Community help for SOGo.conf


(Mark Verlinde) #16

Till now it wasn’t that hard. Last week had some time on a vacation (enjoying the snow and food in your lovely Dolomites) to read in to Neth-/SmeServer and perl. It still has to be proven feasible.

Stupid question, but where do you open a PR?

Reading the above ill opt to merge group_source_ldap and user_source_ldap into one template snippet and add a condition “not ADS” for expansion.

(Davide Principi) #17

PR = GitHub Pull Request :wink: Here?

Look at the green button “Create pull request” :thumbsup:

(Mark Verlinde) #18

OK, will do in the evening after work

(Filippo Carletti) #19

I was there too. It’s a pity, we could have met and drank grappa. :smile:

(Alessio Fattorini) #20

Uh, so you guys MUST upload some pics here

How did you spend your recent holidays?
(Giacomo Sanchietti) #21

Thanks to @mark_nl we now have a new package for SOGo ready for testing!
Kudos to Mark! :smiley:


(Artem Fedai) #22

And next steps were omitted :

  1. email Auth
  2. Multi Domain config

(Alessio Fattorini) #23

A post was merged into an existing topic: How did you spend your recent holidays?

(Mark Verlinde) #24

Sorry, concentrated on a 1:1 functionality with GNUStep setup;

Additional features/functionality can be added, although I can’t see how to implement real multi domain support if the underlying imap server and (ldap) authentication is focused on a single organization with mail domain aliases.

Wil test the package this weekend

(Mark Verlinde) #25

We could have met for a grappa…

Community Digest 8 - March 2016
(Mark Verlinde) #26

@GG_jr, @Nas

trying to implement this stuck in some culprits i’am not able to figure out how to solve them.

This is the test case,
2 mail domains aamail.lan and bbmail.lan
4 users : john, marie, clair and peter
(The ultimate goal would be to assigning John and Marie to aamail.lan and Clair and Peter to bbmail.lan)

Even if we take the impossibility to have one identical username for two mail domains (ie foo@aamail.lan and foo@bbmail.lan) for granted, it just does not seem to add up.

After enforcing login with full e-mailaddress as described here, clair is able to login in as clair@aamail.lan and clair@bbmail.lan.

Even if clair logs in as clair@bbmail.lan the alphabetically first mail domain, @aamail.lan, is used by sogo. The latter could be caused by missing configuration of multi domain support sogo.

And this quasi multi domain setup does not work properly;

domains = {
      aamail.lan = {
        SOGoMailDomain = "aamail.lan";
        SOGoUserSources =(
            id = groupsaa;
            type = ldap;
            CNFieldName = cn;
            UIDFieldName = cn;
            IDFieldName = cn;
            baseDN = "ou=Groups,dc=directory,dc=nh";     
            bindDN = "cn=sogo,dc=directory,dc=nh";
            bindPassword = XXXX;
            scope = ONE;
            canAuthenticate = YES;
            displayName = "{mail} groups";
            hostname = "ldapi://";
            isAddressBook = NO;
            id = usersaa;
            type = ldap;
            CNFieldName = cn;
            UIDFieldName = uid;
            IDFieldName = mail;
            bindFields = (mail);
            baseDN = "ou=People,dc=directory,dc=nh";
            bindDN = "cn=sogo,dc=directory,dc=nh";
            bindPassword = XXXX;
            scope = ONE;
            filter = "accountStatus=active";
            canAuthenticate = YES;
            displayName = "{mail} users";
            hostname = "ldapi://";
            isAddressBook = YES;
      bbmail.lan = {
        SOGoMailDomain = "bbmail.lan";
        SOGoUserSources =(
            id = groupsbb;
            .... /  same credentials as aamail.lan
            id = usersbb;
            .... /  same credentials as aamail.lan.

Login is oke, redirect to web page does not work
(addressbar browser after login: https://mail.sogo.lan/SOGo/so/SOGo/clair%40aamail.lan)

please share your thoughts

(Mark Verlinde) #27

Works fine for me;
cannot install it on a vanilla system enabeling nethserver-testing repo:

warning: /var/cache/yum/x86_64/7/nethserver-testing/packages/sope49-gdl1-mysql-4.9-20160127_1664.el7.1.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID f25b5f70: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NethServer-7
The GPG keys listed for the "NethServer 7.2.1511 testing" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Failing package is: sope49-gdl1-mysql-4.9-20160127_1664.el7.1.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NethServer-7

Local install on vanilla system after download works fine;
surprises me, being wrongly afraid sogo.conf expanding before sogo user was added.
I found some minor improvements, foremost removing deprecated settings.
when should i give those to you?

(Artem Fedai) #28

@mark_nl please install PHPLDAPADMIN and a lot of things should be clear regarding LDAP shceme.

I do not why but for some purpose we add @mail for each domain, so @mail addresses are doubled for each domain.

(Mark Verlinde) #29

I took a (brief) look with a remote ldap browser, and came to conclusion it can’t be done without changing the ldap schema.

Hoped someone else had a brilliant idea :grinning:

(Mark Verlinde) #30

To avoid regressions i’v took a look at former issues;

can somebody (@davidep ??) fill me in on this:
sogo-config template: sogoUserSources elements order matters. Refs #2808

The order is preserved, how to test this?

(Davide Principi) #31

I don’t remember why “order matters”, but we could find some hints here

(Mark Verlinde) #32

hmm this seem to be a regression :cry:
i’ll investigate…

Found an error in suppling the two UserSources dictionaries, but still not working;
not so sure it’s a regression of sogo.conf, not working on my ns6 “reference” system.

expected behavior:

log in to SOGo with one user (let’s say user1) and select Address Book (or Calendar) menu;
share user1’s personal address book (or personal calendar) with a group (let’s say testgroup) giving at least read permission;
log user1 out;
log in to SOGo again with a different user whom belongs to testgroup group (let’s say user2) ;
try to ubscribe user1’s shared address book (or calendar)

Can someone confirm this works on ns6?

(Giacomo Sanchietti) #33

There were some issues on rpm signatures, should be fixed now.

You can add them to the bug ( ), or by opening a new pull request.

(Alessio Fattorini) #34

Really interested in this work, please don’t give up and keep us in touch! :grinning:

(Alessio Fattorini) #35

Wow, it’s in testing
I’m going to to test it in the afternoon. Thank you @giacomo and @mark_nl