I tested with userPrincipalName and got above, I tested with ‘mail’ and got the same as with ‘sAMAccountName’, neither does anything for the mail header from EAX nor the existing ACL’s.
EDIT: please confirm that there is a difference between what you asked me to do and editing the custom template and running a signal-event nethserver-sogo-update ? I just tried what you asked, circumventing the signal-event, and that actually broke SOGo till I ran signal-event and gave a reboot. Maybe I need some of that overrated stuff … I’ll test again after coffee tomorrow
When you do a signal-event you rewrite the file like it was before you modified it. So if you modify directly a configuration file without a custom-template, you just need to restart the service.
You just need to change the line UIDFieldName = sAMAccountName;
to UIDFieldName = userPrincipalName;
if you prefer the mail field then change to UIDFieldName = mail;
I did not catch you story about user1 with an alias t.account@domain.com maybe specific to your user case, it is why I did a fix to choose what is the email address in LDAP
One question, why not simply call you user t.account, for my understanding, the alias is made to rather change the domain name if is not fully related to the FQDN of the server
Just a tip which save my life in discourse, try to answer to one of my post or call me with @stephdl, I receive a notification…I’m a lazzy boy … like every dev.
You spoke that sogo set the acl to user instead of user@domain.com, for my test, now sogo set the good acl to user@domain.com.
My concern is now that you created some aliases with complete different name of sAMAccountName. I explain it
the login field with sogo is user or user@domain.com
but you created an alias like toto@domain.com to user@domain.com
I just tried but sogo cannot find you in ldap with toto@domain.com therefore to perform a login I must use user or user@domain.com
I must say you puzzled me, hence your users will be also
The withdraw with Nethserver is that you cannot have several (real) FQDN for email, you must adjust it manually and probably say to your users to use only the sAMAccountName in the login field (user for example)
I would be interested to understand why you created an alias on the name of the user ?
Aah … now I get it. You where right, should have been in bed instead of testing
I will test right away if this is fixed that way.
Now for my funny configuration:
I am used to enterprise environements, and secure environments. Both demand that your email address does not reveal any useraccount information. It also prevents funny logins.
My users get an account, and an email address. I do not intend to tell them their account can also be used as email. Because of that, I do not want to show the username but only the alias.
With my current config I can log in with user and get alias displayed:
dovecot.conf shared user namespace:
namespace SHARED_USERS {
type = shared
disabled = no
separator = /
prefix = Shared/%%n@domain.com/
location = maildir:/var/lib/nethserver/vmail/%%u/Maildir:INDEXPVT=~/Maildir/shared/%%u
subscriptions = no
list = children
}
So my goal is to create a situation where people who receive mail from us, do not automatically have our usernames. I can live with it appearing in a header, but even that is subobtimal given security issues that arise from broadcasting usernames.
This fully works right now, with 2 visual and 1 technical issue remaining.
Visual:
SOGo displays the username on the SOGo webpage
IMAP ofcourse reads the account and not the alias and displays that under Other Users.
These two are illustrated above, but I doubt they are fixable.
Technical:
Exchange ActiveSync (and ONLY EAX) sends a wrong return address header. (SOGo doesnt)
Has the problem been fixed meanwhile? In Nethserver 7.5/7.6 i have the same problem to share mailfolders from a user mailbox (no problem with sharing shared-mailboxes).
regards yummiweb
maybe a bit late - but in nethserver 7.9 this behavior seems to be fixed.
yesterday i was woundered about some disfunctional dovecot related scripts, they was functional more as one year (since 7.7).
it seems, that since nethserver 7.9 dovecot is using as name for the mailboxusers the ad username with addition of the @domain. without this addition the mailuser is “non existent” for dovecot.
so the sogo foldersharing is administrable and functionable in the sogo webgui (now? since them?).
was this (new behavior chcnging in 7.9 documented somewhere? or i have miss this?