Add GAL filter for SOGo

Issue #79 resolved
Johan Olsson
created an issue

Today if you remove enabledService=displayedInGlobalAddressBook in LDAP, the user will still be diplayed in the GAL in SOGo. To fix this, you need to update the sogo.conf for SOGoUSerSources to have one part for authentication and one part for address book.

In the authentication part, you need to change the four last rows to be the following: canAuthenticate = YES; displayName = "LDAP Auth"; id = ldap_auth; isAddressBook = NO;

In the address book part, you need to change the four last rows to be the following: canAuthenticate = NO; displayName = "Global Address Book"; id = ldap_addressbook; isAddressBook = YES; Also you need to change the filter to also contain enabledService=displayedInGlobalAddressBook in the address book part

Below is an example configuration of how it can look like (tested with SOGo 3.1.0): // Authentication using LDAP

SOGoUserSources = (
    {
        // Authentication
        type = ldap;
        hostname = "ldap://127.0.0.1:389";
        baseDN = "o=domains,dc=example,dc=com";
        //bindAsCurrentUser = YES;
        bindDN = "cn=vmailadmin,dc=example,dc=com";
        bindPassword = "secret";
        filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
        scope = SUB;

        // The algorithm used for password encryption when changing
        // passwords without Password Policies enabled.
        // Possible values are: plain, crypt, md5-crypt, ssha.
        userPasswordAlgorithm = ssha;

        IDFieldName = mail;
        bindFields = (mail);
        CNFieldName = cn;
        // value of UID field must be unique on whole server.
        UIDFieldName = mail;
        IMAPLoginFieldName = mail;
        SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
        canAuthenticate = YES;
        displayName = "LDAP Auth";
        id = ldap_auth;
        isAddressBook = NO;
    },
   {
        // Global Address Book
        type = ldap;
        hostname = "ldap://127.0.0.1:389";
        baseDN = "o=domains,dc=example,dc=com";
        //bindAsCurrentUser = YES;
        bindDN = "cn=vmailadmin,dc=example,dc=com";
        bindPassword = "secret";
        filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo AND enabledService=displayedInGlobalAddressBook";
        scope = SUB;

        // The algorithm used for password encryption when changing
        // passwords without Password Policies enabled.
        // Possible values are: plain, crypt, md5-crypt, ssha.
        userPasswordAlgorithm = ssha;

        IDFieldName = mail;
        bindFields = (mail);
        CNFieldName = cn;
        // value of UID field must be unique on whole server.
        UIDFieldName = mail;
        IMAPLoginFieldName = mail;
        SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress);
        canAuthenticate = NO;
        displayName = "Global Address Book";
        id = ldap_addressbook;
        isAddressBook = YES;
    }
);

Comments (1)

  1. Log in to comment