NethServer Version: NS7.3
Module: Sogo
I have setup one NS host to serve as a dedicated ldap server to provide authentication services to a number of ldap client hosts.
One of the client hosts is a new NS mail server. Its able to successfully connect to the NS ldap account provider and pull all the Users and Groups. Users are able to login via Roundcube, but they are getting a “Wrong username or password” error when using Sogo.
= Sogo logs:
<0x0x7f7701869a30[LDAPSource]> <NSException: 0x7f7701a52360> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "cn=testuser,dc=example,dc=com"; } May 02 23:28:24 sogod [9281]: SOGoRootPage Login from '10.1.1.24' for user 'testuser' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
= Slapd logs
conn=2950 fd=29 ACCEPT from IP=10.1.1.215:36108 (IP=0.0.0.0:389)
conn=2950 op=0 BIND dn="" method=128
conn=2950 op=0 RESULT tag=97 err=0 text=
conn=2950 op=1 SRCH base="dc=example,dc=com" scope=1 deref=0 filter="(|(mail=testuser)(uid=testuser))"
conn=2950 op=1 SRCH attr=dn
<= bdb_equality_candidates: (uid) not indexed
conn=2950 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
conn=2951 fd=30 ACCEPT from IP=10.1.1.215:36110 (IP=0.0.0.0:389)
conn=2951 op=0 BIND dn="cn=testuser,dc=example,dc=com" method=128
conn=2951 op=0 RESULT tag=97 err=49 text=
conn=2951 op=1 UNBIND
= sogo.conf (as configured by NS)
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "dc=example,dc=com";
bindDN = "";
bindPassword = "";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "ns7 users";
hostname = ldap://10.1.1.29;
…
I also tried changing to baseDN = “ou=Groups,dc=directory,dc=nh”;
but this also didnt work. I was unsuccessful also logging with full email address.
Sogo ldap config appears to be similar Roundcube’s, so I am confused why the latter is able to login.
I also test installed Sogo on the ldap server and from there it can login, but from the client, nope.
Is this a bug ? How can I fix this ? Let me mention that I am an ldap novice.
Regards,
Clemo