I’ve tried a new installation of nethserver 7 beta 1, than Update to 7 Beta 2 and than joining the active directory. First time I try to access the active directory it says “Invalid credentials” Second time I try with the same credentials (I don’t change anything) it says task comleted with errors. After that I’ve all users listed at the webinterface, but I can’t login at sogo.
I tested sogo with Samba AD long time ago, I don’t know if it still works.
But you can try to configure it using official documentation from Inverse.
If anybody is interested in maintaining nethserver-sogo rpm, I will gladly help.
Oh,I want to access my Windows AD, not Samba.
I’ve no problem with webtop either. But I have to use my ad-users and I have to sync with IOS, Android and Thunderbird.
Hi Giacomo,
now I’ve tested sogo with samba ad, but not with multiple branches. It works very good.
I used Nethserver 7 beta 2 with sogo and samba. I tried the sogo-webinterface and thunderbird with lightning.
For the contacts I used sogo-connector.
EDIT!!! Optimized the code and only one user for binding.
Only four years later I get it working with multiple branches (organisation units).
I created a bind user directly at the Users Directory (not an OU) at AD. This user is used to connect Nethserver to the AD and for Sogo.Therefor I built a custom template 45user_source at
/etc/e-smith/templates-custom/etc/sogo/sogo.conf
{
use NethServer::SSSD;
my $sssd = new NethServer::SSSD();
my $baseDN = $sssd->baseDN();
my $bindDN = $sssd->bindDN();
$bindDN =~ s/\\/\\\\/g;
my $userDN = $sssd->userDN();
my $groupDN = $sssd->groupDN();
my $bindPassword = $sssd->bindPassword();
my $host = $sssd->host();
my $ldapURI = $sssd->ldapURI();
# We must check if starttls is used
$tls = $sssd->startTls();
if ($tls){
$ldapURI = $ldapURI . '/????!StartTLS';
}
# select the email field in case of Microsotf AD bind
my $CustomEmailField = $sogod{'CustomEmailField'} || 'userPrincipalName';
if ($sssd->isLdap){
# user source: ldap
$OUT .= <<EOF
/* 45 ldap authentication */
SOGoUserSources =(
\{
id = groups;
type = ldap;
CNFieldName = cn;
UIDFieldName = cn;
IDFieldName = cn;
baseDN = "$groupDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
canAuthenticate = YES;
MailFieldNames = ("mail");
displayName = "$SystemName groups";
hostname = $ldapURI;
isAddressBook = YES;
\},
\{
id = users;
type = ldap;
CNFieldName = cn;
UIDFieldName = uid;
IDFieldName = mail;
bindFields = (
mail,
uid
);
IMAPLoginFieldName = mail;
baseDN = "$userDN";
bindDN = "$bindDN";
bindPassword = "$bindPassword";
scope = ONE;
MailFieldNames = ("mail");
canAuthenticate = YES;
displayName = "$SystemName users";
hostname = $ldapURI;
isAddressBook = YES;
\}
);
EOF
} elsif($sssd->isAD){
# user source: AD
$bindPassword =~ s/"/\"/;
$OUT .= <<EOF
/* 45 AD authentication */
SOGoUserSources =(
\{
id = AD_Users_1;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = $CustomEmailField;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_1,DC=MyDomainName,DC=local";
bindFields = (
sAMAccountName,
$CustomEmailField
);
hostname = $ldapURI;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("$CustomEmailField");
scope = SUB;
displayName = "$DomainName users";
isAddressBook = YES;
\},
\{
id = AD_Users_2;
type = ldap;
CNFieldName = cn;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = $CustomEmailField;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_2,DC=MyDomainName,DC=local";
bindFields = (
sAMAccountName,
$CustomEmailField
);
hostname = $ldapURI;
filter = "(objectClass='user') AND (sAMAccountType=805306368)";
MailFieldNames = ("$CustomEmailField");
scope = SUB;
displayName = "$DomainName users";
isAddressBook = YES;
\},
\{
id = AD_Groups_1;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_1,DC=MyDomainName,DC=local";
hostname = $ldapURI;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "$DomainName groups";
isAddressBook = YES;
\},
\{
id = AD_Groups_2;
type = ldap;
CNFieldName = name;
IDFieldName = sAMAccountName;
UIDFieldName = sAMAccountName;
canAuthenticate = YES;
bindDN = "$bindDN";
bindPassword = "$bindPassword";
baseDN = "OU=MyOrganisationUnit_2,DC=MyDomainName,DC=local";
hostname = $ldapURI;
filter = "(objectClass='group') AND (sAMAccountType=268435456)";
MailFieldNames = ("mail");
scope = SUB;
displayName = "$DomainName groups";
isAddressBook = YES;
\}
);
EOF
}
}
Now we have to expand the template:
expand-template /etc/sogo/sogo.conf
Also I updated sogo config with:
signal-event nethserver-sogo-update
Hope this can help some others. If somebody has problems, I will try to help.