Hi,

I tried to configure sogo-slapd-sockd of SOGo 1.3.2 with OpenLDAP 2.4. However, queries against the directory don't work, e.g.

ldapsearch -h sogo.example.com -b cn=personal,dc=addressbook,dc=example,dc=com -x -D uid=user,dc=addressbook,dc=example,dc=com -w password 'cn=*'

returns no matches. If SoSecurityManagerDebugEnabled set to YES, sogo-slapd-sockd will log the following:

<[so-security]>D validate permission 'Access Object' on object <0x015CADD0[SOGoContactGCSFolder]: name=personal container=0x014C4DE0/Contacts ocs=/Users/user/Contacts/personal>
<[so-security]>D possible roles for permission 'Access Object': Manager
<[so-security]>D got no user (=> auth required).

I tried to trace the problem a bit by looking at the source, but I don't know Objective-C and I'm not familiar with SOGo/SOPE architecture so I didn't find the root cause. But here's my findings.

The error comes from the method validatePermission of SoSecurityManager of SOPE, and failing piece of code is

if ((user = [self userInContext:_ctx object:_object]) == nil) {
...

In the chain this piece of SecurityManager code is called from lookupPersonalFolder method of SOGoParentFolder. The context attribute seems to be inherited from SOGoObject and is nil when validatePermission is being called. Therefore validatePermission check fails.

I tried forcing the ignoreRights parameter of lookupPersonalFolder to be true, i.e. I changed the call in lookupName method of SOGoParentFolder to be

  obj = [self lookupPersonalFolder: name
                    ignoringRights: YES];

After this change it works just great, I get the results using ldapsearch. I guess bypassing the security checks of the contacts folder is not an optimal solution, though...