Nethserver-sogo, needs test

stephdl · November 27, 2017, 8:38pm

I know an issue in sogo when you change the ‘From email’ address, you cannot send email by thunderbird (or other clients) to attendees when you create an appointment.

planet_jeroen · November 27, 2017, 8:44pm

Would that then be a SOGo or an implementation limitation/bug?

stephdl · November 27, 2017, 8:51pm

For now, no clues. I know that thunderbird is working on a patch to decide whom send the email to attendees, sogo or thunderbird, but it will be a workaround.

planet_jeroen · November 27, 2017, 9:11pm

…and is little good for EAX, the main reason for even using SOGo in my case.

mrmarkuz · November 28, 2017, 1:44am

It works perfectly with local ldap and local AD account provider.

There were problems with remote ldap, here is the remote sogo.log:

Nov 28 00:17:19 sogod [22875]: [ERROR] <0x0x556e2addcaf0[LDAPSource]> Could not bind to the LDAP server ldap://192.168.1.187:389 (389) using the bind DN: cn=ldapservice,dc=directory,dc=nh
Nov 28 00:17:19 sogod [22875]: [ERROR] <0x0x556e2addcaf0[LDAPSource]> <NSException: 0x556e2b298620> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "cn=ldapservice,dc=directory,dc=nh"; }
Nov 28 00:17:19 sogod [22875]: <0x0x556e2b23ea60[LDAPSource]> <NSException: 0x556e2b0d02b0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "cn=markus,ou=groups,dc=directory,dc=nh"; }
Nov 28 00:17:19 sogod [22875]: SOGoRootPage Login from '192.168.1.115' for user 'markus' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0

I had to change the 2 hostname lines in sogo.conf from

hostname = ldap://192.168.1.187:389;

to

hostname = ldaps://192.168.1.187;

to be able to login to sogo on remote ldap nethserver.

There were also problems with remote AD:
On my remote AD the servername/hostname was nethvm2.domain.local so joining to AD which is AD.CMB.LOCAL results in having markus@cmb.local on AD server and markus@domain.local on remote AD which may be a bug because it shouldn’t be possible to join nethvm2.domain.local to server.cmb.local. So I changed hostname to nethvm2.cmb.local, rejoined AD and it worked except of I had to change to ldaps (possible via web ui).

stephdl · November 28, 2017, 6:44am

I know something with a remote samba AD

reference :

Cannot authenticate user with sogo and a remote AD

and

possibly it could be the same issue for a remote openldap. At least it seems so, I needed to change the url ldap to ldaps with a remote samba AD

for your issue on AD I will try to reproduce with the fix of @giacomo

stephdl · November 28, 2017, 4:04pm

well a remote openldap with anonymous or authenticated user for sogo are good, can you test again. Take care maybe to be with full updated VM

stephdl · November 28, 2017, 4:14pm

@giacomo I tested two times and for every time I have had a bind to the samba4AD (from another NS) with ldap and not ldaps.

Sogo cannot authentificate the user until I modify ldap to ldaps and I restart sogod

This is the automatic settings the wizard setup made

the bind is good of course

mrmarkuz · November 28, 2017, 6:14pm

I tested again and it seems that if you enter a port on remote ldap bind, sogo won’t start because of bind does not work.

Trying it without a port

leads to

which is working perfectly.

But entering a port is fatal.

With port 636 I got

which leads to sogo not starting because of “segfault at 7ffd28961c18”. Sogo doesn’t like redundant port numbers.

and the following sogo.conf

/* 45 ldap authentication */
SOGoUserSources =(
{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = “ou=Groups,dc=directory,dc=nh”;
bindDN = “”;
bindPassword = “”;
scope = ONE;
canAuthenticate = YES;
MailFieldNames = (“mail”);
displayName = “nethvm2 groups”;
hostname = ldaps://192.168.1.187:636;
isAddressBook = NO;
},
{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = mail;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = “ou=People,dc=directory,dc=nh”;
bindDN = “”;
bindPassword = “”;
scope = ONE;
MailFieldNames = (“mail”);
canAuthenticate = YES;
displayName = “nethvm2 users”;
hostname = ldaps://192.168.1.187:636;
isAddressBook = YES;
}
);

Similar situation with entering port 389:

Sogo not starting again…

Maybe it’s just my fault entering port numbers although they are optional…

mrmarkuz · November 28, 2017, 7:44pm

Ended up with sogo not working with any setup but maybe too much binding/unbinding AD/LDAP messed up my sogo.conf in a way that there was no binddn and no password set anymore.

So I fired up a fresh VM and default anonymous bind without port is working, like you said:

Other settings, like “ldap:” with or without activated TLS are not working. Sogo is starting but you can not login. Sogo is now also working with ldaps://nethserver:636.

I don’t know what I did to mess up my sogo.conf in a way that there was no binddn and no password set anymore.

stephdl · November 29, 2017, 3:28pm

Do if the sieve filters are swipped is a big issue if we implement shared mail box

?

In other terms do we release this version

giacomo · November 29, 2017, 3:59pm

Latest release of nethserver-sssd should have a better probing for remote account providers, but there are no changes for local ones.

I don’t if this is a problem on SOGo or not, I can’t test it right now sorry

planet_jeroen · November 29, 2017, 4:41pm

I will test again now I have my stuff sorted, without and with using the alias. Will have to wait till tomorrow.

stephdl · November 29, 2017, 4:46pm

not a sogo problem, it just uses what nethserver-sssd probes

alefattorini · November 30, 2017, 2:54pm

@stephdl you’re making a great job and gift to the whole community supporting this module

stephdl · December 5, 2017, 11:22pm

I released tonight the features

set the good name@domain.com name in imap acl for openldap

migrate IMAPLoginFieldName property to CustomEmailField

set the good name@domain.com name in imap acl for sambaAD

I did not (yet) released the feature to ‘display the full name in sogo’ because it breaks the sieve filter. I would before either find a workaround or an agreement that it is not so bad.

The file /var/lib/nethserver/vmail/user@domain/sieve/sogo.sieve is not lost, it still exists, but sogo (I don’t know why) doesn’t use it anymore, and it displays like you have no rules. Even if you can see you have no rules, they are still workable…Sogo is fun.

some possible workarounds

test in the %post section if it is an upgrade or a first install, then modify the template with a sed, or a temporary e-smith property.
do a backup of the files sogo.sieve and let them to the admin…
… need to catch some sleep

hucky · December 6, 2017, 8:47am

did the update today and i lost my contacts and also my calendar, i have no idea what happen. the mails are still there, only contacts and calendar is gone

stephdl · December 6, 2017, 9:15am

Oups, sorry

I reverted the patch to come back to the previous state I hope. Wait some hours before to do the upgrade, or install it directly

yum install http://packages.nethserver.org/nethserver/7.4.1708/nethforge/x86_64/Packages/nethserver-sogo-1.6.16-1.ns7.sdl.noarch.rpm

hucky · December 6, 2017, 9:20am

uffff, thanks so much @stephdl patch seems to work

hucky · December 6, 2017, 9:47am

okay, i guess something with the activesync did not work correct. i have with the webgui of sogo mails, calender and contacts. in my outlook, android and ios i have only mails, calendar, but no contacts