[kolab3.1][multi-domain] user authentication from users of 2nd domain does not work

Daniel Hoffend dh at dotlan.net
Sun Feb 2 00:34:53 CET 2014 

Hi Hoagie

You've to modify the roundcube configuration to support multi domain 
lookups/logins and various other parts of kolab to make them aware of 
the multiple domains and the different used ldap directories (domain 
part == different ldap user space == different organization)

If you don't need separate name spaces (aka same company multiple 
domains) just add them as additional domains to your main one.

Please take at this howto:
http://docs.kolab.org/howtos/multi-domain.html

For roundcube this is basically replacing things things like 
"ou=People,dc=example,dc=org" with "ou=People,%dc", etc.

Cyrus (remove canonfication) and Postfix (add additional lookup tables) 
have similar bigger changes.

Hope that helps


Regards
Daniel

------ Originalnachricht ------
Von: "hoagie" <hoagie at todes.net>
An: users at lists.kolab.org
Gesendet: 02.02.2014 00:12:36
Betreff: [kolab3.1][multi-domain] user authentication from users of 2nd 
domain does not work

>Hi Everybody,
>
>I hope someone can help me, i cannot find the cause of the problem.
>
>I have a multidomain setup and the problem is that users that I created
>for the second domain cannot login to roundcubemail.
>
>management domain = example.org
>2nd domain = example.net (real 2nd domain, no alias).
>
>
>output from "cat /var/log/roundcubemail/imap" shows an authentication
>failure:
>
>[01-Feb-2014 23:50:38,000000 +0100]: [252F] C: A0004 AUTHENTICATE PLAIN
><some-alphanumeric-long-code>
>[01-Feb-2014 23:50:41,000000 +0100]: [252F] S: A0004 NO authentication
>failure
>
>
>output from "cat /var/log/roundcubemail/userlogins" shows as well an 
>error:
>
>[01-Feb-2014 23:50:41,000000 +0100]: Failed login for name at example.net
>from 10.0.0.4 in session mcbij4ac9vks4l3rrbr0lfj5v3 (error: 0)
>
>
>however the user does exist in LDAP (output from "cat
>/var/log/roundcubemail/ldap")
>
>[01-Feb-2014 23:50:38,000000 +0100]: C: Connect to localhost:389 [Kolab
>Auth]
>[01-Feb-2014 23:50:38,000000 +0100]: S: OK
>[01-Feb-2014 23:50:38,000000 +0100]: C: Bind
>uid=kolab-service,ou=Special Users,dc=example,dc=org [pass: **********]
>[01-Feb-2014 23:50:38,000000 +0100]: S: OK
>[01-Feb-2014 23:50:38,000000 +0100]: C: Search
>ou=People,dc=example,dc=net for
>(&(objectclass=inetorgperson)(|(uid=name)(mail=name at example.net)(alias=aliasname at example.net)))
>[01-Feb-2014 23:50:38,000000 +0100]: S: 1 record(s) found
>[01-Feb-2014 23:50:41,000000 +0100]: C: Close
>
>
>Something is not right as well in /etc/kolab/kolab.conf:
>
># tail -f pykolab.log
>2014-02-01 23:35:19,639 pykolab.conf WARNING Option ldap/auth_cache_uri
>does not exist in config file /etc/kolab/kolab.conf, pulling from 
>defaults
>2014-02-01 23:35:19,640 pykolab.conf WARNING Option does not exist in
>defaults.
>2014-02-01 23:35:19,663 pykolab.conf WARNING Option 
>imap/virtual_domains
>does not exist in config file /etc/kolab/kolab.conf, pulling from 
>defaults
>
>and am getting an error as well here:
>
># tail -f /var/log/dirsrv/slapd-civitas/errors
>[02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: 
>url
>[ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but 
>dn
>[dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>users,dc=example,dc=org]
>[02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: 
>url
>[ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but 
>dn
>[dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>users,dc=example,dc=org]
>
>
>and maillog shows a password verification error:
>
># tail -f /var/log/maillog
>Feb 2 00:04:39 civitas imap[1869]: starttls: TLSv1 with cipher
>DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>Feb 2 00:04:39 civitas imap[1869]: client id: "name" "Roundcube"
>"version" "1.0-git" "php" "5.3.3" "os" "Linux" "command"
>"/roundcubemail/?_task=login"
>Feb 2 00:04:39 civitas imap[1869]: badlogin: localhost [::1] PLAIN
>[SASL(-13): authentication failure: Password verification failed]
>
>
>
>For any clues, notes or hints i´d be greatful.
>
>tnx.
>
>Regards,
>Hoagie
>
>_______________________________________________
>users mailing list
>users at lists.kolab.org
>https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list