strange behaviour of ptloader unable to canonify identifier

Jan Kowalsky jankow at datenkollektiv.net
Fri Aug 11 16:52:34 CEST 2017


Hi all,

we have the following setup:

  * one server with mailserver (cyrus-imapd) and webmailer
  * stand-alone ldap-server
  * another server with a additional webmail and a additional replicated
ldap server - webmailer asks the ldapserver on localhost
  * multidomain setup with cyrus pts configured
  * kolab 3.4 on debian 7

while user can login in webmail running on the mailserver where cyrus is
running - they can't on the other. But only from one specific domain and
only if they didn't login on the other webmailer before. The latter
seems to be related to ptscache.

If they try to login on the separate webmail instace I get in the mail.log

ptload completely failed: unable to canonify identifier: user at example.org

from the webmailer on the "mailserver" login works.

If I configure the second webmailer using the first ldap-server
everything works also fine.

The only difference I can find between the queries in ldap (when cyrus
(which tries to find the user id)

Lookup works:

[11/Aug/2017:16:08:49 +0200] conn=2131533 op=2 SRCH
base="dc=example,dc=org" scope=2
filter="(&(objectClass=inetorgperson)(|(uid=example.user1)(mail=example.user1 at fas-dresden.de)(alias=example.user1 at fas-dresden.de)))"
attrs="displayName mail alias nsRoleDN uid"

Lookup doesn't work

[11/Aug/2017:16:14:14 +0200] conn=2118186 op=8777 SRCH
base="dc=example,dc=org" scope=2
filter="(|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=example.user2))(&(|(uid=example.user2)(mail=example.user2 at fas-dresden.de)(mail=example.user2@))(objectClass=kolabinetorgperson)))"
attrs="1.1"

But other entries with attrs="1.1" don't lead to problems.

I I change the ldap Server in the second webmailer for using the other
ldap-server: no problem. But we have some fancy aci for separating domains.

So one question: does the ldapserver cyrus makes its lookups from have
to be the same where the mailclient (roundcube) looks up?

I have no Idea for further debugging. Any hint is welcome.

Don't know if it's related. We have problems that mailboxes of one
specific domains are not generated during user generation in ldap.
Mostly there is no mailbox at all - but sometimes there is just the
inbox generated (with no acl) and so on.

Best Regards
Jan


More information about the users mailing list