Kolab 3.4 on CentOS 6.6 (ptload completely failed)

Soliva Andrea soliva at comcept.ch
Tue Sep 22 08:39:46 CEST 2015 

Hi

many thanks for you answer regarding your questions:

- if I'm right but I'm not 100% sure but if you use 3.1 and higher as 
cyrus-imapd 2.5 as in cooperation with multidomain the canonification 
should not be turned off because it does not have any Impact (from the 
site of kolab I understand that this is under work but as I said not 
100% sure). From this point of view the answer is no canonification is 
on which means also the following positions in kolab.conf are active:

        sasl_pwcheck_method: auxprop saslauthd
        auth_mech: pts
        pts_module: ldap
        ldap_servers: ldap://localhost:389
        ldap_sasl: 0
        ldap_base: dc=comcept,dc=ch
        ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=comcept,dc=ch
        ldap_password: [Your Password]
        ldap_filter: 
(|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
        ldap_user_attribute: mail
        ldap_group_base: dc=comcept,dc=ch
        ldap_group_filter: 
(&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
        ldap_group_scope: one
        ldap_member_base: ou=People,dc=comcept,dc=ch
        ldap_member_method: attribute
        ldap_member_attribute: nsrole
        ldap_restart: 1
        ldap_timeout: 10
        ldap_time_limit: 10

as in cyrus.conf following is active:

       ptloader    cmd="ptloader" listen="/var/lib/imap/ptclient/ptsock" 
prefork=0

If I understand all correct the above must be uncommented as ptloader 
deactivated for turning off cononification and addtional in imapd.conf 
must be defined "sasl_pwcheck_method: saslauthd". But for 3.4 
multidomain this has no effect because it was not "yet" implemented.

Yes for Login test I use always Primary-Email address. Yes I wait always 
some time looking to the debug output but I can clearly see that 
ptloader gets nothing back from dirsrv and from this Point of view 
nothing will be created which correspondents with your sentence "If your 
SASL fails (which it is showing it is) then it won't becreated in IMAP". 
This is 100% the case. In kolab.conf I only added the domain in 
following way (as the other ones):

#primary_mail = %(surname)s@%(domain)s
primary_mail = %(givenname)s.%(surname)s@%(domain)s

[domain.ch]
primary_mail = %(givenname)s.%(surname)s@%(domain)s
default_quota = 1048576
default_locale = de_CH

What you mean exactly with:

> In kolab conf ensure your Python is correct for primary_mail as if you
> change this it will cause problems. Kolab doesn't accept the general
> python syntax.


With testing authentication you mean:

testsaslauthd -u deaduser at domain.ch -p [Your Password]

Pykolab.log gives not any output meaning error or whatelse! The main 
issue at the Moment is that ptloader is not getting back any data from 
dirsrv because authentication Fails as nothing will be created which is 
fully understandable! But why...?????

Anything else I can do try etc......?

---
Kind regards

Andrea Soliva

Email: andrea.soliva at comcept.ch

Am 22-09-2015 00:49, schrieb signaldeveloper at gmail.com:
> Andrea,
> 
> Do you have canonification on or off? I had a similar issue. Note that
> when you create a user on kolab web admin you may need to wait for up
> to 30 seconds for it to be created fully. If you log in too fast it
> will give you this error. Watch maillog as soon as you create a user
> and you'll see what I mean. Take a minute sometimes.
> 
> Otherwise I would run testsaslauth commands (can't think of them off
> the top of my head) and see if you can log in. What's your pykolab log
> say? If your SASL fails (which it is showing it is) then it won't be
> created in IMAP. Again try running the test sasl commands and see if
> you can log in with the user.
> 
> Depending on your canonification I would also try logging in with both
> the FULL email and the name to see what happens.
> 
> In kolab conf ensure your Python is correct for primary_mail as if you
> change this it will cause problems. Kolab doesn't accept the general
> python syntax.
> 
> 
> 
> - Paul
> 
>> On Sep 21, 2015, at 4:46 PM, Soliva Andrea <soliva at comcept.ch> wrote:
>> 
>> Hi all
>> 
>> after several hours debugging and looking to this issue I do not have 
>> anymore any ideas how to proceed:
>> 
>> I have a installation with 5 main Domains and 1 domain with a 
>> associated domain. For this installation I have created in the last 
>> two month about 25 users without any problems. I was in the last two 
>> weeks in holidays from this point of view it did not change anyhting 
>> on the config :-) Specially one domain was new created as the users 
>> before I left to holidays. All is working fine also for the domain for 
>> the users created before leaving to holidays. From this point of view 
>> it can be actually not a config issue because as mentioned for all 
>> existing user absolutly no problems for connection and authentication.
>> 
>> Today I created a new main domain as one user for this domain. The 
>> domain was created in dirsrv without any Errors (debug). Actually the 
>> user was also created in dirsrv but the mailbox etc could not be 
>> created. In a later phase I saw in debug the reason which means:
>> 
>> Even all other users can be verified as the Domains for this specific 
>> Domain as user ptload gets no data back from dirsrv!
>> 
>> the debug of dirsrv Shows to 100% that the search for the new Domain 
>> is successful (canonify) but it shows also "not data back" message 
>> from ptload which means for some reason ptload can not get from dirsrv 
>> for this particular domain as this user any Information. This will be 
>> also shown in the logs with:
>> 
>> ==> /var/log/imapd/imapd.log <==
>> Sep 21 21:58:26 kolab imap/imaps[12877]: accepted connection
>> Sep 21 21:58:26 kolab imap/imaps[12877]: SSL_accept() incomplete -> 
>> wait
>> Sep 21 21:58:26 kolab imap/imaps[12877]: SSL_accept() succeeded -> 
>> done
>> Sep 21 21:58:26 kolab imap/imaps[12877]: starttls: TLSv1.2 with cipher 
>> ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
>> Sep 21 21:58:26 kolab imap/imaps[12877]: ptload(): fetched cache 
>> record (cyrus-admin)(mark 1442861102, current 1442865506, limit 
>> 1442854706)
>> Sep 21 21:58:26 kolab imap/imaps[12877]: ptload returning data
>> Sep 21 21:58:26 kolab imap/imaps[12877]: canonified cyrus-admin -> 
>> cyrus-admin
>> Sep 21 21:58:27 kolab imap/imaps[12877]: ptload(): pinging ptloader
>> Sep 21 21:58:27 kolab imap/imaps[12877]: ptload(): can't connect to 
>> ptloader server: Connection refused
>> Sep 21 21:58:27 kolab imap/imaps[12877]: No data available at all from 
>> ptload()
>> Sep 21 21:58:27 kolab imap/imaps[12877]: ptload completely failed: 
>> unable to canonify identifier: deaduser at domain.ch
>> Sep 21 21:58:27 kolab imap/imaps[12877]: SASL bad userid authenticated
>> Sep 21 21:58:27 kolab imap/imaps[12877]: badlogin: kolab [127.0.0.1] 
>> PLAIN [SASL(-13): authentication failure: bad userid authenticated]
>> Sep 21 21:58:27 kolab imap/imap[12577]: accepted connection
>> Sep 21 21:58:27 kolab imap/imap[12577]: TLS Server Name Indication 
>> (SNI) Extension: "localhost"
>> 
>> Again to have no misunderstanding: it Looks like ptloader can not 
>> connect but for all other Domains as users no Problems works. As soon 
>> as this happens to often the ptloader goes to a Segmentation fault 
>> which is shown under dmesg. But even this happens all other user can 
>> connect without Problems!
>> 
>> I saw on the list some old messages pointing to the same issue which 
>> should happen from time to time which means that this happens always. 
>> The orkaround which is listed in this message is following as to reach 
>> the goal to clean up the new domain and user to beginn from scratch:
>> 
>> 
>> # service kolabd stop
>> 
>> Delete User from LDAP:
>> 
>> # /usr/lib/mozldap/ldapdelete -D cn="Directory Manager" -w [Your 
>> Password] uid=deaduser,ou=People,dc=domain,dc=ch
>> 
>> Delete IMAP Mailbox (even this is not existing):
>> 
>> # kolab dm user/deaduser at domain.ch
>> 
>> # service cyrus-imapd stop
>> 
>> # pkill idled
>> 
>> # service cyrus-imapd start
>> 
>> # service kolabd start
>> 
>> Clean-Up all DELETED stuff (carefull alsl DELETED marked stuff as 
>> deleted Messages etc will be removed):
>> 
>> # /usr/lib/cyrus-imapd/cyr_expire -D 0 -E 0 -X 0
>> 
>> Delete new created Domain:
>> 
>> # cd /usr/share/kolab-webadmin/lib/
>> 
>> # /usr/bin/php domain_delete.php
>> 
>> 
>> I tried several times also with restarting all Services etc. but no 
>> success. I have no more ideas how to proceed with this new Domain 
>> and/or user to get it working!
>> 
>> Any help really appriciated!
>> 
>> --
>> Kind regards
>> 
>> Andrea
>> 
>> Email: andrea.soliva at comcept.ch
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list