[Kolab-devel] [issue4313] Saslauthd config collides with additional user addressbooks

[Alexander Gran]

New submission from Alexander Gran <alexg at moduleworks.com>:

Hi,

there is a litte bug (?) in kolab that breaks sasl (and therefore cyrus, 
postfix, ..?) when you have multiple ldap entries with the same uid/mail address.
That happens, e.g. when a user has an address book under
ou=addr,uid=alexg,dc=base,dc=com
which is the case for me, as I migrate from an SuSE open exchange system.
The issue is as follows
The saslauthd asks the ldap daemon slapd for a maximum of one entry, using this 
filter:
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!
(kolabdeleteflag=*)))
However this would return (in my case) 4 entires. Beeing asked for just one, 
slapd fails with something like
 conn=291 op=1 SEARCH RESULT tag=101 err=4 nentries=1 text=  [1]

I fixed that by setting 
ldap_filter: (&(|(mail=%u@%d)(mail=%u)(uid=%u@%d)(uid=%u))(!
(kolabdeleteflag=*))(objectClass=posixAccount))
If I'm right, posixAccounts can be uniquely identified by their uid/mail.

However I just relized that I now need to add the posixGroup objectclass to the
cn=manager,cn=internal,dc=base,dc=com account. So this might not be the best
solution, However I have no other problems with it so far.

Attached my patched saslauthd.conf template. Dunno how to tell kolab to do the
manager object class change. ( I used apache directory studio)

regards
Alex

----------
keyword: debian
messages: 24770
nosy: alexg
priority: bug
status: in-progress
title: Saslauthd config collides with additional user addressbooks

______________________________________
Kolab issue tracker <issues at kolab.org>
<https://issues.kolab.org/issue4313>
______________________________________