I have actually managed to make SOGo with LDAP backend authenticate without the domain part, but it is somehow buggy!
What I did was to add "uid" to "bindFields":
// Authentication using LDAP
SOGoUserSources = (
{
// Used for user authentication
type = ldap;
id = users;
canAuthenticate = YES;
isAddressBook = NO;
displayName = "LDAP Authentication";
hostname = "ldap://127.0.0.1:389";
baseDN = "domainName=%d,o=domains,dc=mydomain,dc=com";
bindDN = "cn=vmail,dc=mydomain,dc=com";
bindPassword = "xGdU6a0FtWrymbNm8ghFxrYFMuKvm9";
filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
scope = SUB;
// always keep binding to the LDAP server using the DN of the
// currently authenticated user. bindDN and bindPassword are still
// required to find DN of the user.
// Note: with default LDAP acl configured by iRedMail, user doesn't
// have privilege to query o=domains,dc=mydomain,dc=com.
// so this doesn't work.
bindAsCurrentUser = YES;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha512;
CNFieldName = cn;
IDFieldName = uid;
// value of UIDFieldName must be unique on entire server
UIDFieldName = uid;
IMAPLoginFieldName = uid;
MailFieldNames = (mail);
bindFields = (uid, mail);
}
However it only works after I try to login with the domain part, logout and then log back in without the domain part. The effect applies to all the users, so that only one login attempt for a single user with domain part unlocks the others to be able to login without domain part.
And this has to be done everytime when the sogo service or the server is restarted!
My hyposis is that this has somethig to do with the iRedmail LDAP structure...
This is the log from SOGo when I try logging in without the domain part:
SOGoRootPage Login from '1.2.3.4' for user 'abcd' might not have worked password "policy: 65535" "grace: -1" "expire: -1" "bound: 0"
