Community help for SOGo.conf

Thanks to @mark_nl we now have a new package for SOGo ready for testing!
Kudos to Mark! :smiley:

See: https://github.com/NethServer/dev/issues/5028

And next steps were omitted :

  1. email Auth
  2. Multi Domain config

A post was merged into an existing topic: How did you spend your recent holidays?

Sorry, concentrated on a 1:1 functionality with GNUStep setup;

Additional features/functionality can be added, although I canā€™t see how to implement real multi domain support if the underlying imap server and (ldap) authentication is focused on a single organization with mail domain aliases.

Wil test the package this weekend

We could have met for a grappaā€¦

@GG_jr, @Nas

trying to implement this stuck in some culprits iā€™am not able to figure out how to solve them.

This is the test case,
2 mail domains aamail.lan and bbmail.lan
4 users : john, marie, clair and peter
(The ultimate goal would be to assigning John and Marie to aamail.lan and Clair and Peter to bbmail.lan)

Even if we take the impossibility to have one identical username for two mail domains (ie foo@aamail.lan and foo@bbmail.lan) for granted, it just does not seem to add up.

After enforcing login with full e-mailaddress as described here, clair is able to login in as clair@aamail.lan and clair@bbmail.lan.

Even if clair logs in as clair@bbmail.lan the alphabetically first mail domain, @aamail.lan, is used by sogo. The latter could be caused by missing configuration of multi domain support sogo.

And this quasi multi domain setup does not work properly;

domains = {
      aamail.lan = {
        SOGoMailDomain = "aamail.lan";
        SOGoUserSources =(
         {   
            id = groupsaa;
            type = ldap;
            CNFieldName = cn;
            UIDFieldName = cn;
            IDFieldName = cn;
            baseDN = "ou=Groups,dc=directory,dc=nh";     
            bindDN = "cn=sogo,dc=directory,dc=nh";
            bindPassword = XXXX;
            scope = ONE;
            canAuthenticate = YES;
            displayName = "{mail} groups";
            hostname = "ldapi://";
            isAddressBook = NO;
         },
         {   
            id = usersaa;
            type = ldap;
            CNFieldName = cn;
            UIDFieldName = uid;
            IDFieldName = mail;
            bindFields = (mail);
            baseDN = "ou=People,dc=directory,dc=nh";
            bindDN = "cn=sogo,dc=directory,dc=nh";
            bindPassword = XXXX;
            scope = ONE;
            filter = "accountStatus=active";
            canAuthenticate = YES;
            displayName = "{mail} users";
            hostname = "ldapi://";
            isAddressBook = YES;
         }
        );
      };
      bbmail.lan = {
        SOGoMailDomain = "bbmail.lan";
        SOGoUserSources =(
         {   
            id = groupsbb;
            .... /  same credentials as aamail.lan
         },
         {   
            id = usersbb;
            .... /  same credentials as aamail.lan.
         }
        );
      };
    };

Login is oke, redirect to web page does not work
(addressbar browser after login: https://mail.sogo.lan/SOGo/so/SOGo/clair%40aamail.lan)

please share your thoughts

Works fine for me;
cannot install it on a vanilla system enabeling nethserver-testing repo:

warning: /var/cache/yum/x86_64/7/nethserver-testing/packages/sope49-gdl1-mysql-4.9-20160127_1664.el7.1.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID f25b5f70: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NethServer-7
The GPG keys listed for the "NethServer 7.2.1511 testing" repository are already installed but they are not correct for this package.
Check that the correct key URLs are configured for this repository.
Failing package is: sope49-gdl1-mysql-4.9-20160127_1664.el7.1.x86_64
GPG Keys are configured as: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NethServer-7

Local install on vanilla system after download works fine;
surprises me, being wrongly afraid sogo.conf expanding before sogo user was added.
I found some minor improvements, foremost removing deprecated settings.
when should i give those to you?

@mark_nl please install PHPLDAPADMIN and a lot of things should be clear regarding LDAP shceme.

I do not why but for some purpose we add @mail for each domain, so @mail addresses are doubled for each domain.

I took a (brief) look with a remote ldap browser, and came to conclusion it canā€™t be done without changing the ldap schema.

Hoped someone else had a brilliant idea :grinning:

To avoid regressions iā€™v took a look at former issues;

can somebody (@davidep ??) fill me in on this:
sogo-config template: sogoUserSources elements order matters. Refs #2808

The order is preserved, how to test this?

I donā€™t remember why ā€œorder mattersā€, but we could find some hints here

http://dev.nethserver.org/issues/2808

hmm this seem to be a regression :cry:
iā€™ll investigateā€¦

EDIT :
Found an error in suppling the two UserSources dictionaries, but still not working;
not so sure itā€™s a regression of sogo.conf, not working on my ns6 ā€œreferenceā€ system.

expected behavior:

log in to SOGo with one user (letā€™s say user1) and select Address Book (or Calendar) menu;
share user1ā€™s personal address book (or personal calendar) with a group (letā€™s say testgroup) giving at least read permission;
log user1 out;
log in to SOGo again with a different user whom belongs to testgroup group (letā€™s say user2) ;
try to ubscribe user1ā€™s shared address book (or calendar)

Can someone confirm this works on ns6?

There were some issues on rpm signatures, should be fixed now.

You can add them to the bug ( SOGo 3: use sogo.conf Ā· Issue #5028 Ā· NethServer/dev Ā· GitHub ), or by opening a new pull request.

Really interested in this work, please donā€™t give up and keep us in touch! :grinning:

Wow, itā€™s in testing
Iā€™m going to to test it in the afternoon. Thank you @giacomo and @mark_nl