1

Topic: Problem with logging into sogo after updates/installation

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
======== Required information ====
- iRedMail version (check /etc/iredmail-release): 9.5.1
- Linux/BSD distribution name and version: centos6.8
- Store mail accounts in which backend (LDAP):
- Web server (Apache ):
- Manage mail accounts with iRedAdmin-Pro? no
- Related log if you're reporting an issue:
====
here is the relevant part of the /var/log/sogo/sogo.log

Sep 29 16:57:45 sogod [8127]: <0x0x561e259b7ea8[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Sep 29 16:57:45 sogod [8127]: <0x0x561e259b7ea8[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
Sep 29 16:57:45 sogod [8127]: [ERROR] <0x0x561e25e73468[SOGoUserManager]> No authentication sources defined - nobody will be able to login. Check your defaults.
Sep 29 16:57:45 sogod [8127]: SOGoRootPage Login from '149.135.50.214' for user 'support@smartspacehq.com' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 29 16:57:45 sogod [8127]: 149.135.50.214 "POST /SOGo/connect HTTP/1.1" 403 34/79 0.034 - - 4M
Sep 29 16:57:51 sogod [8127]: 149.135.50.214 "GET /SOGo/ HTTP/1.1" 200 6782/0 0.039 25285 73% 1M
Sep 29 16:58:16 sogod [8127]: SOGoRootPage Login from '149.135.50.214' for user 'support@smartspacehq.com' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 29 16:58:16 sogod [8127]: 149.135.50.214 "POST /SOGo/connect HTTP/1.1" 403 34/79 0.002 - - 64

*******************************************************************************
i have successfully updated a working iredmail installation from 0.8.7 to the current 9.5.1 using the docs provided.

i then installed the sogo application (which was not previously installed), again using the docs. i had a few problems with  it resolving to the right page and a couple of other issues which i sorted out.

however, when trying to log in as one of the users on the system, it would not authenticate.

the log of the failed authentication is included. i have attemtped to solve this issue, but do not know enough about the sogo installation to where else to look apart from sogo.conf

i have gone through the sogo.conf file line by line to try to get it to match a separate sogo install which is working perfectly, but there is still the failed authentication problem.

can anyone suggest where i might "define the authetication sources"

cheers rs.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Problem with logging into sogo after updates/installation

You can compare your sogo.conf to our sample (/etc/sogo/sogo.conf):
https://bitbucket.org/zhb/iredmail/src/ … ew-default

I think the one you missing is:

    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;
            isAddressBook = NO;
            displayName = "LDAP Authentication";

            hostname = "PH_LDAP_URI";
            baseDN = "PH_LDAP_BASEDN";
            bindDN = "PH_LDAP_BINDDN";
            bindPassword = "PH_LDAP_BINDPW";
            filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
            scope = SUB;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha512;

            CNFieldName = cn;
            IDFieldName = mail;
            bindFields = (mail);
            // value of UIDFieldName must be unique on entire server
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
        },
        {
            // Used for global address book
            type = ldap;
            id = global_addressbook;
            canAuthenticate = NO;
            isAddressBook = YES;
            displayName = "Global Address Book";

            // Listing of this LDAP source is only possible when performing a
            // search (respecting the SOGoSearchMinimumWordLength parameter)
            // or when explicitely typing a single dot.
            // Defaults to YES when unset.
            //
            // WARNING: if you have many accounts in this address book, it may
            //          reach server-side query size limit, or cause
            //          performance issue.
            listRequiresDot = NO;

            hostname = "PH_LDAP_URI";
            baseDN = "PH_LDAP_BASEDN";
            bindDN = "PH_LDAP_BINDDN";
            bindPassword = "PH_LDAP_BINDPW";
            filter = "((enabledService=mail AND accountStatus=active AND enabledService=displayedInGlobalAddressBook) AND ((objectClass=mailUser AND enabledService=sogo) OR (objectClass=mailList) OR (objectClass=mailAlias)))";
            scope = SUB;

            IDFieldName = mail;
            bindFields = (mail);
            CNFieldName = cn;
            // value of UID field must be unique on whole server.
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
        }
    );

A simple and better way to get a working sogo.conf is installing iRedMail in a virtual machine, then copy it and replace SQL/LDAP credentials in it. This way you don't need to figure out what settings you need/miss and what values you should use.

3 (edited by raystrach 2016-09-30 07:22:34)

Re: Problem with logging into sogo after updates/installation

thanks for your reply zang.

this has helped but not solved the issue. here is the log output now.

Sep 30 08:52:06 sogod [31608]: <0x0x5586125645f8[WOHttpAdaptor]> notified the watchdog that we are ready
Sep 30 08:52:30 sogod [31608]: <0x0x5586124e7788[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
Sep 30 08:52:30 sogod [31608]: <0x0x5586124e7788[SOGoCache]> Using host(s) '127.0.0.1' as server(s)
Sep 30 08:52:30 sogod [31608]: 149.135.50.214 "GET /SOGo/ HTTP/1.1" 200 6781/0 0.050 25283 73% 5M
Sep 30 08:52:46 sogod [31608]: SOGoRootPage Login from '149.135.50.214' for user 'support@smartspacehq.com' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 30 08:52:46 sogod [31608]: 149.135.50.214 "POST /SOGo/connect HTTP/1.1" 403 34/79 0.011 - - 444K

i discovered that i had not removed the "/*" from the start and end of the block which obviously helped a lot.

also the original code i had ( and the working code in another server ) only had one block whereas your code posted above has 2 comma separated blocks.

it was not working with the generic settings below, so i individualised the bind and base settings using the details out of the original iredmail.tips file.

i tried both the vmailadmin and vmail settings and password for the bindDN settings

i used both ssha512 and ssha for the userpasswordalgorithm

none of this made any difference.

here are the sogousersources:

    // Authentication using LDAP
    // LDAP backend
    SOGoUserSources = (
        {
           type = ldap;
            id = users;
            canAuthenticate = YES;
            isAddressBook = NO;
            displayName = "LDAP Authentication";

            hostname = "ldap://127.0.0.1:389";
            baseDN = "o=domains,dc=smartmailhq,dc=com";
            bindDN = "cn=vmailadmin,dc=smartmailhq,dc=com";
            bindPassword = "xxx";
            //bindDN = "cn=vmail,dc=smartmailhq,dc=com";
            //bindPassword = "xxx";

            filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
            scope = SUB;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha;

            CNFieldName = cn;
            IDFieldName = mail;
            bindFields = (mail);
            // value of UIDFieldName must be unique on entire server
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
        },    
        {

            // Used for global address book
            type = ldap;
            //id = ldap_auth;
            id = gloabl_addressbook;
            canAuthenticate = NO;
            isAddressBook = YES;
            displayName = "Global Address Book";

            listRequiresDot = NO;
            hostname = "ldap://127.0.0.1:389";
            baseDN = "o=domains,dc=smartmailhq,dc=com";
            bindDN = "cn=vmailadmin,dc=smartmailhq,dc=com";
            bindPassword = "xxx";
            //bindDN = "cn=vmail,dc=smartmailhq,dc=com";
            //bindPassword = "xxx";

            filter = "((enabledService=mail AND accountStatus=active AND enabledService=displayedInGlobalAddressBook) AND ((objectClass=mailUser AND enabledService=sogo) OR (objectClass=mailList) OR (objectClass=mailAlias)))";

            scope = SUB;

            IDFieldName = mail;
            bindFields = (mail);
            CNFieldName = cn;
            // value of UID field must be unique on whole server.
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);

            // Listing of this LDAP source is only possible when performing a
            // search (respecting the SOGoSearchMinimumWordLength parameter)
            // or when explicitely typing a single dot.
            // Defaults to YES when unset.
            //
            // WARNING: if you have many accounts in this address book, it may
            //          reach server-side query size limit, or cause
            //          performance issue.

        }
    );
    //LDAP backend */

i know my password is correct as it is successfully logging me in via roundcube.

there is nothing in the log that points me in the right direction. i am clueless as there is something i have obviously failed to do elsewhere, possibly with password policy 65535, but where?

edit: i obviously restarted sogod and even other services like httpd and memcached thinking that might help

4

Re: Problem with logging into sogo after updates/installation

*) Turn on debug mode in SOGo first, including LDAP debug: http://www.iredmail.org/docs/debug.sogo.html

*) I suppose your LDAP accounts doesn't have attribute/value "enabledservice=sogo", please remove "AND enabledService=sogo" in "filter" parameters, restart sogo service and try again.

*) Reset your password, then try again. (It doesn't have to be a new password.)

*) Create a new user with iRedAdmin, then try again with this new user.

5 (edited by raystrach 2016-10-01 11:05:48)

Re: Problem with logging into sogo after updates/installation

thanks for that zang - it worked!

first i created a new account without any changes to sogo.conf and i was able to log in to that account. - all good so far.

then i removed the sogo service from the config and restarted sogo and i was able to login without doing anything else!

i am interested to know why the removal of that enabled service made the difference.

was it anything to do with the hashing and matching of passwords?

cheers, rs

ps. i know it is slightly off topic, but i note the creation of multiple user tables (empty) in the sogo database for each account that has logged in. is this normal behavior and do they get cleaned up at some stage?

6

Re: Problem with logging into sogo after updates/installation

The "enabledservice=sogo" is part of ldap filter, just like SQL statement "WHERE enabledservice=sogo ...", so if you have this filter in sogo " filter =", you must have it.

7

Re: Problem with logging into sogo after updates/installation

raystrach wrote:

ps. i know it is slightly off topic, but i note the creation of multiple user tables (empty) in the sogo database for each account that has logged in. is this normal behavior and do they get cleaned up at some stage?

this is normal, sogo does that.

In upcoming iRedMail release, we have new parameters to avoid this, and we just need 7 tables (if I remember correctly. But it's fixed number, not dynamicly growing) in total. I will release a separate tutorial to help our users to switch to this new / better settings. (Feel free to ask me to publish it if I forgot or didn't publish it in time.)

8

Re: Problem with logging into sogo after updates/installation

thanks for all that zhang

will look forward to the update.

9

Re: Problem with logging into sogo after updates/installation

Hi raystrach,

I published the tutorial here:
http://www.iredmail.org/docs/upgrade.so … ables.html