Anonymous access is not allowed

Johannes Neuhaus johannes.neuhaus at rwth-aachen.de
Sun May 20 12:46:46 CEST 2018


Dear fellow users and kolab devs,

Disclaimer: I am on CentOS 7. 389-Directory/1.3.7.5 B2018.136.418

Just yesterday I updated my Kolab installation. Unfortunately it was not
overly successful as it seems like it broke authentication. The symptom
was that I was not able to login anymore. Running kolab lm did not work
either and returned authentication failed. Digging further in the logs I
found:

[root at mail /]# tail -n 100 /var/log/kolab/pykolab.log
2018-05-20 12:25:01,692 pykolab.wallace ERROR Module
resources.heartbeat() failed with error: Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/wallace/__init__.py", line 89,
in modules_heartbeat
    modules.heartbeat(module, lastrun)
  File "/usr/lib/python2.7/site-packages/wallace/modules.py", line 128,
in heartbeat
    return modules[name]['heartbeat'](*args, **kw)
  File "/usr/lib/python2.7/site-packages/wallace/module_resources.py",
line 433, in heartbeat
    resource_dns = auth.find_resource('*')
  File "/usr/lib/python2.7/site-packages/pykolab/auth/__init__.py", line
220, in find_resource
    result = self._auth.find_resource(address)
  File "/usr/lib/python2.7/site-packages/pykolab/auth/ldap/__init__.py",
line 844, in find_resource
    attrsonly=True
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
552, in search_s
    return
self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
876, in search_ext_s
    return
self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
818, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
546, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
458, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
462, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls =
self.result3(msgid,all,timeout)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
469, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
476, in result4
    ldap_result =
self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line 99,
in _ldap_call
    result = func(*args,**kwargs)
INAPPROPRIATE_AUTH: {'info': 'Anonymous access is not allowed.', 'desc':
'Inappropriate authentication'}

To fix this, I had to set the respective LDAP config flag in dse.ldif to
on. Is this a bug or a feature? Unfortunately, it took me quite some
time to figure out, what the problem was. I tried a fresh installation
using a virtual machine and I did not run into the problem. So I am a
bit confused, what actually went wrong. The upgrade logs looked just fine.

Best regards,
Johannes


More information about the users mailing list