SOGo and AD brainstorming

sogo
v7
activedirectory
mailserver

(Stefano Zamboni) #18

ok, clean install of TB 52.4.0 32 bit on a new w10 pro joined to the domain, installed sogo-connector-31.0.5.xpi, created a new account

in the debugger console I read:

NS_ERROR_MALFORMED_URI: Component returned failure code: 0x804b000a
(NS_ERROR_MALFORMED_URI) [nsIIOService2.newURI] sogoWebDAV.js:157
_makeURI chrome://inverse-library/content/sogoWebDAV.js:157:16
sogoWebDAV.prototype._sendHTTPRequest
chrome://inverse-library/content/sogoWebDAV.js:174:51
sogoWebDAV.prototype.load
chrome://inverse-library/content/sogoWebDAV.js:374:13
sogoWebDAV.prototype.propfind
chrome://inverse-library/content/sogoWebDAV.js:441:9
GroupDavSynchronizer.prototype.fillServerHashes
chrome://sogo-connector/content/general/sync.addressbook.groupdav.js:323:9
GroupDavSynchronizer.prototype.start
chrome://sogo-connector/content/general/sync.addressbook.groupdav.js:187:17
GetSyncNotifyGroupdavAddressbook/sync.notify
chrome://sogo-connector/content/general/sync.addressbook.groupdav.js:1716:13
startFolderSync
chrome://sogo-connector/content/addressbook/messenger.groupdav.overlay.js:244:13
OnLoadMessengerOverlay
chrome://sogo-connector/content/addressbook/messenger.groupdav.overlay.js:87:9

sorry for the bad formatting, can’t make a simple copy and paste

And it simply doesn’t work


(Stefano Zamboni) #19

DOH!

now it works… and I didn’t touch anything :expressionless:
will investigate
Thank you


(Stéphane de Labrusse) #20

I recall something similar to your issue, we talked about sometime ago with davidep. I tought the issue was solved by an update because i tested last night with a fresh vm

Start the vm
Full update
Install nethserver-dc
Install nethserver-sogo

Like i said i cannot reproduce your issue but we might do some changes like you introduced

Do others can test and see if the domain name in sogo is a dummy or good one ?


(Michael Träumner) #21

I don’t understand why. At Outlook caldav synchronizer I had the problem with the certificate, I had to install it at IE, but if you have’nt change anything its “magical” :wink:


(Stéphane de Labrusse) #22

To any documentation writer, please feel fre to edit the sogo wiki page and add some admin feedbacks.

I tried to add some contents and I would be pleased if you can enhance it


(Stéphane de Labrusse) #23

Fun the ‘mail’ field doesn’t exist in the samba4 Ldap, this field can be found in openldap, can you install nethserver-phpldapadmin and see if your user gets this property


(Stefano Zamboni) #24

It exists in M$ AD, I can see it using ldapsearch


(Stéphane de Labrusse) #25

It exists in M$ AD, I can see it using ldapsearch

I need your help, my time is really limited right now

what is the full ldapsearch command


(Stéphane de Labrusse) #26

well nothing related to ‘mail’ in samba4 LDAP

ldapsearch -Z -x -D CN=Admin,CN=Users,dc=ad,dc=plop,dc=org -w 'MYSTRONGPASSWORD' -b CN=Users,dc=ad,dc=plop,dc=org -h 192.168.12.46

this is the output

# toto, Users, ad.plop.org
dn: CN=toto,CN=Users,DC=ad,DC=plop,DC=org
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: toto
givenName: stephane de labrusse
instanceType: 4
whenCreated: 20171010203700.0Z
displayName: stephane de labrusse
uSNCreated: 3737
name: toto
objectGUID:: bocLKq0eYUicsr2LdvmrEQ==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAA05ZY3HvDMEYE9H7sUQQAAA==
sAMAccountName: toto
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ad,DC=plop,DC=org
loginShell: /usr/libexec/openssh/sftp-server
unixHomeDirectory: /var/lib/nethserver/home/toto
userPrincipalName: toto@nethservertest.org
userAccountControl: 66048
accountExpires: 0
pwdLastSet: 131521414258217010
lastLogonTimestamp: 131521414674563620
whenChanged: 20171010203747.0Z
uSNChanged: 3745
lastLogon: 131521415586992820
logonCount: 28
distinguishedName: CN=toto,CN=Users,DC=ad,DC=plop,DC=org

@davidep, some input on the ‘mail’ property in samba4, I’m puzzled :slight_smile:


(Stefano Zamboni) #27

mine is a w2008r2 AD DC… no samba4 DC on this side… I have to work only with M$ AD from 2008r2 to 2016

will post tomorrow my ldapsearch result.

In any case, we’d have a key in configuration to tell the system we’re joined to a M$ or a Samba4 AD, so we can use the proper fileds in sogo’s conf…


(Stéphane de Labrusse) #28

OK :slight_smile:

yes a key name could be imagined for the IMAPLoginFieldName. First we can decide to do it in the sogo’s side but it will be a manual action. I’m not sure that we can do something automatic here.

I wil be interested


(Stefano Zamboni) #29

here it is

dn: CN=Stefano Zamboni,CN=Users,DC=dominio,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Stefano Zamboni
sn: Zamboni
givenName: Stefano
distinguishedName: CN=Stefano Zamboni,CN=Users,DC=dominio,DC=local
instanceType: 4
whenCreated: 20171009100912.0Z
whenChanged: 20171009112635.0Z
displayName: Stefano Zamboni
uSNCreated: 12869
uSNChanged: 12983
name: Stefano Zamboni
objectGUID:: j8zjI5jDAkaicDOqjQwibw==
userAccountControl: 66048
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 131522113073066265
pwdLastSet: 131520173527968750
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAJ3qZWx5M3HO4DTVUUwQAAA==
accountExpires: 9223372036854775807
logonCount: 469
sAMAccountName: s.zamboni
sAMAccountType: 805306368
userPrincipalName: s.zamboni@dominio.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=dominio,DC=local
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 131520174140468750
mail: s.zamboni@dominio-cliente.it

(Stefano Zamboni) #30

mail come from here:


(Davide Principi) #31

The userPrincipalName field is defined as the “official” user’s email address (and is good for logging in on a workstation too).

With a local AD accounts provider the userPrincipalName value is automatically set in user long name form, i.e. toto@nethserver.org - applying the NethServer domain name.

Instead, the default AD behavior is using the AD domain as suffix (i.e. toto@ad.plop.org). In this case, if you want to set userPrincipalName to a good email address, the configuration must be done manually - or using a Power Shell script or similar.

As alternative you could use the mail field or similar, if you can trust its value. Again, it must be set manually. The field must be also configured to be used by SOGo as well.


SOGO and AD name
(Stéphane de Labrusse) #32

ok the best is to release a customisable key by the command line


(Stéphane de Labrusse) #33

@Stefano_Zamboni I can see several sogo variables related to userPrincipalName

    IMAPLoginFieldName = userPrincipalName;

    bindFields = ( 
            sAMAccountName,
            userPrincipalName
        );
    MailFieldNames = ("userPrincipalName");

did you changed all ?


(Stéphane de Labrusse) #34

can u test this rpm

yum install http://mirror.de-labrusse.fr/NethDev/nethserver-sogo/nethserver-sogo-1.6.12-1.ns7.sdl.noarch.rpm

config setprop sogod IMAPLoginFieldName mail
signal-event nethserver-sogo-update

then all values ‘userPrincipalName’ will be changed to ‘mail’

for reversing

config setprop sogod IMAPLoginFieldName ''
signal-event nethserver-sogo-update

or

config delprop sogod IMAPLoginFieldName
signal-event nethserver-sogo-update

Dovecot and user-shared mailboxes issue
Nethserver SOGo + Outlook return-path
(Alberto Grasso) #35

Fantastic, it seems to work perfectly!
I’m testing in a test environment, but what is the safest method to upgrade a SOGo 3.2.9 installation using nethserver-sogo-1.6.12-1.ns7.sdl.noarch.rpm package?


(Stéphane de Labrusse) #36

sogo released with the customisable field IMAPLoginFieldName


(Jeroen Visser) #37

The only issue I encounter is sharing user-mailboxes, when the malbox name is not equal to the username.

// Shared mailboxes are { $dovecot{SharedMailboxesStatus} }
namespace SHARED_USERS {
type = shared
disabled = { $dovecot{SharedMailboxesStatus} eq ‘enabled’ ? ‘no’ : ‘yes’ }
separator = /
prefix = Shared/%%n@{{ $DomainName }}/
location = maildir:/var/lib/nethserver/vmail/%%u/Maildir:INDEXPVT=~/Maildir/shared**/%%u**
subscriptions = no
list = children
}

Aside from that, this works like a charm and is much preferred. How do I ever get dovecot to look in the right folder for shared mailboxes tho ?

#sogo.log
Nov 17 14:19:49 sogod [9673]: [ERROR] <0x0x5589e2e4f460[NGImap4Connection]> could not select URL: imap://t.account%40example.com@localhost/Shared/: {RawResponse = “{ResponseResult = {description = “Mailbox doesn’t exist: Shared”; result = no; tagId = 6; }; }”; reason = “Mailbox doesn’t exist: Shared”; result = 0; } Nov 17 14:19:49 sogod [9673]: 192.168.50.38 “POST /SOGo/so/lmst01/Mail/0/folderShared/view HTTP/1.1” 500 72/48 0.340 - - 0

This will not ever match afaik … can I implement email like I am trying atm or is this fruitless and a massive waste of time ?