Bind Failed Error Message

,

NethServer Version: NethServer release 7.6.1810 (final)
Module: sogo

I have the following messages in sogo logs:

Jan 29 16:35:16 sogod [23392]: <0x0x558068addde0[LDAPSource]> <NSException: 0x558069a840c0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "samaccountname=john.doe,dc=example,dc=com"; }
2020-01-29 16:35:16.383 sogod[23392:23392] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'dc=example,dc=com' filter '(&(|(sAMAccountName=john.doe)(userPrincipalName=john.doe))(objectClass=user))' for attrs 'dn'
2020-01-29 16:35:16.471 sogod[23392:23392] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'dc=example,dc=com' filter '(&(|(samaccountname=john.doe)(userPrincipalName=john.doe))(objectClass=group)(sAMAccountType=268435456))' for attrs '*'
2020-01-29 16:35:16.511 sogod[23392:23392] -[NGLdapConnection _searchAtBaseDN:qualifier:attributes:scope:]: search at base 'dc=example,dc=com' filter '(&(|(samaccountname=john.doe)(userPrincipalName=john.doe))(objectClass=user))' for attrs '*'
Jan 29 16:35:17 sogod [23392]: 181.90.197.68 "POST /SOGo/Microsoft-Server-ActiveSync?Cmd=Sync&User=example%5Cjohn.doe&DeviceId=SEC16C6A7073FB27&DeviceType=SamsungDevice HTTP/1.1" 200 0/105 1.094 - - 0
Jan 29 16:35:27 sogod [23392]: <0x0x55806a7a17d0[SOGoActiveSyncDispatcher]> Sleeping 40 seconds while detecting changes for user john.doe in Ping...

in sogo.conf ldap section I have:


 SOGoUserSources =(
     {
        id = AD_Users;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = userPrincipalName;
        canAuthenticate = YES;
        bindDN = "EXAMPLE\\MAILSERVER$";
        bindPassword = "password";
        baseDN = "DC=example,DC=com";
        bindFields = (
                sAMAccountName,
                userPrincipalName
            );
        filter = "(objectClass='user')";
        MailFieldNames = ("userPrincipalName");
        scope = SUB; 
        displayName = "example.com users";
        isAddressBook = YES;
     },         
     {          
        id = AD_Groups;
        type = ldap;
        CNFieldName = name;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName; 
        canAuthenticate = YES;
        bindDN = "EXAMPLE\\MAILSERVER$";
        bindPassword = "password";
        baseDN = "DC=example,DC=com";
        filter = "(objectClass='group') AND (sAMAccountType=268435456)";
        MailFieldNames = ("userPrincipalName");
        scope = SUB;
        displayName = "example.com groups";
        isAddressBook = YES;
     }
    );

Despite such an error, I can login successfully, but I wonder why there is such message, should I fix something in my config?

Thanks in advance!

Is the password expired in AD for that user account?

What user account? the user is able to login successfully, but for every user appears that error message.
Perhaps, it’s because of

bindFields = (
                sAMAccountName,
                userPrincipalName
            );

With one filed user cannot login, but they can do with the other… what do you think?

I think it is possible, but I’m not too familiar with SOGo. It tries to bind with one of the fields and fails, then tries with the other. I think there are two fields to be able to login with the username and with the mail address (or was it because of local and remote Microsoft-AD field content difference?). If that is the case then the error can be ignored.

Not exactly the same but could give some clue: