When using proxy-side authentication, you must adjust your proxy or front server accordingly and ensure that the “x-webobjects-remote-user” HTTP header is passed to SOGo. With Apache, this is done by using the “RequestHeader” directive in the configuration. The second step is to tell SOGo to trust that value altogether by setting the “SOGoTrustProxyAuthentication” to YES which will disable the login page and the “logoff” link. If the user identifiers that are used do not match their system identifier, for example using Kerberos-based authentication, you need to set the “bindFields” parameter of your authentication LDAP source. This enables SOGo to query your LDAP server for the real user identifier to use during its operations.