Sogo log shows a strange error and no connection to mail-server

m.traeumner · December 18, 2020, 1:54pm

NethServer Version: 7.9.2009
Module: SOGo

I tried to connect sogo to the local mailserver, but if open mail tab at SOGo it shows there is an error with the communication.
So I looked at the sogo.log and found something else:

Dec 18 06:43:21 sogod [64066]: [ERROR] <0x55a8c6d37990[SOGoAppointmentFolder]:537-5F116C80-3-13FC4760> Group @MyGroup1 has no member with UID MyUser2

This is right, MyUser1 is member of group MyGroup1, but it reports this message for every group with this user. Also every other user is reported.
At the end I have the following:

Dec 18 14:39:12 sogod [57993]: <0x0x55a8c61088c0[LDAPSource]> <NSException: 0x55a8c6626720> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{“error_code” = 49; login = “samaccountname=User1,ou=verwaltung,dc=MyDomain,dc=local”; }

stephdl · December 18, 2020, 3:20pm

we only read from LDAP, if the error exists in LDAP, we can find it in SOGo

mrmarkuz · December 18, 2020, 5:30pm

Is the password correct or does it contain a special char?

Maybe case sensitive username?

I think the OU should be users instead of verwaltung.

m.traeumner · December 21, 2020, 10:02am

It is every user at the ad who uses sogo with caldavsynchronizer. The passwords are correct and some without special characters.

This is not possible, we have one ou “Users” (only System-Users), one ou “Verwaltung” and one ou “Betrieb”.
But after I read your question I thought about my custom-template, perhaps this is the problem.

{
    use NethServer::SSSD; 
    my $sssd = new NethServer::SSSD();

    my $baseDN = $sssd->baseDN();
    my $bindDN = $sssd->bindDN();
    $bindDN =~ s/\\/\\\\/g;
    my $userDN = $sssd->userDN();
    my $groupDN = $sssd->groupDN();
    my $bindPassword = $sssd->bindPassword();
    my $host = $sssd->host();
    my $ldapURI = $sssd->ldapURI();

    # We must check if starttls is used 
    $tls = $sssd->startTls();
    if ($tls){
        $ldapURI = $ldapURI . '/????!StartTLS';
    }

    # select the email field in case of Microsotf AD bind
    my $CustomEmailField = $sogod{'CustomEmailField'} || 'userPrincipalName';

    if ($sssd->isLdap){
        # user source: ldap
        $OUT .= <<EOF

  /* 45 ldap authentication */
    SOGoUserSources =(
     \{   
        id = groups;
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = cn;
        IDFieldName = cn;
        baseDN = "$groupDN";
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        scope = ONE;
        canAuthenticate = YES;
        MailFieldNames = ("mail");
        displayName = "$SystemName groups";
        hostname = $ldapURI;
        isAddressBook = YES;
     \},
     \{   
        id = users;
        type = ldap;
        CNFieldName = cn;
        UIDFieldName = uid;
        IDFieldName = mail;
        bindFields = (
                mail,
                uid
            );
        IMAPLoginFieldName = mail;
        baseDN = "$userDN";
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        scope = ONE;
        MailFieldNames = ("mail");
        canAuthenticate = YES;
        displayName = "$SystemName users";
        hostname = $ldapURI;
        isAddressBook = YES;
     \}
    );
EOF

    } elsif($sssd->isAD){
        # user source: AD
        $bindPassword =~ s/"/\"/;

        $OUT .= <<EOF

  /* 45 AD authentication */
    SOGoUserSources =(
     \{ 
        id = AD_Users_1;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = $CustomEmailField;
        canAuthenticate = YES;
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        baseDN = "OU=MyOrganisationUnit_1,DC=MyDomainName,DC=local";
        bindFields = (
                sAMAccountName,
                $CustomEmailField
            );
        hostname = $ldapURI;
        filter = "(objectClass='user') AND (sAMAccountType=805306368)";
        MailFieldNames = ("$CustomEmailField");
        scope = SUB;
        displayName = "$DomainName users";
        isAddressBook = YES;
     \},

   \{
        id = AD_Users_2;
        type = ldap;
        CNFieldName = cn;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        IMAPLoginFieldName = $CustomEmailField;
        canAuthenticate = YES;
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        baseDN = "OU=MyOrganisationUnit_2,DC=MyDomainName,DC=local";
        bindFields = (
                sAMAccountName,
                $CustomEmailField
            );
        hostname = $ldapURI;
        filter = "(objectClass='user') AND (sAMAccountType=805306368)";
        MailFieldNames = ("$CustomEmailField");
        scope = SUB;
        displayName = "$DomainName users";
        isAddressBook = YES;
     \},

     \{
        id = AD_Groups_1;
        type = ldap;
        CNFieldName = name;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        canAuthenticate = YES;
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        baseDN = "OU=MyOrganisationUnit_1,DC=MyDomainName,DC=local";
        hostname = $ldapURI;
        filter = "(objectClass='group') AND (sAMAccountType=268435456)";
        MailFieldNames = ("mail");
        scope = SUB;
        displayName = "$DomainName groups";
        isAddressBook = YES;
     \},

     \{
        id = AD_Groups_2;
        type = ldap;
        CNFieldName = name;
        IDFieldName = sAMAccountName;
        UIDFieldName = sAMAccountName;
        canAuthenticate = YES;
        bindDN = "$bindDN";
        bindPassword = "$bindPassword";
        baseDN = "OU=MyOrganisationUnit_2,DC=MyDomainName,DC=local";
        hostname = $ldapURI;
        filter = "(objectClass='group') AND (sAMAccountType=268435456)";
        MailFieldNames = ("mail");
        scope = SUB;
        displayName = "$DomainName groups";
        isAddressBook = YES;
     \}
    );
EOF

    }
}

mrmarkuz · December 22, 2020, 12:41am

I get the same error but mail tab is working so I think the problematic one is

Just a blind shot: In your custom template same displaynames are used for the different users and groups, maybe they need to be different?

m.traeumner · December 22, 2020, 8:54am

Thanks Markus for your answer. I will try this, but in the next year. The company has closed till next year.

You get it with my custom template or without?

mrmarkuz · December 22, 2020, 11:00am

Without.

m.traeumner · January 19, 2021, 8:11am

I’ve found, why I didn’t have a connection to the mail server. sssd service was disabled, I don’t know why.
After enabling it, I’ve no problems with mail.