Author Topic: [SOLVED] SOGo refuses valid credentials after upgrade to Zentyal 5.0.1  (Read 2253 times)

lucrus

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
I've just upgraded a Zentyal instance from 4.1 to 5.0.1.
After upgrade, SOGo doesn't let users log in anymore.
Users can access other Zentyal services like shares and domain logon, so I assume the LDAP & Kerberos parts are working, but SOGo refuses the same credentials.

I've tried copying over the /etc/sogo/sogo.conf from the old installation to the new one, and. I've also tried to follow the suggestion here, to no avail.

In the /var/log/sogo/sogo.log file I get:

Code: [Select]
Jan 31 09:40:41 sogod [13184]: <0x0x561c14f67ce0[LDAPSource]> <NSException: 0x561c155e19b0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "cn=direzione di agape,cn=users,dc=ufficio,dc=lan"; }
Jan 31 09:40:41 sogod [13184]: SOGoRootPage Login from '192.168.1.253' for user 'direzione' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
Jan 31 09:40:41 sogod [13184]: 192.168.1.253 "POST /SOGo/connect HTTP/1.1" 403 34/64 0.028 - - 0

Here is what I believe is the relevant part of my current sogo.conf (the one that worked in the old version):

Code: [Select]
    /* LDAP authentication */
      SOGoUserSources = (
          {
              type = ldap;
              id = sambaLogin;
              displayName = "SambaLogin";
              canAuthenticate = YES;
              CNFieldName = cn;
              IDFieldName = cn;
              UIDFieldName = sAMAccountName;
              hostname = "ldap://127.0.0.1";
              baseDN = "DC=ufficio,DC=lan";
              bindDN = "CN=zentyal-mail-barth,CN=Users,DC=ufficio,DC=lan";
              bindPassword = "mWaByi97SfgLAWZQ49GS";
              bindFields = (sAMAccountName, mail);
              filter = "(mail='*')";
              MailFieldNames = (mail, otherMailbox);
          },
          {
              type = ldap;
              id = sambaShared;
              displayName = "Shared Addressbook";
              canAuthenticate = NO;
              isAddressBook = YES;
              CNFieldName = cn;
              IDFieldName = mail;
              UIDFieldName = mail;
              hostname = "ldap://127.0.0.1";
              baseDN = "DC=ufficio,DC=lan";
              bindDN = "CN=zentyal-mail-barth,CN=Users,DC=ufficio,DC=lan";
              bindPassword = "mWaByi97SfgLAWZQ49GS";
              filter = "((NOT isCriticalSystemObject='TRUE') AND (mail=\'*\') AND (NOT objectClass=contact))";
              MailFieldNames = (mail, otherMailbox);
          },
          {
              type = ldap;
              id = sambaContacts;
              displayName = "Shared Contacts";
              canAuthenticate = NO;
              isAddressBook = YES;
              CNFieldName = cn;
              IDFieldName = mail;
              UIDFieldName = mail;
              hostname = "ldap://127.0.0.1";
              baseDN = "DC=ufficio,DC=lan";
              bindDN = "CN=zentyal-mail-barth,CN=Users,DC=ufficio,DC=lan";
              bindPassword = "mWaByi09SfgLAWZQ49GS";
              filter = "((((objectClass=person) AND (objectClass=contact)     AND ((uidNumber>=2000) OR (mail=\'*\'))) AND (NOT isCriticalSystemObject='TRUE') AND (NOT showInAdvancedViewOnly='TRUE') AND (NOT uid=Guest)) OR (((objectClass=group) AND (gidNumber>=2000)) AND (NOT isCriticalSystemObject='TRUE') AND (NOT showInAdvancedViewOnly='TRUE')))";
              mapping = {
                  displayname = ("cn");
              };
              MailFieldNames = (mail, otherMailbox);
          }
      );

      /* Web Interface */
      SOGoPageTitle = "Zentyal Webmail";
      SOGoVacationEnabled = NO;
      SOGoForwardEnabled = YES;
      SOGoSieveScriptsEnabled = YES;

Can you help me spot the problem?
« Last Edit: February 02, 2018, 10:16:31 am by lucrus »

lucrus

  • Zen Apprentice
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: SOGo refuses valid credentials after upgrade to Zentyal 5.0.1 [SOLVED]
« Reply #1 on: February 02, 2018, 10:14:57 am »
I don't know if it was bad luck or the Zentyal upgrade, but the problem boiled down to expired passwords... maybe all the password were due to expire just the same day I upgraded to Zentyal 5, or maybe the upgrade to Zentyal enabled password expiration that was previously disabled. Unfortunately I don't know if password expiration was set or not before the upgrade.

Something remains unexplained though: domain logos were working also before removing password expiration.
« Last Edit: February 02, 2018, 10:17:52 am by lucrus »