search

LukasK13 / ldap-mailcow

LDAP account synchronization and authentication for mailcow-dockerized
2 stars 0 forks source link

SoGo Login loop #2

Open theoneandonly-vector opened 3 years ago

theoneandonly-vector commented 3 years ago

Wehn I login using my user + pw It tells me "Welcome" but shows the login-panel right after.

docker-compose logs sogo-mailcow:

sogo-mailcow_1       | Feb 17 21:59:03 2b1007ba20af sogod [73]: SOGoRootPage successful login from '10.255.3.2' for user 'user.name@domain.tld' - expire = -1  grace = -1
sogo-mailcow_1       | Feb 17 21:59:03 2b1007ba20af sogod [73]: 10.255.3.2 "POST /SOGo/connect HTTP/1.0" 200 2/88 0.157 - - 0 - 13
sogo-mailcow_1       | Feb 17 21:59:04 2b1007ba20af 2021-02-17 21:59:04.960 sogod[73:73] Fatal LDAP error during ldap_search: Bad search filter
sogo-mailcow_1       | Feb 17 21:59:04 2b1007ba20af sogod [73]: <0x0x55a3cd5aa120[SOGoWebAuthenticator]> tried wrong password for user 't97E9JQ9A2PxQGTbP/EM488uQaqh8B7VIbvDH/DcWnzSDVQxcbI5p2ebg8CpyXZnKXxg9gk4Xs9/oR0KMt7LcOpQytOvN+1Yup5smozPH9nnZvHVb1NI1jfde9fdi9df98jZt7CK2RMcQ4mEl4qaRcB8f2JgdJgGmUHjql/oehGrZtPIOXudfj8idfj8idfj98dwZMcKUAJBmPYd65QExwJyZaOg=='!
theoneandonly-vector commented 3 years ago

even after adding my pull-request.. the only way I even get this message (and the welcome-screen)

sogo-mailcow_1       | Feb 17 21:59:03 2b1007ba20af sogod [73]: SOGoRootPage successful login from '10.255.3.2' for user 'user.name@domain.tld' - expire = -1  grace = -1

which results in a login-loop ( -> redirects me -> login again)

is when I set

- LDAP-MAILCOW_SOGO_LDAP_FILTER=objectClass='user' AND objectCategory='person'

any other value I tried results in this error:

sogo-mailcow_1       | Feb 18 17:12:56 bb4601772cef 2021-02-18 17:12:56.387 sogod[67:67] WARNING(+[EOQualifier(Parsing) qualifierWithQualifierFormat:]): unexpected chars at the end of the string(class=GSMutableString,len=118) '(uid='user.name@domain.tld') OR (mail='user.name@domain.tld') AND objectClass='user' AND mail='*' gg'
sogo-mailcow_1       | Feb 18 17:12:56 bb4601772cef 2021-02-18 17:12:56.387 sogod[67:67]   buf-length: 118
sogo-mailcow_1       | Feb 18 17:12:56 bb4601772cef 2021-02-18 17:12:56.387 sogod[67:67]   length:     116
sogo-mailcow_1       | Feb 18 17:12:56 bb4601772cef 2021-02-18 17:12:56.387 sogod[67:67]   char[length]: 'g' (103) 'gg'
sogo-mailcow_1       | Feb 18 17:12:56 bb4601772cef sogod [67]: <0x0x5588222adbf0[LDAPSource]> <NSException: 0x558822a33a30> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{"error_code" = 49; login = "cn=6bc6668d-8774-1188-977b-00c099993231,cn=operations,cn=domainupdates,cn=system,dc=domain,dc=tld"; }
sogo-mailcow_1       | Feb 18 17:12:56 bb4601772cef sogod [67]: SOGoRootPage Login from '10.255.3.2' for user 'user.name@domain.tld' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0
theoneandonly-vector commented 3 years ago

I now tried another filter with just another outcome.. Filter for SoGo:

(&(objectclass=user)(uid=*))

Outcome: It just doesn't try anymore

[ERROR] <0x0x5632ab640a50[SOGoUserManager]> No authentication sources defined - nobody will be able to login. Check your defaults.
sogo-mailcow_1       | Feb 18 17:05:13 bb4601772cef sogod [72]: SOGoRootPage Login from '10.255.3.2' for user 'user.name@domain.tld' might not have worked - password policy: 65535  grace: -1  expire: -1  bound: 0