Re: [SOGo] openLDAP and groups ACLs not working

Wed, 08 Dec 2021 10:59:58 -0800

Hello,

here is the debug with LDAPDebugEnabled and SOGODebugRequest enabled.

it seems to look for the members of the group, but at the end it seems only to subscribe the group ("subscribeUsers?uids=testposixgro...@mydomain.net"), not the members themselves. Is that the reason? When I subscribe a user (not a group), I see the correct subscribeusers?uids=it5@MYDOMAIN...)

kind regards

....

Dec 08 13:32:51 sogod [599764]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/acls'
Dec 08 13:32:51 sogod [599764]: |SOGo| request took 0.003679 seconds to execute
Dec 08 13:32:51 sogod [599764]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/acls HTTP/1.0" 200 115/0 0.005 - - 0 - 16
Dec 08 13:32:52 sogod [599764]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/UIxAclEditor'
Dec 08 13:32:52 sogod [599764]: |SOGo| request took 0.002767 seconds to execute
Dec 08 13:32:52 sogod [599764]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/UIxAclEditor HTTP/1.0" 200 1464/0 0.004 4277 65% 0 - 16
Dec 08 13:32:56 sogod [599764]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/usersSearch?search=posi'
Dec 08 13:32:56 sogod [599764]: <0x0x5621b6747f30[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:32:56.006 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(|(sn=*posi*)(displayname=*posi*)(cn=*posi*)(mail=*posi*)(telephonenumber=*posi*))(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=sogo))' for attrs '*'
Dec 08 13:32:56 sogod [599764]: <0x0x5621b67b3dd0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:32:56.008 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(sn=*posi*)(displayname=*posi*)(cn=*posi*)(mail=*posi*)(telephonenumber=*posi*))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:32:56 sogod [599764]: |SOGo| request took 0.008024 seconds to execute
Dec 08 13:32:56 sogod [599764]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/usersSearch?search=posi HTTP/1.0" 200 340/0 0.010 - - 0 - 16
Dec 08 13:33:02 sogod [599764]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/usersSearch?search=posi'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b67ba0e0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.696 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(|(sn=*posi*)(displayname=*posi*)(cn=*posi*)(mail=*posi*)(telephonenumber=*posi*))(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=sogo))' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b682dd70[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.698 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(sn=*posi*)(displayname=*posi*)(cn=*posi*)(mail=*posi*)(telephonenumber=*posi*))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:02 sogod [599764]: |SOGo| request took 0.008022 seconds to execute
Dec 08 13:33:02 sogod [599764]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/usersSearch?search=posi HTTP/1.0" 200 340/0 0.009 - - 0 - 16
Dec 08 13:33:02 sogod [599764]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/addUserInAcls?uid=testposixgro...@mydomain.net'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b69ee5c0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.732 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(|(mail=testposixgro...@mydomain.net)(mail=testposixgro...@mydomain.net))(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=sogo))' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b67fd7c0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.733 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=testposixgro...@mydomain.net)(mail=testposixgro...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b65ce420[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.736 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=testposixgro...@mydomain.net)' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b6860a90[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.738 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'mail=i...@mydomain.net,ou=users,domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(&(enabledService=mail)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))(|(&(objectClass=mailUser)(enabledService=sogo))(objectClass=mailList)(objectClass=mailAlias)))' for attrs 'mail'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b6562740[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.740 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=i...@mydomain.net)(mail=i...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b69f4600[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.741 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=i...@mydomain.net)' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b680c080[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.743 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'mail=i...@mydomain.net,ou=users,domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(&(enabledService=mail)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))(|(&(objectClass=mailUser)(enabledService=sogo))(objectClass=mailList)(objectClass=mailAlias)))' for attrs 'mail'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b681d2c0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.744 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=i...@mydomain.net)(mail=i...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:02 sogod [599764]: <0x0x5621b65e4820[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:02.745 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=i...@mydomain.net)' for attrs '*'
2021-12-08 13:33:02.760 sogod[599764:599764] SMTP: STARTTLS successfully performed
2021-12-08 13:33:02.769 sogod[599764:599764] SMTP(RCPT TO) error: 5.1.1 <testposixgro...@mydomain.net>: Recipient address rejected: User unknown
Dec 08 13:33:02 sogod [599764]: [ERROR] <0x0x5621b65f80a0[SOGoMailer]> Could not connect to the SMTP server smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost
Dec 08 13:33:02 sogod [599764]: |SOGo| request took 0.043531 seconds to execute
Dec 08 13:33:02 sogod [599764]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/addUserInAcls?uid=testposixgro...@mydomain.net HTTP/1.0" 204 0/0 0.045 - - 0 - 16
Dec 08 13:33:02 sogod [599764]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/userRights?uid=testposixgro...@mydomain.net'
Dec 08 13:33:02 sogod [599764]: |SOGo| request took 0.002758 seconds to execute
Dec 08 13:33:02 sogod [599764]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/userRights?uid=testposixgro...@mydomain.net HTTP/1.0" 200 106/0 0.004 - - 0 - 16
Dec 08 13:33:06 sogod [599764]: |SOGo| starting method 'POST' on uri '/SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/saveUserRights'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b65435d0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.427 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=testposixgro...@mydomain.net)' for attrs '*'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b685fc70[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.430 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'mail=i...@mydomain.net,ou=users,domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(&(enabledService=mail)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))(|(&(objectClass=mailUser)(enabledService=sogo))(objectClass=mailList)(objectClass=mailAlias)))' for attrs 'mail'
Dec 08 13:33:06 sogod [599768]: |SOGo| starting method 'GET' on uri '/SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/subscribeUsers?uids=testposixgro...@mydomain.net'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b67e1d40[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.431 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=i...@mydomain.net)(mail=i...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b69ecaf0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.432 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=i...@mydomain.net)' for attrs '*'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b6835aa0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.434 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'mail=i...@mydomain.net,ou=users,domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(&(enabledService=mail)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))(|(&(objectClass=mailUser)(enabledService=sogo))(objectClass=mailList)(objectClass=mailAlias)))' for attrs 'mail'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b658cb00[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
Dec 08 13:33:06 sogod [599768]: <0x0x5621b62cbab0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.435 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=i...@mydomain.net)(mail=i...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
2021-12-08 13:33:06.436 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=testposixgro...@mydomain.net)' for attrs '*'
Dec 08 13:33:06 sogod [599764]: <0x0x5621b6624a20[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
Dec 08 13:33:06 sogod [599768]: <0x0x5621b685ded0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.437 sogod[599764:599764] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=i...@mydomain.net)' for attrs '*'
2021-12-08 13:33:06.438 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'mail=i...@mydomain.net,ou=users,domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(&(enabledService=mail)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))(|(&(objectClass=mailUser)(enabledService=sogo))(objectClass=mailList)(objectClass=mailAlias)))' for attrs 'mail'
Dec 08 13:33:06 sogod [599768]: <0x0x5621b5f39ff0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.444 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=i...@mydomain.net)(mail=i...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:06 sogod [599768]: <0x0x5621b6567200[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.445 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=i...@mydomain.net)' for attrs '*'
Dec 08 13:33:06 sogod [599768]: <0x0x5621b685e8e0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.446 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'mail=i...@mydomain.net,ou=users,domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(&(&(enabledService=mail)(accountStatus=active)(enabledService=displayedInGlobalAddressBook))(|(&(objectClass=mailUser)(enabledService=sogo))(objectClass=mailList)(objectClass=mailAlias)))' for attrs 'mail'
Dec 08 13:33:06 sogod [599768]: <0x0x5621b668d2c0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.448 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(|(&(|(cn=i...@mydomain.net)(mail=i...@mydomain.net))(objectClass=posixGroup))(objectClass=groupOfNames))' for attrs '*'
Dec 08 13:33:06 sogod [599768]: <0x0x5621b656ada0[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
2021-12-08 13:33:06.449 sogod[599768:599768] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'domainname=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net' filter '(cn=i...@mydomain.net)' for attrs '*'
Dec 08 13:33:06 sogod [599768]: |SOGo| request took 0.019323 seconds to execute
Dec 08 13:33:06 sogod [599768]: 141.94.27.175 "GET /SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/subscribeUsers?uids=testposixgro...@mydomain.net HTTP/1.0" 204 0/0 0.021 - - 0 - 15
2021-12-08 13:33:06.545 sogod[599764:599764] SMTP: STARTTLS successfully performed
2021-12-08 13:33:06.550 sogod[599764:599764] SMTP(RCPT TO) error: 5.1.1 <testposixgro...@mydomain.net>: Recipient address rejected: User unknown
Dec 08 13:33:06 sogod [599764]: [ERROR] <0x0x5621b67f1550[SOGoMailer]> Could not connect to the SMTP server smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost
Dec 08 13:33:06 sogod [599764]: |SOGo| request took 0.127090 seconds to execute
Dec 08 13:33:06 sogod [599764]: 141.94.27.175 "POST /SOGo/so/postmas...@mydomain.net/Calendar/924D3-61B0F880-1-39D7A0C0/saveUserRights HTTP/1.0" 200 0/408 0.129 - - 0 - 15
....

On 12/8/21 16:44, Claus (c3...@mail77.eu) wrote:
Dear SOGo community,

I've installed SOGo 5.3.0 (@shiva2.inverse 202112070624) with iRedmail-OpenLDAP, and I'm trying to get LDAP groups working (we already use SOGo in combination with Active Directory and groups work perfectly) - however, we are moving our mail + SOGo away from AD.

So far, groups show up in SOGo for e.g. a resource to be shared with. There is no error message in sogo.log. However, group members are not subscribed, nor do they see the shared resource when searching for resources of the sharer.

I suspect it is a mapping issue between how iRedmail identifies "users"/mailboxes (mail=....), and how SOGo can identify them by the memberuid/member attribute (uid=...., or cn=.... instead of mail=... ?).

So something is missing here. Ideally, I can manage group ACLs without touching the attributes of the iRedmail mailboxes/users, so in case of updates/LDAP changes, the group memberships stay active. E.g. by using posixGroup or groupOfNames objectClasses.

A) This is the SOGoUserSources to get the groups:

{
// Used for groups
type = ldap;
id = groups;
canAuthenticate = YES;
isAddressBook = NO;
displayName = "LDAP Authentication";

hostname = "ldap://127.0.0.1:389";
baseDN = "ou=Groups,domainName=%d,o=domains,dc=MYDOMAIN,dc=net";
bindDN = "cn=vmail,dc=MYDOMAIN,dc=net";
bindPassword = "XXXX";
filter = "objectClass=posixGroup OR objectClass=groupOfNames";
#scope = SUB;

// always keep binding to the LDAP server using the DN of the
// currently authenticated user. bindDN and bindPassword are still
// required to find DN of the user.
// Note: with default LDAP acl configured by iRedMail, user doesn't
// have privilege to query o=domains,dc=MYDOMAIN,dc=net.
// so this doesn't work.
bindAsCurrentUser = YES;
mapping = {
uid = ("mail");
};


// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha512;
#GroupObjectClasses = (posixGroup);

CNFieldName = cn;
IDFieldName = cn;
// value of UIDFieldName must be unique on entire server
UIDFieldName = cn;
}


B) these are example 2 LDAP groups which show up in SOGo as groups, but resources are not shared to the members of those groups:


# Entry 1 (posixGroup)
dn: cn=posix6,ou=Groups,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
cn: posix6
gidnumber: 500
mail: posix6
memberuid: it6
memberuid: mail=i...@mydomain.net,ou=Users,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
memberuid: cn=i...@mydomain.net,ou=Users,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
objectclass: posixGroup
objectclass: top


# Entry 1: groupOfNames
dn: cn=grpnames2@localhost,ou=Groups,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
cn: grpnames2@localhost
member: cn=i...@mydomain.net,ou=Users,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
member: cn=i...@mydomain.net,ou=Users,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
objectclass: groupOfNames
objectclass: top


C) this is how a mailbox/user is identified in iRedmail:

# Entry 1: mail=i...@mydomain.net,ou=Users,domainName=MYDOMAIN
dn: mail=i...@mydomain.net,ou=Users,domainName=MYDOMAIN.net,o=domains,dc=MYDOMAIN,dc=net
accountstatus: active
amavislocal: TRUE
cn: IT6
enabledservice: sogo
enabledservice: imap
enabledservice: sievetls
enabledservice: sievesecured
enabledservice: lmtp
enabledservice: dsync
enabledservice: shadowaddress
enabledservice: indexer-worker
enabledservice: sieve
enabledservice: imaptls
enabledservice: senderbcc
enabledservice: managesievesecured
enabledservice: deliver
enabledservice: recipientbcc
enabledservice: mail
enabledservice: smtpsecured
enabledservice: lib-storage
enabledservice: sogoactivesync
enabledservice: smtp
enabledservice: sogowebmail
enabledservice: smtptls
enabledservice: lda
enabledservice: displayedInGlobalAddressBook
enabledservice: imapsecured
enabledservice: doveadm
enabledservice: forward
enabledservice: quota-status
enabledservice: sogocalendar
enabledservice: managesievetls
enabledservice: internal
enabledservice: managesieve
homedirectory: /var/vmail/vmail1/MYDOMAIN.net/i/t/6/it6-2021.
 12.08.15.26.38/
mail: i...@mydomain.net
mailboxfolder: Maildir
mailboxformat: maildir
mailquota: 5368709120
objectclass: inetOrgPerson
objectclass: mailUser
objectclass: shadowAccount
objectclass: amavisAccount
preferredlanguage: en_US
shadowlastchange: 18969
sn: it6
uid: it6
userpassword: {SSHA512}XXXXX


D) and this is how a AD group looks like, and works:

cn: Group-AD-example
distinguishedname=CN=Group-AD-example,CN-Users,DC=ad,DC=MYDOMAIN,Dc=net
groupType=ACCOUNT_GROUP|security
mail=Group-AD-example@MYDOMAIN...
member=CN=NAME-OF-USER2,CN=NAME-of-USER2,....
name=Group-AD-example
objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=ad,....
objectClass=top;group
sAMAccountName=Group-AD-example
sAMAccountType= GROUP_OBJECT

--
users@sogo.nu
https://inverse.ca/sogo/lists
--
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to