No Login under SOGO

gerald_FS · December 18, 2016, 10:49am

Welcome to the club!
Willkommen im Club!

But I think that we will still go !
The advantages of the 7er version are greater than the current suffer.
And here we are in good hands, all problems have been solved here quickly.

hucky · December 18, 2016, 10:53am

at the moment i install it completely new and hope to get my data back.

giacomo · December 18, 2016, 11:13am

I would gladly help to fix Sogo.
@mark_nl could you please open a pull request with all modifications to the package?

Then I will try to fix it

hucky · December 18, 2016, 1:04pm

After a complete new install i am not able to log on at Sogo, so it is not only after an Update it is also after a new Installation.

dnutan · December 18, 2016, 1:15pm

I can confirm what @hucky says about sogo on a clean RC3 system with nethserver-dc as account provider.
No difference neither when using the sogo package from nethforge-testing. Same errors as reported by @gerald_FS.

gerald_FS · December 18, 2016, 1:38pm

Hello again,

I have my configuration data viewed from sogo, while I am compared to the server (RC2), which performs with me his trust service that the overall addressing of the LDAP service is differently structured.

Can that possibly be our problem?

The differences I have at the beginning of the line with !!! marked

Ich hoffe ich kann etwas zur Problemlösung beitragen

Here the sogo.conf on my server (RC2) the works:

 /* 45 AD authentication */
    SOGoUserSources =(
     {
      	id = AD_Users;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = userPrincipalName;
        canAuthenticate = YES;
 !!!!   bindDN = "cn=OPENZWO,cn=Computers,dc=nandlnet,dc=de";
        bindPassword = "J(oOXy:m@[;:~-";
        baseDN = "cn=Users,dc=nandlnet,dc=de";
        bindFields = (
                sAMAccountName,
                userPrincipalName
            );
!!!!	hostname = ldap://nsdc-openzwo.nandlnet.de:389;
        filter = "(objectClass='user')";
        scope = SUB;
        displayName = "nandlnet.de users";
        isAddressBook = YES;
     },
     {
      	id = AD_Groups;
        type = ldap;
        CNFieldName = name;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        canAuthenticate = YES;
  !!!!   BindDN = "cn=OPENZWO,cn=Computers,dc=nandlnet,dc=de";
        bindPassword = "J(oOXy:m@[;:~-";
        baseDN = "cn=Users,dc=nandlnet,dc=de";
  !!!!    hostname = ldap://nsdc-openzwo.nandlnet.de:389;
        filter = "(objectClass='group') AND (sAMAccountType=268435456)";
        scope = SUB;
        displayName = "nandlnet.de groups";
        isAddressBook = YES;
     }
    );

Here the sogo.conf of RC3:

  /* 45 AD authentication */
    SOGoUserSources =(
     {
      	id = AD_Users;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = userPrincipalName;
        canAuthenticate = YES;
 !!!!   bindDN = "NEUCHING\JAGERBOX$";
        bindPassword = "CA-,VeZ_dL7,9:";
        baseDN = "cn=Users,dc=neuching,dc=com";
        bindFields = (
                sAMAccountName,
                userPrincipalName
            );
   !!!!    hostname = ldaps://neuching.com;
            filter = "(objectClass='user')";
            scope = SUB;
            displayName = "neuching.com users";
            isAddressBook = YES;
         },
         {
          	id = AD_Groups;
            type = ldap;
            CNFieldName = name;
            IDFieldName = sAMAccountName;
            UIDFieldName = sAMAccountName;
            canAuthenticate = YES;
      !!!!      bindDN = "NEUCHING\JAGERBOX$";
            bindPassword = "CA-,VeZ_dL7,9:";
            baseDN = "cn=Users,dc=neuching,dc=com";
      !!!!      hostname = ldaps://neuching.com;
            filter = "(objectClass='group') AND (sAMAccountType=268435456)";
            scope = SUB;
            displayName = "neuching.com groups";
            isAddressBook = YES;
         }
        );

hucky · December 18, 2016, 6:28pm

Hey Gerald,
i take a quick look at your server and saw also at your side everything is up. apache, sogo etc. u also have the newest version 3.2.4. i tried to figure out since a few days now where the problem with the authentication is but did not find a bit

gerald_FS · December 18, 2016, 8:10pm

So Found a mistake!

In the sogo.conf is currently the wrong ldap server specify, I have now corrected all lines as specified in the RC2.

So all with “!!!” marked lines are to be adjusted, then go!

And it works!

gerald_FS · December 18, 2016, 8:12pm

So the problem is solved - unfortunately it can not be noted

davidep · December 18, 2016, 8:23pm

I’d rather say you found a solution for it

I bet @mark_nl already started working on this fix, but he’s probably busy in this period for his new job.

Does anybody want to open a PR on GitHub?

Do you know you can even edit the source code directly on the github web page ?

gerald_FS · December 18, 2016, 8:29pm

I know that it is, but I am not so far that I can put myself there without danger for other hand.

If I have only the sympthome treated, the last step must make someone have a idea of it and it can.

m.traeumner · December 19, 2016, 8:49am

After the steps from @davidep the “Account provider error” is away.
But I can’t login to Sogo anymore. I’ve tried to set a new password to the user, but it dosn’t change anything.
This is the log

Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa70f219c0[LDAPSource]> Could not bind to the LDAP server ldaps://MyDomain.de (389) using the bind DN: MyDomainHostname$
Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa70f219c0[LDAPSource]> <NSException: 0x7ffa71de2360> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “MYDOMAINHOSTNAME$”; }
Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa714faa40[LDAPSource]> Could not bind to the LDAP server ldaps://MyDomain.de (389) using the bind DN: MYDOMAINHOSTNAME $
Dec 19 09:38:19 sogod [1643]: [ERROR] <0x0x7ffa714faa40[LDAPSource]> <NSException: 0x7ffa71e0e7b0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = " MYDOMAINHOSTNAME $"; }
Dec 19 09:38:19 sogod [1643]: 192.168.46.130 “PROPFIND /SOGo/dav/username/Contacts/236A-57E4D080-1-697F2E00/ HTTP/1.1” 404 74/175 0.069 - - 0

davidep · December 19, 2016, 11:33am

One problem, one topic. Please help us keep clean and don’t cross-post:

(Moved here)

flatspin · December 19, 2016, 1:32pm

Thanks @gerald_FS . I faced the same problem with SOGo. Changed sogo.conf as you discribed and now it works. Saved a lot of time.

giacomo · December 19, 2016, 5:13pm

I just updated the rpm in nethforge-testing:
nethserver-sogo-1.6.1-1.15.ga5eb638.ns7.noarch.rpm

Please check it out! /cc @dnutan @mark_nl @flatspin @hucky @m.traeumner

(I haven’t tested it with remote account providers.)

mark_nl · December 19, 2016, 7:40pm

Thanx,

I could not figure out how to get the right credentials;
Thanx a lot!

m.traeumner · December 20, 2016, 8:27am

Hi Giacomo,
I think I do a mistake by installing, can you help?
I tried this command:

yum install --enablerepo=nethforge-testing nethserver-sogo-1.6.1-1.15.ga5eb638.ns7.noarch.rpm

and it shows

No package nethserver-sogo-1.6.1-1.15.ga5eb638.ns7.noarch.rpm available.

UPDATE!
I try the following command and it works well

yum --enablerepo=nethforge-testing install nethserver-sogo

flatspin · December 20, 2016, 8:36am

Super! Will test it today! Thanks Giacomo.

transocean · December 20, 2016, 2:49pm

Hi Giacomo,

thanks too! It works.

Regards

Uwe

dnutan · December 20, 2016, 3:24pm

Package on testing repo fixed the issue on a local AD account provider.
A quick run on a simple bound NS7 to sambaAD (NS7) worked also.