname = ldaps://ldap.example.net;
      id = public;
      isAddressBook = YES;
   }

-----
With this configuration, the user logs in successfully with the email address (thus objective 1 is achieved). However, the mailbox that is loaded is always the mailbox listed in the first mail record in the LDAP attribute (In this example, john-...@example.net). Also, when composing email, the user can select the other accounts.
Is there any way to achieve what I want without having separate LDAP records? 

Thanks,

Andrei



--
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to