I've just upgraded a Zentyal instance from 4.1 to 5.0.1.
After upgrade, SOGo doesn't let users log in anymore.
Users can access other Zentyal services like shares and domain logon, so I assume the LDAP & Kerberos parts are working, but SOGo refuses the same credentials.
I've tried copying over the /etc/sogo/sogo.conf from the old installation to the new one, and. I've also tried to follow the suggestion
here, to no avail.
In the /var/log/sogo/sogo.log file I get:
Jan 31 09:40:41 sogod [13184]: <0x0x561c14f67ce0[LDAPSource]> <NSException: 0x561c155e19b0> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "cn=direzione di agape,cn=users,dc=ufficio,dc=lan"; }
Jan 31 09:40:41 sogod [13184]: SOGoRootPage Login from '192.168.1.253' for user 'direzione' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
Jan 31 09:40:41 sogod [13184]: 192.168.1.253 "POST /SOGo/connect HTTP/1.1" 403 34/64 0.028 - - 0
Here is what I believe is the relevant part of my current sogo.conf (the one that worked in the old version):
/* LDAP authentication */
SOGoUserSources = (
{
type = ldap;
id = sambaLogin;
displayName = "SambaLogin";
canAuthenticate = YES;
CNFieldName = cn;
IDFieldName = cn;
UIDFieldName = sAMAccountName;
hostname = "ldap://127.0.0.1";
baseDN = "DC=ufficio,DC=lan";
bindDN = "CN=zentyal-mail-barth,CN=Users,DC=ufficio,DC=lan";
bindPassword = "mWaByi97SfgLAWZQ49GS";
bindFields = (sAMAccountName, mail);
filter = "(mail='*')";
MailFieldNames = (mail, otherMailbox);
},
{
type = ldap;
id = sambaShared;
displayName = "Shared Addressbook";
canAuthenticate = NO;
isAddressBook = YES;
CNFieldName = cn;
IDFieldName = mail;
UIDFieldName = mail;
hostname = "ldap://127.0.0.1";
baseDN = "DC=ufficio,DC=lan";
bindDN = "CN=zentyal-mail-barth,CN=Users,DC=ufficio,DC=lan";
bindPassword = "mWaByi97SfgLAWZQ49GS";
filter = "((NOT isCriticalSystemObject='TRUE') AND (mail=\'*\') AND (NOT objectClass=contact))";
MailFieldNames = (mail, otherMailbox);
},
{
type = ldap;
id = sambaContacts;
displayName = "Shared Contacts";
canAuthenticate = NO;
isAddressBook = YES;
CNFieldName = cn;
IDFieldName = mail;
UIDFieldName = mail;
hostname = "ldap://127.0.0.1";
baseDN = "DC=ufficio,DC=lan";
bindDN = "CN=zentyal-mail-barth,CN=Users,DC=ufficio,DC=lan";
bindPassword = "mWaByi09SfgLAWZQ49GS";
filter = "((((objectClass=person) AND (objectClass=contact) AND ((uidNumber>=2000) OR (mail=\'*\'))) AND (NOT isCriticalSystemObject='TRUE') AND (NOT showInAdvancedViewOnly='TRUE') AND (NOT uid=Guest)) OR (((objectClass=group) AND (gidNumber>=2000)) AND (NOT isCriticalSystemObject='TRUE') AND (NOT showInAdvancedViewOnly='TRUE')))";
mapping = {
displayname = ("cn");
};
MailFieldNames = (mail, otherMailbox);
}
);
/* Web Interface */
SOGoPageTitle = "Zentyal Webmail";
SOGoVacationEnabled = NO;
SOGoForwardEnabled = YES;
SOGoSieveScriptsEnabled = YES;
Can you help me spot the problem?