No Access to Webtop, Nextcloud and Sogo after clamav update

activedirectory
v7

(Dr Thomas Quinton) #1

Recently we do not have access to Webtop, Nextcloud and Sogo, nether thru web- interface nor thru (nextcloud)-
client. We had a update done recently (clamav) and a certificate installed.
Webmail (roundcube) is working normaly. It has something to do with the credentials.
Somebody an idea? Would appreciate some inputs. Thanks!


(Markus Neuberger) #2

I assume you see the login page but can’t login. Or are the sites down with some HTTP error?

You may login to Webtop or Nextcloud as admin and look if AD/LDAP is configured correctly. You should find correct config to compare with here in the forum but I can’t find it atm…

Just install Nextcloud and webtop and your account provider on a VM for a working config to compare. Sogo has an /etc/sogo/sogo.conf file where LDAP/AD is configured.


(Dr Thomas Quinton) #3

I ll check- thank s- I ll be back :alarm_clock:


(Dr Thomas Quinton) #4

So that s working.

and at configuration I have a lost conection to the ldap Server as an information.

and I have a configuration false information?!?


(Markus Neuberger) #5

The webtop and nextcloud admins are working. These are application own users provided by the applications itself and have nothing to do with the LDAP/AD admin user. So you can’t login with the AD/LDAP user but app admin works. So the information about wrong AD/LDAP is correct.

Found a link for Webtop with AD:

EDIT:
What’s the result of

[root@server ~]# account-provider-test dump
{
   "BindDN" : "CMB\\SERVER$",
   "LdapURI" : "ldaps://ad.cmb.local",
   "StartTls" : "",
   "port" : 636,
   "host" : "ad.cmb.local",
   "isAD" : "1",
   "isLdap" : "",
   "UserDN" : "dc=ad,dc=cmb,dc=local",
   "GroupDN" : "dc=ad,dc=cmb,dc=local",
   "BindPassword" : "
...

Do you have ldap or ldaps in ldapuri? Is the port correct?

EDIT2:

Here is my working AD part of /etc/sogo/sogo.conf for comparing:

/etc/sogo/sogo.conf
/* 45 AD authentication */
    SOGoUserSources =(
     {
        id = AD_Users;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = userPrincipalName;
        canAuthenticate = YES;
        bindDN = "CMB\\SERVER$";
        bindPassword = "ﶟ昂";
        baseDN = "dc=ad,dc=cmb,dc=local";
        bindFields = (
                sAMAccountName,
                userPrincipalName
            );
        hostname = ldaps://ad.cmb.local;
        filter = "(objectClass='user')";
        MailFieldNames = ("userPrincipalName");
        scope = SUB;
        displayName = "cmb.local users";
        isAddressBook = YES;
     },
     {
        id = AD_Groups;
        type = ldap;
        CNFieldName = name;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        canAuthenticate = YES;
        bindDN = "CMB\\SERVER$";
        bindPassword = "櫖ﶟ";
        baseDN = "dc=ad,dc=cmb,dc=local";
        hostname = ldaps://ad.cmb.local;
        filter = "(objectClass='group') AND (sAMAccountType=268435456)";
        MailFieldNames = ("userPrincipalName");
        scope = SUB;
        displayName = "cmb.local groups";
        isAddressBook = YES;
     }
    );

(nikolaus.herrmann) #6

Sorry for making panic, it was our fault
if LDAP is not reachable by setting a wrong DNS entry, users can not be authenticated
Problem solved

Thanks for all


(Davide Principi) #7

Check certificate configuration & validity