I asked stupidly. Better question: Did the major release change from
SOGo v4 to v5 include fundamental changes regarding authentication
agianst LDAP? For instance regarding the schema (new objectClasses or
attributeTypes required?) or the protocol for authentication (LDAPS now
required?).
Thank you!
Regards
Armin
############################################################################
Previous message:
Hi SOGo group!
Since SOGo upgrade from v4 to v5 on November 24th, 2021, password
changes conducted by SOGo GUI allegedly work, but they do not take
effect on the OpenLDAP DB. The error message in sogo.log is:
DateAndTime sogod [25326]: <0x0x55fb34e2a960[NGLdapConnection]> change
password - ldap_find_control call failed
DateAndTime sogod [25326]: <0x0x55fb3472f7a0[LDAPSource]> <NSException:
0x55fb34f5fee0> NAME:LDAPException REASON:operation bind failed: Invalid
credentials (0x31) INFO:{"error_code" = 49; login =
"[email protected],ou=users,domainname=mycompany.com,o=domains,dc=mycompany,dc=com";
}
DateAndTime sogod [25326]: 192.168.1.27 "POST /SOGo/so/changePassword
HTTP/1.0" 204 0/78 0.152 - - 392K - 20
In LDAP's log openldap.log I cannot identify any error message:
DateAndTime miniupdirm slapd[25316]: conn=1007 fd=14 ACCEPT from
IP=127.0.0.1:37330 (IP=0.0.0.0:389)
DateAndTime miniupdirm slapd[25316]: conn=1007 op=0 BIND
dn="cn=vmail,dc=mycompany,dc=com" method=128
DateAndTime miniupdirm slapd[25316]: conn=1007 op=0 BIND
dn="cn=vmail,dc=mycompany,dc=com" mech=SIMPLE ssf=0
DateAndTime miniupdirm slapd[25316]: conn=1007 op=0 RESULT tag=97 err=0
text=
DateAndTime miniupdirm slapd[25316]: conn=1007 op=1 SRCH
base="o=domains,dc=mycompany,dc=com" scope=2 deref=0
filter="(&([email protected])(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=sogo))"
DateAndTime miniupdirm slapd[25316]: conn=1007 op=1 SRCH attr=dn
DateAndTime miniupdirm slapd[25316]: conn=1007 op=1 SEARCH RESULT
tag=101 err=0 nentries=1 text=
DateAndTime miniupdirm slapd[25316]: conn=1008 fd=15 ACCEPT from
IP=127.0.0.1:37332 (IP=0.0.0.0:389)
DateAndTime miniupdirm slapd[25316]: conn=1008 op=0 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
DateAndTime miniupdirm slapd[25316]: conn=1008 op=0 SRCH
attr=supportedCapabilities
DateAndTime miniupdirm slapd[25316]: conn=1008 op=0 SEARCH RESULT
tag=101 err=0 nentries=0 text=
DateAndTime miniupdirm slapd[25316]: conn=1008 op=1 BIND
dn="cn=vmail,dc=mycompany,dc=com" method=128
DateAndTime miniupdirm slapd[25316]: conn=1008 op=1 BIND
dn="cn=vmail,dc=mycompany,dc=com" mech=SIMPLE ssf=0
DateAndTime miniupdirm slapd[25316]: conn=1008 op=1 RESULT tag=97 err=0
text=
DateAndTime miniupdirm slapd[25316]: conn=1008 op=2 EXT
oid=1.3.6.1.4.1.4203.1.11.1
DateAndTime miniupdirm slapd[25316]: conn=1008 op=2 PASSMOD
id="[email protected],ou=users,domainname=mycompany.com,o=domains,dc=mycompany,dc=com"
old new
DateAndTime miniupdirm slapd[25316]: conn=1008 op=2 RESULT oid= err=50 text=
DateAndTime miniupdirm slapd[25316]: conn=1008 op=3 BIND anonymous
mech=implicit ssf=0
DateAndTime miniupdirm slapd[25316]: conn=1008 op=3 BIND
dn="[email protected],ou=users,domainName=mycompany.com,o=domains,dc=mycompany,dc=com"
method=128
DateAndTime miniupdirm slapd[25316]: conn=1008 op=3 RESULT tag=97 err=49
text=
DateAndTime miniupdirm slapd[25316]: conn=1008 op=4 UNBIND
DateAndTime miniupdirm slapd[25316]: conn=1008 fd=15 closed
DateAndTime miniupdirm slapd[25316]: conn=1007 op=2 UNBIND
DateAndTime miniupdirm slapd[25316]: conn=1007 fd=14 closed
Any suggestion how to track it down further?
Thank you very much!
MfG
_______________________________________________________________
Armin
__________ Information from mm-lab IT security __________The message was
checked by ESET Mail Security.
--
[email protected]
https://inverse.ca/sogo/lists
