[Kolab-devel] forwarding oddity - fixed

Mario Ramos mario at hummy.org
Sun Feb 15 00:29:22 CET 2009


Hello.

The other day I wrote this email to the users list:

http://kolab.org/pipermail/kolab-users/2009-February/009457.html

regarding a problem I was experiencing with my kolab installation using
multiple domains.

I realised about the problem because the forwarding feature wasn't working,
as I explained on that email.

I've been digging in this error and I think I've fixed it, it's not a sieve
problem, it was an authentication problem.


In /kolab/etc/kolab/templates/saslauthd.conf.template I added:

ldap_size_limit: 0


And then, in the /kolab/var/sasl/log/saslauthd.log when trying to login as
info at domain2.com, I started getting this:


Feb 14 20:35:27 mrburns <debug> saslauthd[24334]: Duplicate entries found
((&(|(mail=info at domain2.com)(mail=info)(uid=info at domain2.com
)(uid=info))(!(kolabdeleteflag=*)))).
Feb 14 20:35:27 mrburns <debug> saslauthd[24334]: Authentication failed for
info/domain2.com: User not found (-6)
Feb 14 20:35:27 mrburns <info> saslauthd[24334]: do_auth         : auth
failure: [user=info] [service=imap] [realm=domain2.com] [mech=ldap]
[reason=Unknown]
Feb 14 20:35:30 mrburns <debug> saslauthd[24336]: Duplicate entries found
((&(|(mail=info at domain2.com)(mail=info)(uid=info at domain2.com
)(uid=info))(!(kolabdeleteflag=*)))).
Feb 14 20:35:30 mrburns <debug> saslauthd[24336]: Authentication failed for
info/domain2.com: User not found (-6)
Feb 14 20:35:30 mrburns <info> saslauthd[24336]: do_auth         : auth
failure: [user=info] [service=imap] [realm=domain2.com] [mech=ldap]
[reason=Unknown]


If I create a info at domain1.com and another account info at domain2.com

The original ldap filter will return duplicated entries and will not be able
to authenticate info at domain2.com, although it is still possible to
authenticate as info at domain1.com, I don't know why... I'm not an LDAP
expert.

Anyway, the fix was changing the filter to:

#ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@
%d)(uid=%u))(!(kolabdeleteflag=*)))
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d))(!(kolabdeleteflag=*)))


This seems to have fixed the problem.
Now I can authenticate any user by using its UID.

I wanted to ask in the developers list about this problem, because I think
it's bug and should be corrected, but I'm not sure if what I did is the best
approach to this problem, or what the implications of removing "(uid=%u)"
from the original ldap_filter could be, in regards to the kolab app as a
whole.


Cheers.
Mario.


-- 
PS – Please help preserve the environment, don't print this email unless you
have to.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/devel/attachments/20090214/ee6fbdb9/attachment.html>


More information about the devel mailing list