forwarding oddity

Mario Ramos mario at hummy.org
Mon Feb 16 11:49:27 CET 2009 

Hello.

I've been digging in this error and I think I've fixed it, it's not a
sieve problem, it was an authentication problem.


In /kolab/etc/kolab/templates/saslauthd.conf.template I added:

ldap_size_limit: 0


And then, in the /kolab/var/sasl/log/saslauthd.log when trying to login
as info at domain2.com <mailto:info at domain2.com>, I started getting this:


Feb 14 20:35:27 mrburns <debug> saslauthd[24334]: Duplicate entries
found ((&(|(mail=info at domain2.com
<mailto:info at domain2.com>)(mail=info)(uid=info at domain2.com
<mailto:info at domain2.com>)(uid=info))(!(kolabdeleteflag=*)))).
Feb 14 20:35:27 mrburns <debug> saslauthd[24334]: Authentication failed
for info/domain2.com <http://domain2.com>: User not found (-6)
Feb 14 20:35:27 mrburns <info> saslauthd[24334]: do_auth         : auth
failure: [user=info] [service=imap] [realm=domain2.com
<http://domain2.com>] [mech=ldap] [reason=Unknown]
Feb 14 20:35:30 mrburns <debug> saslauthd[24336]: Duplicate entries
found ((&(|(mail=info at domain2.com
<mailto:info at domain2.com>)(mail=info)(uid=info at domain2.com
<mailto:info at domain2.com>)(uid=info))(!(kolabdeleteflag=*)))).
Feb 14 20:35:30 mrburns <debug> saslauthd[24336]: Authentication failed
for info/domain2.com <http://domain2.com>: User not found (-6)
Feb 14 20:35:30 mrburns <info> saslauthd[24336]: do_auth         : auth
failure: [user=info] [service=imap] [realm=domain2.com
<http://domain2.com>] [mech=ldap] [reason=Unknown]


If I create a info at domain1.com <mailto:info at domain1.com> and another
account info at domain2.com <mailto:info at domain2.com>

The original ldap filter will return duplicated entries and will not be
able to authenticate info at domain2.com <mailto:info at domain2.com>,
although it is still possible to authenticate as info at domain1.com
<mailto:info at domain1.com>, I don't know why... I'm not an LDAP expert.

Anyway, the fix was changing the filter to:

#ldap_filter:
(&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!(kolabdeleteflag=*)))
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d))(!(kolabdeleteflag=*)))


This seems to have fixed the problem.
Now I can authenticate any user by using its UID.

I have opened a bug:

https://www.intevation.de/roundup/kolab/issue3403

And hopefully the developers will tell us if this is a valid solution.


Regards.
Mario.


Mario Ramos (Grupo GOWEX) wrote:
> Hello!
>
> I'm not sure if what I'm going to describe is a bug/feature... or
> perhaps I'm doing it wrongly, so apologies if it's the later.
>
> I use precompiled kolab 2.2.0 packages running on Ubuntu 8.04.2  x86
>
> Kolab manages several domains.
>
> I need some users to be able to receive all mails from 1 account, but
> also these users need to be able to send with a from of this account.
>
> Let's say the account a at domain1.com should be received by b at domain1.com
> and c at domain1.com
> b at domain1.com and c at domain1.com should be able to send emails as
> a at domain1.com
>
>
> The way I do things is:
>
> Create a user account called a at domain1.com (using uid: a1)
>
> I put b at domain1.com and c at domain1.com as delegates of this account so
> they are able to send with an a at domain1.com FROM on their emails.
>
> As I also need all mail coming to a at domain1.com forwarded to
> b at domain1.com and c at domain1.com, what I do is:
> I go to the a at domain1.com administration interface and setup a
> forwarding for this account to a-list at domain1.com
>
> Then I log back as manager on the admin interface and create the list
> a-list at domain1.com with b at domain1.com and c at domain1.com as members.
> This way they receive mail for a at domain1.com
>
> This works absolutely fine.
>
>
> The problem arises with the second domain.
>
>
> Create a user account called a at domain2.com (using uid: a2)
>
> I put c at domain1.com and d at domain1.com as delegates of this account so
> they are able to send with an a at domain2.com FROM on their emails.
>
> As I also need all mail coming to a at domain2.com forwarded to
> c at domain1.com and d at domain1.com, what I do is:
>
> I go to the a at domain1.com administration interface and setup a
> forwarding for this account to a-list-domain2 at domain1.com
>
> When I click on the submit button I get a:
>
>
> Errors:
> Not currently in TRANSACTION state
> Script was:
>
> require "fileinto";
> redirect "a-list-domain2 at domain1.com";
>
>
> This error only occurs if the second account uses the same characters
> before the @ symbol on the email address.
>
> I.e. If I create an account called a at domain1.com with uid a1 it works fine.
> If I create an account called a at domain2.com with uid a2 I get the
> mentioned error.
>
> Could you please tell me if this is a bug, or where I can start my
> research of this error?
> Google seem to say that this error is sieve related, but I'm not that sure.
>
> Any help would be appreciated.
>
> Thanks a lot.
>
> Mario Ramos.
>
>

More information about the users mailing list