Scalable OGo (SOGo)

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004192SOGoWeb Calendarpublic2017-06-10 02:512017-06-19 07:43
Reportert.oldenbuerger 
Assigned Toludovic 
PrioritynormalSeveritymajorReproducibilityalways
StatusfeedbackResolutionreopened 
Platform[Server] LinuxOSRHEL/CentOSOS Version7
Product Version3.2.9 
Target VersionFixed in Version 
Summary0004192: LDAP SoGo Multi Domain
DescriptionIn SOGo Calendar, if a user wants to add a shared calendar/folder,
ALL users from different domains are shown in the dialog. We installed a test environment with SQL Backend: The issue did not happen, a user can only search for other users from it's domain. We then installed another
instance with LDAP backend, and had the issue: a user sees every other user in the
search dialog. The user cannot access the calendar, but can see every mail address from other domains of that mailserver,
which is not acceptable in LDAP multi domain installation.
Steps To ReproduceReproduce:
- Login into SOGO as user1@domain1.com
- Select calendar
- Select "Subscription (+)"
- Type at least 3 characters from another existing domain: ain2
Result:
- A list of all users from dom"ain2" is shown in the dialog.
- If a user like "main2@domain1.com" exists, it is also shown.
Expected result:
- Only a user like "main2@domain1.com" shall be shown in the dialog.
- No user from a domain containing the search string should be shown.
Note:
- The SQL installation shows the expected result, only the LDAP installation does not show the
expected result.
Additional InformationData source is a iRedMail-LDAP or iRedMail-SQL in PRO Version.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
User avatar (0011918)
Christian Mack (developer)
2017-06-12 07:31

Please show your sogo.conf.
(0011920)
t.oldenbuerger (reporter)
2017-06-12 07:41

Default configuration from iRedAdmin, most standard comments stripped for size.


{
    WOPort = 127.0.0.1:20000;
    LDAPDebugEnabled = YES;
    WOWorkersCount = 40;
    SOGoMaximumPingInterval = 3540;
    SOGoMaximumSyncInterval = 3540;
    SOGoInternalSyncInterval = 30;
    WOWatchDogRequestTimeout = 60;
    SOGoMaximumSyncWindowSize = 100;
    SOGoMaximumSyncResponseSize = 2048;
    SxVMemLimit = 1024;
    SOGoProfileURL = "mysql://sogo:<redacted>@127.0.0.1:3306/sogo/sogo_user_profile";
    OCSFolderInfoURL = "mysql://sogo:<redacted>@127.0.0.1:3306/sogo/sogo_folder_info";
    OCSSessionsFolderURL = "mysql://sogo:<redacted>@127.0.0.1:3306/sogo/sogo_sessions_folder";
    OCSEMailAlarmsFolderURL = "mysql://sogo:<redacted>@127.0.0.1:3306/sogo/sogo_alarms_folder";

    SOGoLanguage = English;
    SOGoLoginModule = Mail;
    SOGoForceExternalLoginWithEmail = YES;
    SOGoMailCustomFromEnabled = YES;
    SOGoEnableEMailAlarms = YES;
    SOGoPageTitle = Mail;
    SOGoIMAPServer = "imap://127.0.0.1:143/";
    SOGoSMTPServer = 127.0.0.1;
    SOGoMailingMechanism = smtp;
    SOGoSieveServer = sieve://127.0.0.1:4190;
    SOGoSieveScriptsEnabled = YES;
    SOGoVacationEnabled = YES;
    SOGoForwardEnabled = YES;
    SOGoSieveFolderEncoding = UTF-8;
    SOGoMemcachedHost = 127.0.0.1;
    SOGoTimeZone = "Europe/Zurich";
    SOGoFirstDayOfWeek = 1;
    SOGoRefreshViewCheck = every_5_minutes;
    SOGoMailReplyPlacement = below;
    SOGoAppointmentSendEMailNotifications = YES;
    SOGoFoldersSendEMailNotifications = YES;
    SOGoACLsSendEMailNotifications = YES;
    SOGoPasswordChangeEnabled = YES;

    // Authentication using SQL
    /* SQL backend
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = "mysql://sogo:<redacted>@127.0.0.1:3306/sogo/users";
            canAuthenticate = YES;
            userPasswordAlgorithm = ssha;
            prependPasswordScheme = YES;
            isAddressBook = NO;
            displayName = "Domain Address Book";
            SOGoEnableDomainBasedUID = YES;
            DomainFieldName = "domain";
        }
    );
    SQL backend */

    // Authentication using LDAP
    
    SOGoUserSources = (
        {
            type = ldap;
            hostname = "ldap://127.0.0.1:389";
            baseDN = "o=domains,dc=server1,dc=organisation,dc=com";
            //bindAsCurrentUser = YES;
            bindDN = "cn=vmailadmin,dc=server1,dc=organisation,dc=com";
            bindPassword = "<redacted>";
            filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
            scope = SUB;
            userPasswordAlgorithm = ssha;

            IDFieldName = mail;
            bindFields = (mail);
            CNFieldName = cn;
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
            canAuthenticate = YES;
            displayName = "Global Address Book";
            id = ldap_auth;
            isAddressBook = NO;
        }
    );
    
}
User avatar (0011963)
ludovic (administrator)
2017-06-16 11:22

That is normal - DomainFieldName is for SQL sources *only*.

For LDAP sources, correctly define *domains* in SOGo.conf and set a SOGoUserSources per domain.
(0011989)
t.oldenbuerger (reporter)
2017-06-19 06:33

The LDAP is our repository for all customer domains. This would mean I would have to add every domain (about 20 at the moment) into that configuration file. Is there a limit for SOGoUserSources and how does it impact performance?

After inserting two SOGoUserSources entries on the test system, ldap debug showed that all UserSources where queried regardless of the domain field, and again all emails were shown. So even when entered manually as described in https://sogo.nu/files/docs/SOGoInstallationGuide.html#_multi_domains_configuration [^] the issue remains.
User avatar (0011990)
Christian Mack (developer)
2017-06-19 07:43

There is no limit in SOGo for the number of domains usable.
If your LDAp can handle it, there is no performance impact.

Did you set "SOGoEnableDomainBasedUID = YES;" ?

What have you set in SOGoDomainsVisibility ?

- Issue History
Date Modified Username Field Change
2017-06-10 02:51 t.oldenbuerger New Issue
2017-06-12 07:31 Christian Mack Note Added: 0011918
2017-06-12 07:41 t.oldenbuerger Note Added: 0011920
2017-06-16 11:22 ludovic Note Added: 0011963
2017-06-16 11:22 ludovic Status new => closed
2017-06-16 11:22 ludovic Assigned To => ludovic
2017-06-16 11:22 ludovic Resolution open => no change required
2017-06-19 06:33 t.oldenbuerger Note Added: 0011989
2017-06-19 06:33 t.oldenbuerger Status closed => feedback
2017-06-19 06:33 t.oldenbuerger Resolution no change required => reopened
2017-06-19 07:43 Christian Mack Note Added: 0011990


Copyright © 2000 - 2017 MantisBT Team
Powered by Mantis Bugtracker