Hi all
I try to authenticate user in sogo with a remote account provider Samba AD and it fails
sogo.log
[root@NS7DEV9 ~]# tailf /var/log/sogo/sogo.log
Jun 08 20:16:38 sogod [13286]: <0x0x7f558c2bfe70[LDAPSource]> <NSException: 0x7f558be1b150> NAME:LDAPException REASON:operation bind failed: Strong(er) authentication required (0x8) INFO:{"error_code" = 8; login = "samaccountname=toto,dc=stephdl,dc=dyndns,dc=org"; }
Jun 08 20:16:38 sogod [13286]: [ERROR] <0x0x7f558c226de0[LDAPSource]> Could not bind to the LDAP server ldap://nsdc-ns7dev8.stephdl.dyndns.org (389) using the bind DN: STEPHDL\NS7DEV9$
Jun 08 20:16:38 sogod [13286]: [ERROR] <0x0x7f558c226de0[LDAPSource]> <NSException: 0x7f558c3067c0> NAME:LDAPException REASON:operation bind failed: Strong(er) authentication required (0x8) INFO:{"error_code" = 8; login = "STEPHDL\\NS7DEV9$"; }
Jun 08 20:16:38 sogod [13286]: SOGoRootPage Login from '192.168.12.25' for user 'toto' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
Jun 08 20:16:38 sogod [13286]: 192.168.12.25 "POST /SOGo/connect HTTP/1.1" 403 34/69 0.008 - - 0
Jun 08 20:16:50 sogod [13286]: <0x0x7f558c2bfe70[LDAPSource]> <NSException: 0x7f558c243830> NAME:LDAPException REASON:operation bind failed: Strong(er) authentication required (0x8) INFO:{"error_code" = 8; login = "samaccountname=toto@stephdl.dyndns.org,dc=stephdl,dc=dyndns,dc=org"; }
Jun 08 20:16:50 sogod [13286]: [ERROR] <0x0x7f558c226de0[LDAPSource]> Could not bind to the LDAP server ldap://nsdc-ns7dev8.stephdl.dyndns.org (389) using the bind DN: STEPHDL\NS7DEV9$
Jun 08 20:16:50 sogod [13286]: [ERROR] <0x0x7f558c226de0[LDAPSource]> <NSException: 0x7f558c3060d0> NAME:LDAPException REASON:operation bind failed: Strong(er) authentication required (0x8) INFO:{"error_code" = 8; login = "STEPHDL\\NS7DEV9$"; }
Jun 08 20:16:50 sogod [13286]: SOGoRootPage Login from '192.168.12.25' for user 'toto@stephdl.dyndns.org' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
Jun 08 20:16:50 sogod [13286]: 192.168.12.25 "POST /SOGo/connect HTTP/1.1" 403 34/88 0.009 - - 0
If I change in the /etc/sogo/sogo.conf
- hostname = ldap://nsdc-ns7dev8.stephdl.dyndns.org;
+ hostname = ldaps://nsdc-ns7dev8.stephdl.dyndns.org;
then the login is successful.
on the remote AD SAMBA
[root@NS7DEV8 ~]# account-provider-test dump
{
"BindDN" : "STEPHDL\\NS7DEV8$",
"LdapURI" : "ldaps://stephdl.dyndns.org",
"StartTls" : "",
"port" : 636,
"host" : "stephdl.dyndns.org",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "dc=stephdl,dc=dyndns,dc=org",
"GroupDN" : "dc=stephdl,dc=dyndns,dc=org",
"BindPassword" : "hRmZHxK%nEN+8L",
"BaseDN" : "dc=stephdl,dc=dyndns,dc=org",
"LdapUriDn" : "ldap:///dc%3Dstephdl%2Cdc%3Ddyndns%2Cdc%3Dorg"
}
on the local server with sogo (the account provider is a remote AD Samba)
[root@NS7DEV9 ~]# account-provider-test dump
{
"BindDN" : "STEPHDL\\NS7DEV9$",
"LdapURI" : "ldap://nsdc-ns7dev8.stephdl.dyndns.org",
"StartTls" : "",
"port" : 389,
"host" : "nsdc-ns7dev8.stephdl.dyndns.org",
"isAD" : "1",
"isLdap" : "",
"UserDN" : "DC=stephdl,DC=dyndns,DC=org",
"GroupDN" : "DC=stephdl,DC=dyndns,DC=org",
"BindPassword" : "UNjGG~ZK>p?u]p",
"BaseDN" : "DC=stephdl,DC=dyndns,DC=org",
"LdapUriDn" : "ldap:///dc%3Dstephdl%2Cdc%3Ddyndns%2Cdc%3Dorg"
}
you can see that sogo takes its url from above, but it fails, we should force ldaps
@dev_team what do you think ?