<div dir="ltr">I've narrowed the problem down now to the LDAP lookup for the user failing. In the dirsrv access logs below, it shows the successful search for the domain but when it searches for the user it mangles the base and so is unable to find it. Can anyone help me out with this? Also note that ptloader completely fails for both new and existing users but I presume there is some sort of 'cache' for logins that have already been canonified.<div><br></div><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><p class=""><span class="">[28/Feb/2015:23:45:15 +0100] conn=101764 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=kolab-service,ou=special users,dc=example,dc=com"</span></p></div></blockquote><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><p class=""><span class="">[28/Feb/2015:23:45:15 +0100] conn=101764 op=1 SRCH base="cn=kolab,cn=config" scope=2 filter="(&(objectClass=domainrelatedobject)(associatedDomain=<a href="http://example.com">example.com</a>))" attrs="associatedDomain inetDomainBaseDN"</span></p></div></blockquote><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><p class=""><span class="">[28/Feb/2015:23:45:15 +0100] conn=101764 op=1 RESULT err=0 tag=101 nentries=1 etime=0</span></p></div></blockquote><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><p class=""><span class="">[28/Feb/2015:23:45:15 +0100] conn=101764 op=2 SRCH base="dc=example,<b>dc=c1</b>" scope=2 filter="(|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=john.doe))(&(|(uid=john.doe)(mail=<a href="mailto:john.doe@example.com">john.doe@example.com</a>)(mail=john.doe@))(objectClass=kolabinetorgperson)))" attrs="1.1"</span></p></div></blockquote><blockquote style="margin:0 0 0 40px;border:none;padding:0px"><div><p class=""><span class="">[28/Feb/2015:23:45:15 +0100] conn=101764 op=2 RESULT err=32 tag=101 nentries=0 etime=0</span></p></div></blockquote><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks in advance,</div><div class="gmail_extra">Adam Turner</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Feb 27, 2015 at 10:16 PM, <a href="mailto:webmaster@artturnip.co.uk">webmaster@artturnip.co.uk</a> <span dir="ltr"><<a href="mailto:webmaster@artturnip.co.uk" target="_blank">webmaster@artturnip.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">Hi Franz,</p>
<p dir="ltr">The problem exists with both existing and new users logging in. Even when existing users login it fails to canonify the username however it must just use a cached version instead.</p>
<p dir="ltr">The problem seems to be an underlying issue with my Cyrus LDAP config because ptloader worked before (And I forgot to take a backup) </p>
<p dir="ltr">Adam</p><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On 26 Feb 2015 17:22, "Franz Skale" <<a href="mailto:i.bin@dah.am" target="_blank">i.bin@dah.am</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div><br>
<br>
<br>
Hi,<br>
the problem still exists.<br>
If ploader crashes on creating a new mailbox, you have to recreate
it though.<br>
I have the problem on every 3rd mailbox creation.<br>
It's really a showstopper, so i'm reading the source to get a
static mapping working. (like manually edit the file).<br>
Read the post on ptloaderer segfault.<br>
<br>
My reply from dec. 2014 once again:<br>
<pre>Hi,
do you have updates on this issus ?
I have the same problem now with the "stable" editon of kolab.
I upgraded cyrus to the newest git and now it works, but after i add one
kolab the same problem occurs.
For now, my workaround is quite unusal, but perhaps you've a better
solution.
1.) service stop kolab-server
2.) I delete the failed mailbox with ldapdelete:
/usr/lib/mozldap/ldapdelete -D cn="Directory Manager" -w xxxxxxxx
uid=deaduser,ou=People,dc=example,dc=org
3.) delete the failed mailbox:
kolab dm <a href="mailto:user/deaduser@example.org" target="_blank">user/deaduser@example.org</a>
4.) service stop cyrus-imapd (killing the idled)
5.) service start cyrus-imapd
Check, that there's no error visible in the imapd.log
6.) service kolab-server start
7.) recreating the user.
It works for another user, than i have to do it all over again for the
new user.
The problem seems to be ptclient interaction with dirsrv389.
Rgds.
Franz
</pre>
<br>
Am 26.02.15 um 17:53 schrieb <a href="mailto:webmaster@artturnip.co.uk" target="_blank">webmaster@artturnip.co.uk</a>:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello!
<div><br>
</div>
<div>After about two hours of googling and fiddling around, I'm
still having a problem with users logging in. The issue seems
to be with ptloader which refuses to work... Below is an
excerpt from mail.log and my imapd.conf</div>
<div><br>
</div>
<div>The situation:</div>
<div>(Attempted) multi domain setup however only one works. </div>
<div>Debian 7</div>
<div>Kolab 3.3</div>
<div><br>
</div>
<div>imap.conf:</div>
<div>
<div>configdirectory: /var/lib/imap</div>
<div>partition-default: /var/spool/imap</div>
<div>admins: cyrus-admin</div>
<div>sievedir: /var/lib/imap/sieve</div>
<div>sendmail: /usr/sbin/sendmail</div>
<div>sasl_pwcheck_method: auxprop saslauthd</div>
<div>sasl_mech_list: PLAIN LOGIN</div>
<div>allowplaintext: no</div>
<div>tls_cert_file: /etc/ssl/certs/example.crt</div>
<div>tls_key_file: /etc/ssl/private/example.key</div>
<div>tls_ca_file: /etc/ssl/certs/example.ca-chain.pem</div>
<div># uncomment this if you're operating in a DSCP
environment (RFC-4594)</div>
<div># qosmarking: af13</div>
<div>auth_mech: pts</div>
<div>pts_module: ldap</div>
<div>ldap_servers: <a>ldaps://localhost:636</a></div>
<div>ldap_sasl: 0</div>
<div>ldap_base: dc=example,dc=com</div>
<div>ldap_bind_dn: uid=kolab-service,ou=Special
Users,dc=example,dc=com</div>
<div>ldap_domain_base_dn: cn=kolab,cn=config</div>
<div>ldap_domain_filter:
(&(objectclass=domainrelatedobject)(associateddomain=%s))</div>
<div>ldap_domain_name_attribute: associatedDomain</div>
<div>ldap_domain_result_attribute: inetdomainbasedn</div>
<div>ldap_domain_scope: sub</div>
<div>ldap_password: ***</div>
<div>ldap_filter:
(|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@%d)(mail=%U@%r))(objectclass=kolabinetorgperson)))</div>
<div>ldap_user_attribute: mail</div>
<div>ldap_group_base: ou=groups,ou=people,dc=example,dc=com</div>
<div>ldap_group_filter:
(&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))</div>
<div>ldap_group_scope: one</div>
<div>ldap_member_base: ou=groups,ou=people,dc=example,dc=com</div>
<div>ldap_member_method: attribute</div>
<div>ldap_member_attribute: nsrole</div>
<div>ldap_restart: 1</div>
<div>ldap_timeout: 10</div>
<div>ldap_time_limit: 10</div>
<div>unixhierarchysep: 1</div>
<div>virtdomains: userid</div>
<div>annotation_definitions: /etc/imapd.annotations.conf</div>
<div>sieve_extensions: fileinto reject envelope body vacation
imapflags notify include regex subaddress relational copy</div>
<div>allowallsubscribe: 0</div>
<div>allowusermoves: 1</div>
<div>altnamespace: 0</div>
<div>hashimapspool: 1</div>
<div>anysievefolder: 1</div>
<div>fulldirhash: 0</div>
<div>sieveusehomedir: 0</div>
<div>sieve_allowreferrals: 0</div>
<div>lmtp_downcase_rcpt: 1</div>
<div>lmtp_fuzzy_mailbox_match: 1</div>
<div>username_tolower: 1</div>
<div>deletedprefix: DELETED</div>
<div>delete_mode: delayed</div>
<div>expunge_mode: delayed</div>
<div>flushseenstate: 1</div>
<div>postuser: postuser</div>
</div>
<div><br>
</div>
<div>mail.log:</div>
<div>
<div>Feb 26 17:22:41 webmail imaps[22032]: starttls: TLSv1.2
with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no
authentication</div>
<div>Feb 26 17:22:41 webmail ptloader[22040]: starting:
ptloader.c,v git2.5+0 </div>
<div>Feb 26 17:22:41 webmail imaps[22032]: ptload(): bad
response from ptloader server: identifier not found</div>
<div>Feb 26 17:22:41 webmail imaps[22032]: ptload completely
failed: unable to canonify identifier: <a href="mailto:john.smith@example.com" target="_blank">john.smith@example.com</a></div>
<div>Feb 26 17:22:41 webmail imaps[22032]: SASL bad userid
authenticated</div>
<div>Feb 26 17:22:41 webmail imaps[22032]: badlogin: localhost
[127.0.0.1] PLAIN [SASL(-13): authentication failure: bad
userid authenticated]</div>
<div>Feb 26 17:22:44 webmail imaps[21999]: starttls: TLSv1.2
with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no
authentication</div>
<div>Feb 26 17:22:45 webmail imaps[21999]: ptload(): empty
response from ptloader server</div>
<div>Feb 26 17:22:45 webmail imaps[21999]: ptload completely
failed: unable to canonify identifier: <a href="mailto:john.smith@example.com" target="_blank">john.smith@example.com</a></div>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
users mailing list
<a href="mailto:users@lists.kolab.org" target="_blank">users@lists.kolab.org</a>
<a href="https://lists.kolab.org/mailman/listinfo/users" target="_blank">https://lists.kolab.org/mailman/listinfo/users</a></pre>
</blockquote>
<br>
</div>
</blockquote></div>
</div></div></blockquote></div><br></div></div>