ZhangHuangbin wrote:So the group informations are stored in AD, right? How did you configure SOGo to query AD in its config file (/etc/sogo/sogo.conf)? Did you configure the LDAP address book with proper ldap filter and return results?
Hi Zhang!
Thank you for the fast reply. I'm sorry, but I don't think that my AD configuration has anything to do with it, once it works if a different route is taken inside SOGo (as I've mentioned above) - the bind source and filter are the same. It looks like more a SOGo issue, it's just that I'd like to know if you have any tips or someone has already gone through this.
Anyway, here goes my /etc/sogo/sogo.conf:
{
//
// - Official SOGo document: http://sogo.nu/support/index.html#/documentation
// - Mailing list: http://sogo.nu/support/index.html#/community
//
// Daemon address and port
WOPort = 127.0.0.1:20000;
// PID file
//WOPidFile = /var/run/sogo/sogo.pid;
// Log file
//WOLogFile = /var/log/sogo/sogo.log;
// Enable verbose logging. Reference:
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
//SOGoDebugRequests = YES;
//SOGoEASDebugEnabled = YES;
//ImapDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//PGDebugEnabled = YES;
// set the maximum allowed size for content being sent to SOGo, this can
// also limit the file attachment size being uploaded to SOGo when
// composing a mail. Default is 0 or disabled (unlimit).
// The value is in kilobyte.
//WOMaxUploadSize = 0;
// Define the URL to online help for SOGo. When set, an additional icon
// will appear near the logout button in SOGo's web interface. The URL
// will always be open in a blank target.
//SOGoHelpURL = '';
// Performance Tuning
//
// The amount of instances of SOGo that will be spawned to handle multiple
// requests simultaneously. When started from the init script, that amount
// is overriden by the `PREFORK=` setting in /etc/sysconfig/sogo or
// /etc/default/sogo. A value of 3 is a reasonable default for low usage.
// The maximum value depends on the CPU and IO power provided by your
// machine: a value set too high will actually decrease performances under
// high load.
//
// You should have at least one child per EAS device configured to use
// "push". You must also have more children than you have EAS devices
// configured to use "push" - in order to handle normal SOGo requests to
// its Web or DAV interfaces.
//
// Defaults to 1 when unset, increase it if you see below error message in
// sogo log file: 'No child available to handle incoming request'
//
// WARNING:
// - on RHEL/CentOS, this setting is controlled by parameter
// 'PREFORK=' defined in /etc/default/sogo.
// - on Debian/Ubuntu, this setting is controlled by parameter
// 'PREFORK=' defined in /etc/default/sogo.
WOWorkersCount = 10;
// Parameter used to set the maximum amount of time, in seconds, SOGo will
// wait before replying to a Ping command.
// If not set, it defaults to 10 seconds.
SOGoMaximumPingInterval = 3540;
// Parameter used to set the maximum amount of time, in seconds, SOGo will
// wait before replying to a Sync command.
// If not set, it defaults to 30 seconds.
SOGoMaximumSyncInterval = 3540;
// Parameter used to set the maximum amount of time, in seconds, SOGo will
// wait before doing an internal check for data changes (add, delete, and
// update). This parameter must be lower than SOGoMaximumSyncInterval and
// SOGoMaximumPingInterval.
// If not set, it defaults to 10 seconds.
SOGoInternalSyncInterval = 30;
// Specifies the number of minutes after which a busy child process will be
// killed by the parent process.
// Defaults to 10 (minutes).
WOWatchDogRequestTimeout = 60;
// Overwrite the maximum number of items returned during a Sync operation.
// Defaults to 0, which means no overwrite is performed.
// Setting this parameter to a value greater than 512 will have unexpected
// behaviour with various ActiveSync clients.
SOGoMaximumSyncWindowSize = 100;
// Overwrite the maximum response size during a Sync operation.
// The value is in kilobytes. Setting this to 512 means the response size
// will be of 524288 bytes or less (or a bit greater if needed for syncing
// one item). Note that if you set the value too low and a mail message
// (or any other object like calendar events, tasks and contacts) surpasses
// it, it will still be synced but only this item will be.
// Defaults to 0, which means no overwrite is performed.
//
// Say you have these five mails and you set the limit to 512KB:
// 1. 250 KB
// 2. 250 KB
// 3. 25 KB
// 4. 750 KB
// 5. 10 KB
// Sync iteration no. 1 will pick message 1, 2 and 3.
// Sync iteration no. 2 will pick message 4.
// Sync iteration no. 3 will pick message 5.
SOGoMaximumSyncResponseSize = 2048;
// The maximum amount of memory (in megabytes) that a child can use.
// Reaching that value will force children processes to restart, in order
// to preserve system memory.
//
// Error message when it reaches the value:
// "terminating app, vMem size limit (xxx MB) has been reached (currently xxx MB)"
//
// Defaults to 384.
//SxVMemLimit = 1024;
// IMAP connection pool.
// Your performance will slightly increase, as you won't open a new
// connection for every access to your IMAP server.
// But you will get a lot of simultaneous open connections to your IMAP
// server, so make sure he can handle them.
// For debugging it is reasonable to turn pooling off.
//NGImap4DisableIMAP4Pooling = NO;
SOGoProfileURL = "mysql://sogo:fLjV3CnLaiNLKPXRFJ9owi6qAEMfUC@127.0.0.1:3306/sogo/sogo_user_profile";
OCSFolderInfoURL = "mysql://sogo:fLjV3CnLaiNLKPXRFJ9owi6qAEMfUC@127.0.0.1:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo:fLjV3CnLaiNLKPXRFJ9owi6qAEMfUC@127.0.0.1:3306/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL = "mysql://sogo:fLjV3CnLaiNLKPXRFJ9owi6qAEMfUC@127.0.0.1:3306/sogo/sogo_alarms_folder";
// Default language in the web interface
SOGoLanguage = English;
// Specify which module to show after login: Calendar, Mail, Contacts.
SOGoLoginModule = Mail;
// Must login with full email address
SOGoForceExternalLoginWithEmail = YES;
// Allow user to change full name and email address.
SOGoMailCustomFromEnabled = YES;
// Enable email-based alarms on events and tasks.
SOGoEnableEMailAlarms = YES;
// IMAP server
//SOGoIMAPServer = "imaps://127.0.0.1:143/?tls=YES";
// Local connection is considered as secure by Dovecot.
SOGoIMAPServer = "imap://127.0.0.1:143/";
// Allow user to add other IMAP accounts that will be visible from the SOGo
// Webmail interface.
// Default is NO.
//SOGoMailAuxiliaryUserAccountsEnabled = YES;
// SMTP server
SOGoSMTPServer = 127.0.0.1;
SOGoMailingMechanism = smtp;
//SOGoSMTPAuthenticationType = PLAIN;
// Enable managesieve service
//
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
// webmail, don't use sieve service in both webmails, otherwise
// it will be messy.
//
//SOGoSieveServer = sieve://127.0.0.1:4190;
//SOGoSieveScriptsEnabled = YES;
//SOGoVacationEnabled = YES;
//SOGoForwardEnabled = YES;
SOGoSieveFolderEncoding = UTF-8;
// Memcached
SOGoMemcachedHost = 127.0.0.1;
// Parameter used to set which usernames require administrative privileges
// over all the users tables. For example, this could be used to post
// events in the users calendar without requiring the user to configure
// his/her ACLs. In this case you will need to specify those superuser's
// usernames like this :
// SOGoSuperUsernames = (<username1>[,<username2>, ...]);
//SOGoSuperUsernames = ();
SOGoTimeZone = "America/Sao_Paulo";
SOGoFirstDayOfWeek = 1;
SOGoRefreshViewCheck = every_5_minutes;
SOGoMailReplyPlacement = below;
SOGoAppointmentSendEMailNotifications = YES;
SOGoFoldersSendEMailNotifications = YES;
SOGoACLsSendEMailNotifications = YES;
// NOTE: PostgreSQL cannot update view in iRedMail
//SOGoPasswordChangeEnabled = YES;
//SOGoExternalAvatarsEnabled = YES;
SOGoSearchMinimumWordLength = 1;
// Authentication using SQL
/* SQL backend
SOGoUserSources = (
{
type = sql;
id = users;
viewURL = "mysql://sogo:FCEqYNGBPniSFkRntMx8mIpI6UKapl@127.0.0.1:3306/sogo/users";
canAuthenticate = YES;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha;
prependPasswordScheme = YES;
// Use `vmail.mailbox` as per-domain address book.
isAddressBook = YES;
displayName = "Domain Address Book";
SOGoEnableDomainBasedUID = YES;
DomainFieldName = "domain";
},
//{
// displayName = "Global Address Book";
// type = sql;
// id = global_address_book;
// viewURL = "mysql://sogo:HCEqYNGBPniSFkRntMx8mIpI6UKapl@127.0.0.1:3306/sogo/users";
// canAuthenticate = NO;
// isAddressBook = YES;
//}
);
SQL backend */
// Authentication using LDAP
SOGoUserSources = (
{
type = ldap;
hostname = "ldap://windows2003.mydomain.com.br";
baseDN = "CN=users,DC=mydomain,DC=com,DC=br";
//bindAsCurrentUser = YES;
bindDN = "win2003user@mydomin.com.br";
bindPassword = "win2003user_password";
filter = "((memberOf='CN=group_containg_only_users,CN=Users,DC=mydomain,DC=com,DC=br' AND NOT useraccountcontrol:1.2.840.113556.1.4.803:='2') OR (memberOf='CN=group_containing_only_groups,CN=Users,DC=mydomain,DC=com,DC=br'))";
scope = SUB;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = plain;
IDFieldName = cn;
bindFields = (sAMAccountName);
CNFieldName = cn;
// value of UID field must be unique on whole server.
UIDFieldName = sAMAccountName;
IMAPLoginFieldName = mail;
SearchFieldNames = (cn, sn, displayName, mail, otherMailAddress, name);
canAuthenticate = YES;
displayName = "Catálogo Global";
id = directory;
isAddressBook = YES;
}
);
}
Cheers 
- this mailing list system is horrible. Please, don't get me wrong, SOGo is really good and a very powerful tool to use in a corporate environment, and to add to all this: it is free. I'm very grateful to the developers! And I know that SOGo has other developers. But support must be something very accessible and easy to use, a forum like you have here is the most efficient way to do it. Free or paid, support is a sensitive part of the package as a whole.