1 (edited by Sysadminfromhell 2022-03-09 19:41:24)

Topic: SOGo login wont work after Login (LDAP Backend)

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.1 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer? Yes
- Linux/BSD distribution name and version: Debian 11 (Kernel: 5.10.0-11 (5.10.92-2)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No, phpLDAPadmin (1.2.6.3)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Cat /etc/sogo/sogo.conf (didnt change a thing except higher logging for this issue):

{
    //
    //  - Official SOGo document: http://sogo.nu/support/index.html#/documentation
    //  - Mailing list: http://sogo.nu/support/index.html#/community
    //

    // Daemon address and port
    WOPort = 127.0.0.1:20000;

    // PID file
    //WOPidFile = /var/run/sogo/sogo.pid;

    // Log file
    WOLogFile = /var/log/sogo/sogo.log;

    // Enable verbose logging. Reference:
    // http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
    SOGoDebugRequests = YES;
    //SOGoEASDebugEnabled = YES;
    //ImapDebugEnabled = YES;
    LDAPDebugEnabled = YES;
    //MySQL4DebugEnabled = YES;
    //PGDebugEnabled = YES;

    // Define the URL to online help for SOGo. When set, an additional icon
    // will appear near the logout button in SOGo's web interface. The URL
    // will always be open in a blank target.
    //SOGoHelpURL = '';

    // set the maximum allowed size for content being sent to SOGo, this can
    // also limit the file attachment size being uploaded to SOGo when
    // composing a mail.
    // The value is in kilobyte. Default is 0 or disabled (unlimit).
    WOMaxUploadSize = 15360;

    // Parameter used to set the maximum allowed email message size when
    // composing a mail.
    // The value is in kilobytes. By default, the value is 0, or disabled so
    // no limit will be set.
    SOGoMaximumMessageSizeLimit = 15360;

    // Performance Tuning
    //
    // The amount of instances of SOGo that will be spawned to handle multiple
    // requests simultaneously. When started from the init script, that amount
    // is overriden by the `PREFORK=` setting in /etc/sysconfig/sogo or
    // /etc/default/sogo. A value of 3 is a reasonable default for low usage.
    // The maximum value depends on the CPU and IO power provided by your
    // machine: a value set too high will actually decrease performances under
    // high load.
    //
    // You should have at least one child per EAS device configured to use
    // "push". You must also have more children than you have EAS devices
    // configured to use "push" - in order to handle normal SOGo requests to
    // its Web or DAV interfaces.
    //
    // Defaults to 1 when unset, increase it if you see below error message in
    // sogo log file: 'No child available to handle incoming request'
    //
    // WARNING:
    //      - on RHEL/CentOS, this setting is controlled by parameter
    //        'PREFORK=' defined in /etc/sysconfig/sogo.
    //      - on Debian/Ubuntu, this setting is controlled by parameter
    //        'PREFORK=' defined in /etc/default/sogo.
    WOWorkersCount = 10;

    // Parameter used to set the maximum amount of time, in seconds, SOGo will
    // wait before replying to a Ping command.
    // If not set, it defaults to 10 seconds.
    SOGoMaximumPingInterval = 3540;

    // Parameter used to set the maximum amount of time, in seconds, SOGo will
    // wait before replying to a Sync command.
    // If not set, it defaults to 30 seconds.
    SOGoMaximumSyncInterval = 3540;

    // Parameter used to set the maximum amount of time, in seconds, SOGo will
    // wait before doing an internal check for data changes (add, delete, and
    // update). This parameter must be lower than SOGoMaximumSyncInterval and
    // SOGoMaximumPingInterval.
    // If not set, it defaults to 10 seconds.
    SOGoInternalSyncInterval = 30;

    // Specifies the number of minutes after which a busy child process will be
    // killed by the parent process.
    // Defaults to 10 (minutes).
    WOWatchDogRequestTimeout = 61;

    // Overwrite the maximum number of items returned during a Sync operation.
    // Defaults to 0, which means no overwrite is performed.
    // Setting this parameter to a value greater than 512 will have unexpected
    // behaviour with various ActiveSync clients.
    //SOGoMaximumSyncWindowSize = 100;

    // Overwrite the maximum response size during a Sync operation.
    // The value is in kilobytes. Setting this to 512 means the response size
    // will be of 524288 bytes or less (or a bit greater if needed for syncing
    // one item). Note that if you set the value too low and a mail message
    // (or any other object like calendar events, tasks and contacts) surpasses
    // it, it will still be synced but only this item will be.
    // Defaults to 0, which means no overwrite is performed.
    //
    // Say you have these five mails and you set the limit to 512KB:
    //  1.  250 KB
    //  2.  250 KB
    //  3.   25 KB
    //  4.  750 KB
    //  5.   10 KB
    // Sync iteration no. 1 will pick message 1, 2 and 3.
    // Sync iteration no. 2 will pick message 4.
    // Sync iteration no. 3 will pick message 5.
    SOGoMaximumSyncResponseSize = 2048;

    // The maximum amount of memory (in megabytes) that a child can use.
    // Reaching that value will force children processes to restart, in order
    // to preserve system memory.
    //
    // Error message when it reaches the value:
    // "terminating app, vMem size limit (xxx MB) has been reached (currently xxx MB)"
    //
    // Defaults to 384.
    SxVMemLimit = 500;

    // Enable XSRF (also known as CSRF) protection.
    SOGoXSRFValidationEnabled = YES;

    // IMAP connection pool.
    // Your performance will slightly increase, as you won't open a new
    // connection for every access to your IMAP server.
    // But you will get a lot of simultaneous open connections to your IMAP
    // server, so make sure he can handle them.
    // For debugging it is reasonable to turn pooling off.
    NGImap4DisableIMAP4Pooling = NO;

    SOGoProfileURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_user_profile";
    OCSFolderInfoURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_folder_info";
    OCSSessionsFolderURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_sessions_folder";
    OCSEMailAlarmsFolderURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_alarms_folder";

    // With 3 parameters below, SOGo requires only 9 SQL tables in total
    // instead of creating 4 SQL tables for each user.
    OCSCacheFolderURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_cache_folder";
    OCSStoreURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_store";
    OCSAclURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_acl";

    // Default language in the web interface
    SOGoLanguage = English;

    // Specify which module to show after login: Calendar, Mail, Contacts.
    SOGoLoginModule = Mail;

    // Must login with full email address
    SOGoForceExternalLoginWithEmail = YES;

    // Allow user to change full name and email address.
    SOGoMailCustomFromEnabled = NO;

    // IMAP server
    // Local connection is considered as secure by Dovecot, so 'imap://' is fine.
    // With remote IMAP server, use 'imaps://127.0.0.1:143/?tls=YES' instead;
    SOGoIMAPServer = "imap://127.0.0.1:143/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";

    // Allow user to add other IMAP accounts that will be visible from the SOGo
    // Webmail interface.
    // Default is NO.
    //SOGoMailAuxiliaryUserAccountsEnabled = YES;

    // SMTP server
    SOGoSMTPServer = "smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
    SOGoMailingMechanism = smtp;
    SOGoSMTPAuthenticationType = PLAIN;

    // Enable managesieve service
    //
    // WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
    //          webmail, don't use sieve service in both webmails, otherwise
    //          it will be messy.
    //          FYI: https://docs.iredmail.org/why.no.sieve.support.in.sogo.html
    //
    //SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
    //SOGoSieveScriptsEnabled = YES;
    //SOGoVacationEnabled = YES;
    //SOGoForwardEnabled = YES;
    SOGoSieveFolderEncoding = UTF-8;

    // Memcached
    SOGoMemcachedHost = 127.0.0.1;

    // Parameter used to set which usernames require administrative privileges
    // over all the users tables. For example, this could be used to post
    // events in the users calendar without requiring the user to configure
    // his/her ACLs. In this case you will need to specify those superuser's
    // usernames like this :
    // SOGoSuperUsernames = (<username1>[,<username2>, ...]);
    //SOGoSuperUsernames = ();

    SOGoTimeZone = "America/New_York";

    SOGoFirstDayOfWeek = 1;

    SOGoRefreshViewCheck = every_5_minutes;
    SOGoMailReplyPlacement = below;

    // Disable gravatar
    SOGoExternalAvatarsEnabled = NO;
    SOGoGravatarEnabled = NO;

    // Control WebDAV access to the Calendar / Contacts collections.
    // This can be used to deny access to these resources from Thunderbird
    // Lightning for example.
    // Defaults to YES when unset.
    //SOGoCalendarDAVAccessEnabled = NO;
    //SOGoAddressBookDAVAccessEnabled = NO;

    // Allow users to share publicly (ie., requiring not authentication) their
    // calendars and address books.
    // Defaults to NO when unset.
    //SOGoEnablePublicAccess = YES;

    //
    // Notifications
    //
    // Enable email-based alarms on events and tasks.
    SOGoEnableEMailAlarms = YES;

    // Notify meeting participants
    SOGoAppointmentSendEMailNotifications = YES;

    // Notify if a calendar or an address book has been created.
    SOGoFoldersSendEMailNotifications = NO;

    // Notify involved users of a calendar or address book's ACLs.
    SOGoACLsSendEMailNotifications = YES;

    // Notify when a modification is being done to his/her own calendar by someone else.
    SOGoNotifyOnExternalModifications = YES;

    // NOTE: PostgreSQL cannot update view in iRedMail
    SOGoPasswordChangeEnabled = YES;

    // Authentication using SQL
    /* SQL backend
    SOGoUserSources = (
        {
            type = sql;
            id = users;
            viewURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/users";
            canAuthenticate = YES;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha512;
            prependPasswordScheme = YES;

            // Use `vmail.mailbox` as per-domain address book.
            isAddressBook = YES;
            displayName = "Domain Address Book";
            SOGoEnableDomainBasedUID = YES;
            DomainFieldName = "domain";

            // Listing of this LDAP source is only possible when performing a
            // search (respecting the SOGoSearchMinimumWordLength parameter)
            // or when explicitely typing a single dot.
            // Defaults to YES when unset.
            //
            // WARNING: if you have many accounts in this address book, it may
            //          reach server-side query size limit, or cause
            //          performance issue.
            listRequiresDot = NO;

            ModulesConstraints = {
                Mail = { c_webmail = y; };
                Calendar = { c_calendar = y; };
                ActiveSync = { c_activesync = y; };
            };
        },

        //{
        //    displayName = "Global Address Book";
        //    type = sql;
        //    id = global_address_book;
        //    viewURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/users";
        //    canAuthenticate = NO;
        //    isAddressBook = YES;
        //    listRequiresDot = NO;
        //    SOGoEnableDomainBasedUID = YES;
        //    DomainFieldName = "domain";
        //},

        // Display mailing aliases in address book.
        // You need to create SQL view 'sogo.aliases' first.
        //
        // For MySQL:
        //
        //  CREATE VIEW sogo.aliases (c_uid, c_name, c_password, c_cn, mail, domain)
        //          AS SELECT address, name, '', name, address, domain
        //          FROM vmail.alias WHERE active=1;
        //
        //{
        //    displayName = "Mailing Lists";
        //    type = sql;
        //    id = aliases;
        //    viewURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/aliases";
        //    canAuthenticate = NO;
        //    isAddressBook = YES;
        //    listRequiresDot = NO;
        //    SOGoEnableDomainBasedUID = YES;
        //    DomainFieldName = "domain";
        //},
    );
    SQL backend */

    // Authentication using LDAP

    SOGoUserSources = (
        {
            // Used for user authentication
            type = ldap;
            id = users;
            canAuthenticate = YES;
            isAddressBook = NO;
            displayName = "LDAP Authentication";

            hostname = "ldap://127.0.0.1:389";
            baseDN = "domainName=%d,o=domains,dc=mysecretdomain,dc=dev";
            bindDN = "cn=vmail,dc=mysecretdomain,dc=dev";
            bindPassword = "PRIVACYBLANK";
            filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
            scope = SUB;

            // always keep binding to the LDAP server using the DN of the
            // currently authenticated user. bindDN and bindPassword are still
            // required to find DN of the user.
            // Note: with default LDAP acl configured by iRedMail, user doesn't
            //       have privilege to query o=domains,dc=mysecretdomain,dc=dev.
            //       so this doesn't work.
            bindAsCurrentUser = YES;

            // The algorithm used for password encryption when changing
            // passwords without Password Policies enabled.
            // Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
            userPasswordAlgorithm = ssha512;

            CNFieldName = cn;
            IDFieldName = mail;
            // value of UIDFieldName must be unique on entire server
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;
            MailFieldNames = (mail);
            bindFields = (mail);

            ModulesConstraints = {
                Mail = { enabledService = sogowebmail; };
                Calendar = { enabledService = sogocalendar; };
                ActiveSync = { enabledService = sogoactivesync; };
            };
        },
        {
            // Used for global address book
            type = ldap;
            id = global_addressbook;
            canAuthenticate = NO;
            isAddressBook = YES;
            displayName = "Global Address Book";
            bindAsCurrentUser = YES;

            // Listing of this LDAP source is only possible when performing a
            // search (respecting the SOGoSearchMinimumWordLength parameter)
            // or when explicitely typing a single dot.
            // Defaults to YES when unset.
            //
            // WARNING: if you have many accounts in this address book, it may
            //          reach server-side query size limit, or cause
            //          performance issue.
            listRequiresDot = NO;

            hostname = "ldap://127.0.0.1:389";
            baseDN = "domainName=%d,o=domains,dc=mysecretdomain,dc=dev";
            bindDN = "cn=vmail,dc=mysecretdomain,dc=dev";
            bindPassword = "PRIVACYBLANK";
            filter = "((enabledService=mail AND accountStatus=active AND enabledService=displayedInGlobalAddressBook) AND ((objectClass=mailUser AND enabledService=sogo) OR (objectClass=mailList) OR (objectClass=mailAlias)))";
            scope = SUB;

            IDFieldName = mail;
            bindFields = (mail);
            // value of UID field must be unique on whole server.
            UIDFieldName = mail;
            IMAPLoginFieldName = mail;

            CNFieldName = cn;
            SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress, departmentNumber);

            // Resources management (Free/Busy)
            // Reference: https://docs.iredmail.org/sogo.manage.resources.html
            KindFieldName = "Kind";
            MultipleBookingsFieldName = "MultipleBookings";
        }
    );

}

When i try to login to SOGo i just get "Unhandled error" the log (/var/log/sogo/sogo.log) looks good for me:

Mar 09 06:10:14 sogod [3737]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
Mar 09 06:10:14 sogod [3737]: <0x0x556a24c80750[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
Mar 09 06:10:14 sogod [3737]: SOGoRootPage successful login from '141.88.234.2' for user 'xxx@mysecretdomain' - expire = -1  grace = -1
Mar 09 06:10:14 sogod [3737]: |SOGo| request took 0.009878 seconds to execute
Mar 09 06:10:14 sogod [3737]: 141.88.234.2 "POST /SOGo/connect HTTP/1.0" 200 55/113 0.012 - - 0 - 13

however the ngnix error logging this:

 
2022/03/09 12:10:14 [error] 984#984: *1403 upstream sent too big header while reading response header from upstream, client: x.x.x.x, server: _, request: "POST /SOGo/connect HTTP/2.0", upstream: "http://127.0.0.1:20000/SOGo/connect", host: "mail.mysecretdomain", referrer: "https://mail.mysecretdomain/SOGo/"

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SOGo login wont work after Login (LDAP Backend)

i could figure it out by doubling the Proxy Buffers:

location ^~ /SOGo {
    include /etc/nginx/templates/hsts.tmpl;

    proxy_pass http://127.0.0.1:20000;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;
    proxy_buffer_size 8k;
    proxy_buffers 8 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;

    # forward user's IP address
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

    # always use https
    proxy_set_header x-webobjects-server-port $server_port;
    proxy_set_header x-webobjects-server-name $host;
    proxy_set_header x-webobjects-server-url  https://$host;

    proxy_set_header x-webobjects-server-protocol HTTP/1.0;

    break;
}

3

Re: SOGo login wont work after Login (LDAP Backend)

Sysadminfromhell wrote:

i could figure it out by doubling the Proxy Buffers:

location ^~ /SOGo {
    include /etc/nginx/templates/hsts.tmpl;

    proxy_pass http://127.0.0.1:20000;

    proxy_connect_timeout 90;
    proxy_send_timeout 90;
    proxy_read_timeout 90;
    proxy_buffer_size 8k;
    proxy_buffers 8 64k;
    proxy_busy_buffers_size 128k;
    proxy_temp_file_write_size 128k;

    # forward user's IP address
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

    # always use https
    proxy_set_header x-webobjects-server-port $server_port;
    proxy_set_header x-webobjects-server-name $host;
    proxy_set_header x-webobjects-server-url  https://$host;

    proxy_set_header x-webobjects-server-protocol HTTP/1.0;

    break;
}

I've been having the same issue today, but increasing the proxy buffer size hasn't solved it for me (even after I went all the way to 256k).

Did you happen to run an update today? My current sogo version is showing as 5.5.1.20220309-1 and I'm wondering if there's a problem with the latest nightly build.

4

Re: SOGo login wont work after Login (LDAP Backend)

Hi.

We updated SOGO today.
The new version is sogo:amd64 5.5.1.20220309-1

We are getting this erro:

Mar 09 17:28:20 sogod [31033]: [ERROR] <0x0x55cbcfd39090[GCSSessionsFolder]> -[GCSSessionsFolder writeRecordForEntryWithID:value:creationDate:lastSeenDate:]: cannot write record: <MySQL4Exception: 0x55cbcfd4dfc0> NAME:ExecutionFailed REASON:Data too long for column 'c_value' at row 1

5

Re: SOGo login wont work after Login (LDAP Backend)

jorge wrote:

Mar 09 17:28:20 sogod [31033]: [ERROR] <0x0x55cbcfd39090[GCSSessionsFolder]> -[GCSSessionsFolder writeRecordForEntryWithID:value:creationDate:lastSeenDate:]: cannot write record: <MySQL4Exception: 0x55cbcfd4dfc0> NAME:ExecutionFailed REASON:Data too long for column 'c_value' at row 1

Same issue for me.
I did "apt upgrade" on virtual machine (without checkpoint, my fault) on Ubuntu 20.04. SOGo was upgraded from:

2022-03-10 08:52:45 upgrade sogo:amd64 5.2.0.20211005-1 5.5.1.20220309-1

And now some users (not all) cannot login in SOGo. Postmaster users also affected.
Any ideas?

6 (edited by mark.tamis 2022-03-10 17:50:39)

Re: SOGo login wont work after Login (LDAP Backend)

As a workaround, I changed the data type of c_value from varchar(255) to text in the sogo_sessions_folder table of my sogo mysql database, and am now able to log in correctly

hopefully sogo will address this in the next nightly

7

Re: SOGo login wont work after Login (LDAP Backend)

mark.tamis wrote:

As a workaround, I changed the data type of c_value from varchar(255) to text in the sogo_sessions_folder table of my sogo mysql database, and am now able to log in correctly

hopefully sogo will address this in the next nightly

For info, the length of the data written into the c_value field in my case is 1026 characters

8

Re: SOGo login wont work after Login (LDAP Backend)

mark.tamis wrote:

As a workaround, I changed the data type of c_value from varchar(255) to text in the sogo_sessions_folder table of my sogo mysql database, and am now able to log in correctly

hopefully sogo will address this in the next nightly



Hi, for us not worked

9

Re: SOGo login wont work after Login (LDAP Backend)

mark.tamis wrote:
mark.tamis wrote:

As a workaround, I changed the data type of c_value from varchar(255) to text in the sogo_sessions_folder table of my sogo mysql database, and am now able to log in correctly

hopefully sogo will address this in the next nightly

For info, the length of the data written into the c_value field in my case is 1026 characters

How did you get this figure? I've tried changing the c_value field to a blob and increasing the proxy buffer size and am still getting the same errors, would be helpful to have a way of figuring out just how much data sogo is trying to send.

10

Re: SOGo login wont work after Login (LDAP Backend)

Update for anyone facing the same issue: I was able to fix this by commenting out the following line in /etc/nginx/sites-enabled/00-default-ssl.conf:

    #include /etc/nginx/templates/sogo.tmpl;

This was loading default parameters for sogo in nginx, and since it was loaded after the main nginx.conf file those settings were taking precedence. Disabling the template allows the proxy settings in nginx.conf to take effect.

11

Re: SOGo login wont work after Login (LDAP Backend)

After changing from VARCHAR(255) to TEXT (clear the Length / Values field), I checked the length again and it's actually 3010 characters

SELECT c_id, length(c_value) FROM `sogo_sessions_folder`;

12

Re: SOGo login wont work after Login (LDAP Backend)

mark.tamis wrote:

As a workaround, I changed the data type of c_value from varchar(255) to text in the sogo_sessions_folder table of my sogo mysql database, and am now able to log in correctly

hopefully sogo will address this in the next nightly

They released a new nightly, but it was not fixed

13

Re: SOGo login wont work after Login (LDAP Backend)

I have been able to fix this issue with two changes:

1. The MySQL database. Change the column type of c_value:

mysql -u root
use sogo;
alter table sogo_sessions_folder modify column c_value text;

2. Change the Nginx proxy buffer size in Nginx:

Add these lines, right on the top of the file: /etc/nginx/templates/sogo.tmpl

proxy_busy_buffers_size   512k;
proxy_buffers             4 512k;
proxy_buffer_size         256k;

No clue why this has changed without any notification. But for me the length of the value of c_value increased to more than 3,000 characters and it simply didn't fit into the column.

14

Re: SOGo login wont work after Login (LDAP Backend)

rkl wrote:

I have been able to fix this issue with two changes:

1. The MySQL database. Change the column type of c_value:

mysql -u root
use sogo;
alter table sogo_sessions_folder modify column c_value text;

2. Change the Nginx proxy buffer size in Nginx:

Add these lines, right on the top of the file: /etc/nginx/templates/sogo.tmpl

proxy_busy_buffers_size   512k;
proxy_buffers             4 512k;
proxy_buffer_size         256k;

No clue why this has changed without any notification. But for me the length of the value of c_value increased to more than 3,000 characters and it simply didn't fit into the column.

rkl, thank you! That fixed it for me.

15

Re: SOGo login wont work after Login (LDAP Backend)

Thanks for sharing. We experienced same issue on few fresh iRedMail installations, and here's what we're going to add in Nginx in next iRedMail release (tested and works):

    proxy_busy_buffers_size   64k;
    proxy_buffers             8 64k;
    proxy_buffer_size         64k;

Note: Adding above 3 lines in `location ^~ /SOGo {` block should be enough, but iRedMail adds them in 3 `location` directives in /etc/nginx/templates/sogo.tmpl, you can find the details here:
https://github.com/iredmail/iRedMail/co … 02aefbb08f

FYI: https://www.sogo.nu/bugs/view.php?id=5491

16

Re: SOGo login wont work after Login (LDAP Backend)

ZhangHuangbin wrote:

Thanks for sharing. We experienced same issue on few fresh iRedMail installations, and here's what we're going to add in Nginx in next iRedMail release (tested and works):

    proxy_busy_buffers_size   64k;
    proxy_buffers             8 64k;
    proxy_buffer_size         64k;

Note: Adding above 3 lines in `location ^~ /SOGo {` block should be enough, but iRedMail adds them in 3 `location` directives in /etc/nginx/templates/sogo.tmpl, you can find the details here:
https://github.com/iredmail/iRedMail/co … 02aefbb08f

FYI: https://www.sogo.nu/bugs/view.php?id=5491

Do we just add those? Or add them and remove the following?

proxy_connect_timeout 3540;
proxy_send_timeout 3540;
proxy_read_timeout 3540;

Thanks.

Jack.

17

Re: SOGo login wont work after Login (LDAP Backend)

jackb wrote:

Do we just add those? Or add them and remove the following?

Just add them, do NOT remove existing parameters.

18

Re: SOGo login wont work after Login (LDAP Backend)

ZhangHuangbin wrote:
jackb wrote:

Do we just add those? Or add them and remove the following?

Just add them, do NOT remove existing parameters.


That's great, cheers. my configure shows as follows, Should i also remove it from this section?

[location ^~ /SOGo {
    include /etc/nginx/templates/hsts.tmpl;

    proxy_pass http://127.0.0.1:20000;

    # forward user's IP address
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;

    # always use https
    proxy_set_header x-webobjects-server-port $server_port;
    proxy_set_header x-webobjects-server-name $host;
    proxy_set_header x-webobjects-server-url  https://$host;

    proxy_set_header x-webobjects-server-protocol HTTP/1.0;

    proxy_busy_buffers_size   64k;
    proxy_buffers             8 64k;
    proxy_buffer_size         64k;
}

location ^~ /Microsoft-Server-ActiveSync {
    proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-S … ctiveSync;

    proxy_connect_timeout 3540;
    proxy_send_timeout 3540;
    proxy_read_timeout 3540;

    proxy_busy_buffers_size   64k;
    proxy_buffers             8 64k;
    proxy_buffer_size         64k;
}

location ^~ /SOGo/Microsoft-Server-ActiveSync {
    proxy_pass http://127.0.0.1:20000/SOGo/Microsoft-S … ctiveSync;

    proxy_connect_timeout 3540;
    proxy_send_timeout 3540;
    proxy_read_timeout 3540;

    proxy_busy_buffers_size   64k;
    proxy_buffers             8 64k;
    proxy_buffer_size         64k;
]