Nethserver 7 SOGo & AD

NethServer Version: NethServer release 7.3.1611
Module: SOGo 3.2.9

Good day,
My name is Tshepo and I’m new to the nethserver community. I’m excited at what nethserver can provide in terms of services to our small three year old company of which, myself and a fellow techie are the go to guys for IT.

I’m of course a complete noob even to the linux way of things. I would like to provide access calendaring and messaging data to my users. Our emails are hosted elsewhere and we connect via IMAP but we can’t share
contacts and calendars.

I was able to load nethserver on a Microsoft HYPERV, connect to the network and through LDAP,
create a user account that can connect to SOGo (this is my 6th installation atttempt :head_bandage:)

I need some guidance as to how I can join my domainAD–>nethserver–>SOGo->>MailServer/domain.

How can I best do this?

Hi @bluenova, welcome on NethServer community!

First of all, update the system with latest packages. Then,

  1. If you installed the local LDAP accounts provider, remove it!

  2. Set the system domain to match your mail configuration, under “Server name” page.

  3. Then you can join your AD domain from the page: “Accounts provider”.

  4. SOGo requires a dedicated user account on AD with read-only privileges, let’s call it “sogouser”. Create it and specify its credentials under “Accounts provider” page as

ADDOMAIN\sogouser
sogopass

More info

http://docs.nethserver.org/en/v7/accounts.html#join-an-existing-active-directory-domain

1 Like

Thank you for your assistance(the warm welcome) @davidep it is highly appreciated.

Updated with the latest packages::thumbsup:

  1. LDAP local account provider removed.
  2. Set the system domain to match your mail configuration, under “Server name” page—> Successful.
  3. Then you can join your AD domain from the page: “Accounts provider”. —> Successful.
  4. SOGo requires a dedicated user account on AD with read-only privileges…eh…a few questions.

On AD(server 2012 R2), I created a user: sogouser, Pass: Password1 as a member of Read-only Domain Controllers(Members of this group are Read-Only Domain Controllers in the domain).

Setup the Read-only bind credentials under Accounts Provider on Nethserver as
Bind DN: mydomain\sogouser
Bind Password: Password1

Fired up SOGo under the Status/Applications,
put in my login details: sogouser
Password: Password1

Alas…Wrong username or password. :upside_down:

Did I miss something?

Don’t set any additional group membership for it! Just create the user and set non-expiring password.

Morning
I’m still having a problem with login in to sogo.
I removed the sogo user profile from the group.

Still, SOGo does not recognize the user profile. I will keep trying different things.

Could you attach the output of

account-provider-test
account-provider-test dump
[root@phelangbonolo ~]# account-provider-test dump
{
   "BindDN" : "botshilu\\sogouser",
   "LdapURI" : "ldap://adcontroller.botshilu.local",
   "StartTls" : "",
   "port" : 389,
   "host" : "adcontroller.botshilu.local",
   "isAD" : "1",
   "isLdap" : "",
   "UserDN" : "DC=botshilu,DC=local",
   "GroupDN" : "DC=botshilu,DC=local",
   "BindPassword" : "Password1",
   "BaseDN" : "DC=botshilu,DC=local",
   "LdapUriDn" : "ldap:///dc%3Dbotshilu%2Cdc%3Dlocal"
}
[root@phelangbonolo ~]#
[root@phelangbonolo ~]# account-provider-test
# extended LDIF
#
# LDAPv3
# base <DC=botshilu,DC=local> with scope baseObject
# filter: (objectClass=*)
# requesting: ALL
#

# botshilu.local
dn: DC=botshilu,DC=local
objectClass: top
objectClass: domain
objectClass: domainDNS
distinguishedName: DC=botshilu,DC=local
instanceType: 5
whenCreated: 20140714121757.0Z
whenChanged: 20170614084515.0Z
subRefs: DC=ForestDnsZones,DC=botshilu,DC=local
subRefs: DC=DomainDnsZones,DC=botshilu,DC=local
subRefs: CN=Configuration,DC=botshilu,DC=local
uSNCreated: 4099
dSASignature:: AQAAACgAAAAAAAAAAAAAAAAAAAAAAAAANdASya9mmEuPQVjqGmA3rA==
uSNChanged: 1966129
name: botshilu
objectGUID:: besCKHfaIEW219lvSlUdpw==
creationTime: 131419035150681201
forceLogoff: -9223372036854775808
lockoutDuration: -18000000000
lockOutObservationWindow: -18000000000
lockoutThreshold: 0
maxPwdAge: -36288000000000
minPwdAge: -864000000000
minPwdLength: 7
modifiedCountAtLastProm: 0
nextRid: 1001
pwdProperties: 1
pwdHistoryLength: 24
objectSid:: AQQAAAAAAAUVAAAA9sZ38g5ZzeBBFM+Y
serverState: 1
uASCompat: 1
modifiedCount: 1
auditingPolicy:: AAE=
nTMixedDomain: 0
rIDManagerReference: CN=RID Manager$,CN=System,DC=botshilu,DC=local
fSMORoleOwner: CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Si
 te-Name,CN=Sites,CN=Configuration,DC=botshilu,DC=local
systemFlags: -1946157056
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS Quotas,DC=bots
 hilu,DC=local
wellKnownObjects: B:32:F4BE92A4C777485E878E9421D53087DB:CN=Microsoft,CN=Progra
 m Data,DC=botshilu,DC=local
wellKnownObjects: B:32:09460C08AE1E4A4EA0F64AEE7DAA1E5A:CN=Program Data,DC=bot
 shilu,DC=local
wellKnownObjects: B:32:22B70C67D56E4EFB91E9300FCA3DC1AA:CN=ForeignSecurityPrin
 cipals,DC=botshilu,DC=local
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted Objects,DC=
 botshilu,DC=local
wellKnownObjects: B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=b
 otshilu,DC=local
wellKnownObjects: B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=bot
 shilu,DC=local
wellKnownObjects: B:32:AB1D30F3768811D1ADED00C04FD8D5CD:CN=System,DC=botshilu,
 DC=local
wellKnownObjects: B:32:A361B2FFFFD211D1AA4B00C04FD7D83A:OU=Domain Controllers,
 DC=botshilu,DC=local
wellKnownObjects: B:32:AA312825768811D1ADED00C04FD8D5CD:CN=Computers,DC=botshi
 lu,DC=local
wellKnownObjects: B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=botshilu,D
 C=local
objectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,DC=botshilu,DC=local
isCriticalSystemObject: TRUE
gPLink: [LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
 m,DC=botshilu,DC=local;0]
dSCorePropagationData: 16010101000000.0Z
otherWellKnownObjects: B:32:1EB93889E40C45DF9F0C64D23BBB6237:CN=Managed Servic
 e Accounts,DC=botshilu,DC=local
masteredBy: CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-
 Name,CN=Sites,CN=Configuration,DC=botshilu,DC=local
ms-DS-MachineAccountQuota: 10
msDS-Behavior-Version: 6
msDS-PerUserTrustQuota: 1
msDS-AllUsersTrustQuota: 1000
msDS-PerUserTrustTombstonesQuota: 10
msDs-masteredBy: CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-
 Site-Name,CN=Sites,CN=Configuration,DC=botshilu,DC=local
msDS-IsDomainFor: CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First
 -Site-Name,CN=Sites,CN=Configuration,DC=botshilu,DC=local
msDS-NcType: 0
dc: botshilu

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Afternoon,

Apologies for the late reply, had to take care of a personal matter.

Find the requested outputs attached.

Regard

Tshepo