Topic: SOGo login wont work after Login (LDAP Backend)
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.1 OPENLDAP edition.
- Deployed with iRedMail Easy or the downloadable installer? Yes
- Linux/BSD distribution name and version: Debian 11 (Kernel: 5.10.0-11 (5.10.92-2)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No, phpLDAPadmin (1.2.6.3)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Cat /etc/sogo/sogo.conf (didnt change a thing except higher logging for this issue):
{
//
// - Official SOGo document: http://sogo.nu/support/index.html#/documentation
// - Mailing list: http://sogo.nu/support/index.html#/community
//
// Daemon address and port
WOPort = 127.0.0.1:20000;
// PID file
//WOPidFile = /var/run/sogo/sogo.pid;
// Log file
WOLogFile = /var/log/sogo/sogo.log;
// Enable verbose logging. Reference:
// http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html
SOGoDebugRequests = YES;
//SOGoEASDebugEnabled = YES;
//ImapDebugEnabled = YES;
LDAPDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//PGDebugEnabled = YES;
// Define the URL to online help for SOGo. When set, an additional icon
// will appear near the logout button in SOGo's web interface. The URL
// will always be open in a blank target.
//SOGoHelpURL = '';
// set the maximum allowed size for content being sent to SOGo, this can
// also limit the file attachment size being uploaded to SOGo when
// composing a mail.
// The value is in kilobyte. Default is 0 or disabled (unlimit).
WOMaxUploadSize = 15360;
// Parameter used to set the maximum allowed email message size when
// composing a mail.
// The value is in kilobytes. By default, the value is 0, or disabled so
// no limit will be set.
SOGoMaximumMessageSizeLimit = 15360;
// Performance Tuning
//
// The amount of instances of SOGo that will be spawned to handle multiple
// requests simultaneously. When started from the init script, that amount
// is overriden by the `PREFORK=` setting in /etc/sysconfig/sogo or
// /etc/default/sogo. A value of 3 is a reasonable default for low usage.
// The maximum value depends on the CPU and IO power provided by your
// machine: a value set too high will actually decrease performances under
// high load.
//
// You should have at least one child per EAS device configured to use
// "push". You must also have more children than you have EAS devices
// configured to use "push" - in order to handle normal SOGo requests to
// its Web or DAV interfaces.
//
// Defaults to 1 when unset, increase it if you see below error message in
// sogo log file: 'No child available to handle incoming request'
//
// WARNING:
// - on RHEL/CentOS, this setting is controlled by parameter
// 'PREFORK=' defined in /etc/sysconfig/sogo.
// - on Debian/Ubuntu, this setting is controlled by parameter
// 'PREFORK=' defined in /etc/default/sogo.
WOWorkersCount = 10;
// Parameter used to set the maximum amount of time, in seconds, SOGo will
// wait before replying to a Ping command.
// If not set, it defaults to 10 seconds.
SOGoMaximumPingInterval = 3540;
// Parameter used to set the maximum amount of time, in seconds, SOGo will
// wait before replying to a Sync command.
// If not set, it defaults to 30 seconds.
SOGoMaximumSyncInterval = 3540;
// Parameter used to set the maximum amount of time, in seconds, SOGo will
// wait before doing an internal check for data changes (add, delete, and
// update). This parameter must be lower than SOGoMaximumSyncInterval and
// SOGoMaximumPingInterval.
// If not set, it defaults to 10 seconds.
SOGoInternalSyncInterval = 30;
// Specifies the number of minutes after which a busy child process will be
// killed by the parent process.
// Defaults to 10 (minutes).
WOWatchDogRequestTimeout = 61;
// Overwrite the maximum number of items returned during a Sync operation.
// Defaults to 0, which means no overwrite is performed.
// Setting this parameter to a value greater than 512 will have unexpected
// behaviour with various ActiveSync clients.
//SOGoMaximumSyncWindowSize = 100;
// Overwrite the maximum response size during a Sync operation.
// The value is in kilobytes. Setting this to 512 means the response size
// will be of 524288 bytes or less (or a bit greater if needed for syncing
// one item). Note that if you set the value too low and a mail message
// (or any other object like calendar events, tasks and contacts) surpasses
// it, it will still be synced but only this item will be.
// Defaults to 0, which means no overwrite is performed.
//
// Say you have these five mails and you set the limit to 512KB:
// 1. 250 KB
// 2. 250 KB
// 3. 25 KB
// 4. 750 KB
// 5. 10 KB
// Sync iteration no. 1 will pick message 1, 2 and 3.
// Sync iteration no. 2 will pick message 4.
// Sync iteration no. 3 will pick message 5.
SOGoMaximumSyncResponseSize = 2048;
// The maximum amount of memory (in megabytes) that a child can use.
// Reaching that value will force children processes to restart, in order
// to preserve system memory.
//
// Error message when it reaches the value:
// "terminating app, vMem size limit (xxx MB) has been reached (currently xxx MB)"
//
// Defaults to 384.
SxVMemLimit = 500;
// Enable XSRF (also known as CSRF) protection.
SOGoXSRFValidationEnabled = YES;
// IMAP connection pool.
// Your performance will slightly increase, as you won't open a new
// connection for every access to your IMAP server.
// But you will get a lot of simultaneous open connections to your IMAP
// server, so make sure he can handle them.
// For debugging it is reasonable to turn pooling off.
NGImap4DisableIMAP4Pooling = NO;
SOGoProfileURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_user_profile";
OCSFolderInfoURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_alarms_folder";
// With 3 parameters below, SOGo requires only 9 SQL tables in total
// instead of creating 4 SQL tables for each user.
OCSCacheFolderURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_cache_folder";
OCSStoreURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_store";
OCSAclURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/sogo_acl";
// Default language in the web interface
SOGoLanguage = English;
// Specify which module to show after login: Calendar, Mail, Contacts.
SOGoLoginModule = Mail;
// Must login with full email address
SOGoForceExternalLoginWithEmail = YES;
// Allow user to change full name and email address.
SOGoMailCustomFromEnabled = NO;
// IMAP server
// Local connection is considered as secure by Dovecot, so 'imap://' is fine.
// With remote IMAP server, use 'imaps://127.0.0.1:143/?tls=YES' instead;
SOGoIMAPServer = "imap://127.0.0.1:143/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
// Allow user to add other IMAP accounts that will be visible from the SOGo
// Webmail interface.
// Default is NO.
//SOGoMailAuxiliaryUserAccountsEnabled = YES;
// SMTP server
SOGoSMTPServer = "smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
SOGoMailingMechanism = smtp;
SOGoSMTPAuthenticationType = PLAIN;
// Enable managesieve service
//
// WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube
// webmail, don't use sieve service in both webmails, otherwise
// it will be messy.
// FYI: https://docs.iredmail.org/why.no.sieve.support.in.sogo.html
//
//SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";
//SOGoSieveScriptsEnabled = YES;
//SOGoVacationEnabled = YES;
//SOGoForwardEnabled = YES;
SOGoSieveFolderEncoding = UTF-8;
// Memcached
SOGoMemcachedHost = 127.0.0.1;
// Parameter used to set which usernames require administrative privileges
// over all the users tables. For example, this could be used to post
// events in the users calendar without requiring the user to configure
// his/her ACLs. In this case you will need to specify those superuser's
// usernames like this :
// SOGoSuperUsernames = (<username1>[,<username2>, ...]);
//SOGoSuperUsernames = ();
SOGoTimeZone = "America/New_York";
SOGoFirstDayOfWeek = 1;
SOGoRefreshViewCheck = every_5_minutes;
SOGoMailReplyPlacement = below;
// Disable gravatar
SOGoExternalAvatarsEnabled = NO;
SOGoGravatarEnabled = NO;
// Control WebDAV access to the Calendar / Contacts collections.
// This can be used to deny access to these resources from Thunderbird
// Lightning for example.
// Defaults to YES when unset.
//SOGoCalendarDAVAccessEnabled = NO;
//SOGoAddressBookDAVAccessEnabled = NO;
// Allow users to share publicly (ie., requiring not authentication) their
// calendars and address books.
// Defaults to NO when unset.
//SOGoEnablePublicAccess = YES;
//
// Notifications
//
// Enable email-based alarms on events and tasks.
SOGoEnableEMailAlarms = YES;
// Notify meeting participants
SOGoAppointmentSendEMailNotifications = YES;
// Notify if a calendar or an address book has been created.
SOGoFoldersSendEMailNotifications = NO;
// Notify involved users of a calendar or address book's ACLs.
SOGoACLsSendEMailNotifications = YES;
// Notify when a modification is being done to his/her own calendar by someone else.
SOGoNotifyOnExternalModifications = YES;
// NOTE: PostgreSQL cannot update view in iRedMail
SOGoPasswordChangeEnabled = YES;
// Authentication using SQL
/* SQL backend
SOGoUserSources = (
{
type = sql;
id = users;
viewURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/users";
canAuthenticate = YES;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha512;
prependPasswordScheme = YES;
// Use `vmail.mailbox` as per-domain address book.
isAddressBook = YES;
displayName = "Domain Address Book";
SOGoEnableDomainBasedUID = YES;
DomainFieldName = "domain";
// Listing of this LDAP source is only possible when performing a
// search (respecting the SOGoSearchMinimumWordLength parameter)
// or when explicitely typing a single dot.
// Defaults to YES when unset.
//
// WARNING: if you have many accounts in this address book, it may
// reach server-side query size limit, or cause
// performance issue.
listRequiresDot = NO;
ModulesConstraints = {
Mail = { c_webmail = y; };
Calendar = { c_calendar = y; };
ActiveSync = { c_activesync = y; };
};
},
//{
// displayName = "Global Address Book";
// type = sql;
// id = global_address_book;
// viewURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/users";
// canAuthenticate = NO;
// isAddressBook = YES;
// listRequiresDot = NO;
// SOGoEnableDomainBasedUID = YES;
// DomainFieldName = "domain";
//},
// Display mailing aliases in address book.
// You need to create SQL view 'sogo.aliases' first.
//
// For MySQL:
//
// CREATE VIEW sogo.aliases (c_uid, c_name, c_password, c_cn, mail, domain)
// AS SELECT address, name, '', name, address, domain
// FROM vmail.alias WHERE active=1;
//
//{
// displayName = "Mailing Lists";
// type = sql;
// id = aliases;
// viewURL = "mysql://sogo:PRIVACYBLANK@127.0.0.1:3306/sogo/aliases";
// canAuthenticate = NO;
// isAddressBook = YES;
// listRequiresDot = NO;
// SOGoEnableDomainBasedUID = YES;
// DomainFieldName = "domain";
//},
);
SQL backend */
// Authentication using LDAP
SOGoUserSources = (
{
// Used for user authentication
type = ldap;
id = users;
canAuthenticate = YES;
isAddressBook = NO;
displayName = "LDAP Authentication";
hostname = "ldap://127.0.0.1:389";
baseDN = "domainName=%d,o=domains,dc=mysecretdomain,dc=dev";
bindDN = "cn=vmail,dc=mysecretdomain,dc=dev";
bindPassword = "PRIVACYBLANK";
filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo";
scope = SUB;
// always keep binding to the LDAP server using the DN of the
// currently authenticated user. bindDN and bindPassword are still
// required to find DN of the user.
// Note: with default LDAP acl configured by iRedMail, user doesn't
// have privilege to query o=domains,dc=mysecretdomain,dc=dev.
// so this doesn't work.
bindAsCurrentUser = YES;
// The algorithm used for password encryption when changing
// passwords without Password Policies enabled.
// Possible values are: plain, crypt, md5-crypt, ssha, ssha512.
userPasswordAlgorithm = ssha512;
CNFieldName = cn;
IDFieldName = mail;
// value of UIDFieldName must be unique on entire server
UIDFieldName = mail;
IMAPLoginFieldName = mail;
MailFieldNames = (mail);
bindFields = (mail);
ModulesConstraints = {
Mail = { enabledService = sogowebmail; };
Calendar = { enabledService = sogocalendar; };
ActiveSync = { enabledService = sogoactivesync; };
};
},
{
// Used for global address book
type = ldap;
id = global_addressbook;
canAuthenticate = NO;
isAddressBook = YES;
displayName = "Global Address Book";
bindAsCurrentUser = YES;
// Listing of this LDAP source is only possible when performing a
// search (respecting the SOGoSearchMinimumWordLength parameter)
// or when explicitely typing a single dot.
// Defaults to YES when unset.
//
// WARNING: if you have many accounts in this address book, it may
// reach server-side query size limit, or cause
// performance issue.
listRequiresDot = NO;
hostname = "ldap://127.0.0.1:389";
baseDN = "domainName=%d,o=domains,dc=mysecretdomain,dc=dev";
bindDN = "cn=vmail,dc=mysecretdomain,dc=dev";
bindPassword = "PRIVACYBLANK";
filter = "((enabledService=mail AND accountStatus=active AND enabledService=displayedInGlobalAddressBook) AND ((objectClass=mailUser AND enabledService=sogo) OR (objectClass=mailList) OR (objectClass=mailAlias)))";
scope = SUB;
IDFieldName = mail;
bindFields = (mail);
// value of UID field must be unique on whole server.
UIDFieldName = mail;
IMAPLoginFieldName = mail;
CNFieldName = cn;
SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress, departmentNumber);
// Resources management (Free/Busy)
// Reference: https://docs.iredmail.org/sogo.manage.resources.html
KindFieldName = "Kind";
MultipleBookingsFieldName = "MultipleBookings";
}
);
}When i try to login to SOGo i just get "Unhandled error" the log (/var/log/sogo/sogo.log) looks good for me:
Mar 09 06:10:14 sogod [3737]: |SOGo| starting method 'POST' on uri '/SOGo/connect'
Mar 09 06:10:14 sogod [3737]: <0x0x556a24c80750[NGLdapConnection]> Using ldap_initialize for LDAP URL: ldap://127.0.0.1:389
Mar 09 06:10:14 sogod [3737]: SOGoRootPage successful login from '141.88.234.2' for user 'xxx@mysecretdomain' - expire = -1 grace = -1
Mar 09 06:10:14 sogod [3737]: |SOGo| request took 0.009878 seconds to execute
Mar 09 06:10:14 sogod [3737]: 141.88.234.2 "POST /SOGo/connect HTTP/1.0" 200 55/113 0.012 - - 0 - 13however the ngnix error logging this:
2022/03/09 12:10:14 [error] 984#984: *1403 upstream sent too big header while reading response header from upstream, client: x.x.x.x, server: _, request: "POST /SOGo/connect HTTP/2.0", upstream: "http://127.0.0.1:20000/SOGo/connect", host: "mail.mysecretdomain", referrer: "https://mail.mysecretdomain/SOGo/"----
Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.
