Hello.<br><br>The other day I wrote this email to the users list:<br><br><a href="http://kolab.org/pipermail/kolab-users/2009-February/009457.html">http://kolab.org/pipermail/kolab-users/2009-February/009457.html</a><br><br>
regarding a problem I was experiencing with my kolab installation using multiple domains.<br><br>I realised about the problem because the forwarding feature wasn't working, as I explained on that email.<br><br>I've been digging in this error and I think I've fixed it, it's not a sieve problem, it was an authentication problem.<br>
<br><br>In /kolab/etc/kolab/templates/saslauthd.conf.template I added:<br><br>
ldap_size_limit: 0<br>
<br>
<br>
And then, in the /kolab/var/sasl/log/saslauthd.log when trying to login as <a href="mailto:info@domain2.com">info@domain2.com</a>, I started getting this:<br>
<br><br>
Feb 14 20:35:27 mrburns <debug> saslauthd[24334]: Duplicate
entries found
((&(|(mail=<a href="mailto:info@domain2.com">info@domain2.com</a>)(mail=info)(uid=<a href="mailto:info@domain2.com">info@domain2.com</a>)(uid=info))(!(kolabdeleteflag=*)))).<br>
Feb 14 20:35:27 mrburns <debug> saslauthd[24334]: Authentication failed for info/<a href="http://domain2.com">domain2.com</a>: User not found (-6)<br>
Feb 14 20:35:27 mrburns <info> saslauthd[24334]: do_auth
: auth failure: [user=info] [service=imap] [realm=<a href="http://domain2.com">domain2.com</a>]
[mech=ldap] [reason=Unknown]<br>
Feb 14 20:35:30 mrburns <debug> saslauthd[24336]: Duplicate
entries found
((&(|(mail=<a href="mailto:info@domain2.com">info@domain2.com</a>)(mail=info)(uid=<a href="mailto:info@domain2.com">info@domain2.com</a>)(uid=info))(!(kolabdeleteflag=*)))).<br>
Feb 14 20:35:30 mrburns <debug> saslauthd[24336]: Authentication failed for info/<a href="http://domain2.com">domain2.com</a>: User not found (-6)<br>
Feb 14 20:35:30 mrburns <info> saslauthd[24336]: do_auth
: auth failure: [user=info] [service=imap] [realm=<a href="http://domain2.com">domain2.com</a>]
[mech=ldap] [reason=Unknown]<br><br><br>If I create a <a href="mailto:info@domain1.com">info@domain1.com</a> and another account <a href="mailto:info@domain2.com">info@domain2.com</a><br><br>The original ldap filter will return duplicated entries and will not be
able to authenticate <a href="mailto:info@domain2.com">info@domain2.com</a>, although it is still possible to
authenticate as <a href="mailto:info@domain1.com">info@domain1.com</a>, I don't know why... I'm not an LDAP expert.<br><br>Anyway, the fix was changing the filter to:<br><br>#ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))<br>
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d))(!(kolabdeleteflag=*)))<br clear="all"><br><br>This seems to have fixed the problem.<br>Now I can authenticate any user by using its UID.<br><br>I wanted to ask in the developers list about this problem, because I think it's bug and should be corrected, but I'm not sure if what I did is the best approach to this problem, or what the implications of removing "(uid=%u)" from the original ldap_filter could be, in regards to the kolab app as a whole.<br>
<br><br>Cheers.<br>Mario.<br><br><br>-- <br>PS – Please help preserve the environment, don't print this email unless you have to.<br>