virtual hosts and kolab/horde

Gunnar Wrobel wrobel at pardus.de
Fri Mar 26 17:19:35 CET 2010


Quoting Gavin McCullagh <gavin.mccullagh at gcd.ie>:

> Hi,
>
> we're trying to set up Horde to work on several domains for related
> organisations with different domains.  It would be preferable to offer
> horde on mail.<domain>.<tld> for each domain, rather than making them all
> login to the same address.
>
> We've got certificates for each domain and I've assigned an extra IP
> address for each domain (as you can't easily do name-based SSL vhosts).
> This all works fine.
>
> In order not to change the default kolab at all, I've added a vhost to
> /kolab/etc/kolab/templates/httpd.local.template which over-rides things
> like the 403 error page, see below.
>
> When I go to login to the vhost, the initial authentication works (I don't
> get an auth failed error on the subsequent login page and watching the ldap
> traffic with wireshark).  However, I keep getting redirected back out onto
>
> The apache access logs show me connecting (see below), there are no apache
> errors.  The horde.log and php-errors.log are also below.
>
> Can anyone see what I'm doing wrong?  Is there a problem with using Horde
> on multiple hosts in this way?

No, that should work. However I assume your cookie domain does not  
match. The default kolab setting is to match the cookie to the primary  
domain of the Kolab server as Horde is usually provided within that  
domain.

Try to set

$conf['cookie']['domain'] = $_SERVER['SERVER_NAME'];

in /kolab/etc/kolab/templates/webclient-kolab-conf.template.

Does that work for you?

This is actually also the Horde default and I should investigate if we  
can use it, too. I don't remember whether there were scenarios where  
the default setting does not work.

In any case: I consider the feature to have a Kolab server directly  
offering the web client on the different domains an important feature  
wish. Should we open an issue in the tracker for it?

Cheers,

Gunnar

>
> Gavin
>
> #######################################################################
> NameVirtualHost 172.20.1.174:443
> <VirtualHost 172.20.1.174:443>
>   ServerName mail.<domain>.<tld>
>   DocumentRoot /kolab/var/kolab/www
>   ErrorLog /kolab/var/apache/log/mail.<domain>.<tld>/apache-error.log
>   CustomLog  
> /kolab/var/apache/log/mail.<domain>.<tld>/apache-access.log common
>   SSLEngine               on
>   SSLCipherSuite  
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>   SSLCertificateFile  
> /kolab/etc/kolab/ssl/mail.<domain>.<tld>/mail.<domain>.<tld>.cert
>   SSLCertificateKeyFile  
> /kolab/etc/kolab/ssl/mail.<domain>.<tld>/mail.<domain>.<tld>.key
>
>   RewriteEngine On
>   RewriteOptions inherit
>
>   <Files ~ ".(cgi|shtml|phtml|php4|php3?)$">
>     SSLOptions +StdEnvVars
>   </Files>
>
>   <Location "/">
>     ErrorDocument 403 https://mail.<domain>.<tld>/admin/
>   </Location>
>   <Location "/admin">
>     SSLRequireSSL
>   </Location>
>   <Location "/client">
>     ErrorDocument 403 https://mail.<domain>.<tld>/client/
>     SSLRequireSSL
>   </Location>
>   <Location "/fbview">
>     ErrorDocument 403 https://mail.<domain>.<tld>/fbview/
>     SSLRequireSSL
>   </Location>
>
>   RewriteEngine On
>   RewriteOptions inherit
>
>   <Files ~ ".(cgi|shtml|phtml|php4|php3?)$">
>      SSLOptions +StdEnvVars
>   </Files>
>
>   <Directory "/kolab/var/kolab/www/cgi-bin">
>      SSLOptions +StdEnvVars
>   </Directory>
>
> </VirtualHost>
>
>
> #######################################################################
> /kolab/var/apache/log/mail.<domain>.<tld>/apache-access.log:
>
> me.domain.tld - - [24/Mar/2010:13:04:08 +0000] "POST  
> /client/imp/redirect.php HTTP/1.1" 302 26
> me.domain.tld - - [24/Mar/2010:13:04:11 +0000] "GET  
> /client/index.php?url=https%3A%2F%2Fmail.<domain>.<tld>%2Fclient%2F  
> HTTP/1.1" 302 26
> me.domain.tld - - [24/Mar/2010:13:04:11 +0000] "GET  
> /client/login.php HTTP/1.1" 302 26
> me.domain.tld - - [24/Mar/2010:13:04:12 +0000] "GET  
> /client/imp/login.php HTTP/1.1" 200 3289
>
> /var/log/kolab/client/log/horde.log:
>
> Mar 24 13:08:05 HORDE [debug] [imp] Hook  
> _prefs_change_hook_last_login in application horde not called. [pid  
> 11541 on line 1683 of "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:06 HORDE [notice] [imp] Login success for  
> gavin.mccullagh@<mydomain>.<tld> [172.16.1.3] to  
> {<servername>.<mydomain>.<tld>:143 [imap/notls/novalidate-cert]}  
> [pid 11541 on line 304 of  
> "/kolab/var/kolab/www/client/imp/lib/Session.php"]
> Mar 24 13:08:06 HORDE [debug] [imp] Hook  
> _prefs_change_hook_last_maintenance in application horde not called.  
> [pid 11541 on line 1683 of  
> "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:06 HORDE [debug] [imp] Max memory usage: 19660800 bytes  
> [pid 11541 on line 339 of  
> "/kolab/var/kolab/www/client/lib/Horde/Registry.php"]
> Mar 24 13:08:06 HORDE [debug] [imp] IMAP errors: SECURITY PROBLEM:  
> insecure server advertised AUTH=PLAIN SECURITY PROBLEM: insecure  
> server advertised AUTH=PLAIN [pid 11541 on line 175 of  
> "/kolab/var/kolab/www/client/imp/lib/IMAP.php"]
> Mar 24 13:08:08 HORDE [debug] [horde] Max memory usage: 7864320  
> bytes [pid 11541 on line 339 of  
> "/kolab/var/kolab/www/client/lib/Horde/Registry.php"]
> Mar 24 13:08:08 HORDE [debug] [horde] Max memory usage: 7864320  
> bytes [pid 11541 on line 339 of  
> "/kolab/var/kolab/www/client/lib/Horde/Registry.php"]
> Mar 24 13:08:08 HORDE [debug] [kronolith] Hook  
> _horde_hook_share_init in application horde not called. [pid 11541  
> on line 1683 of "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:08 HORDE [error] [kronolith] IMAP error. Server:  
> <servername>.<mydomain>.<tld>. Error: IMAP Authentication cancelled  
> [pid 11541 on line 1330 of  
> "/kolab/var/kolab/www/client/kronolith/lib/Kronolith.php"]
> Mar 24 13:08:08 HORDE [debug] [kronolith] Hook  
> _prefs_change_hook_display_remote_cals in application horde not  
> called. [pid 11541 on line 1683 of  
> "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:08 HORDE [debug] [kronolith] Guest user does not have  
> READ permission for turba [pid 11541 on line 814 of  
> "/kolab/var/kolab/www/client/lib/Horde/Registry.php"]
> Mar 24 13:08:08 HORDE [debug] [kronolith] Guest user does not have  
> READ permission for nag [pid 11541 on line 814 of  
> "/kolab/var/kolab/www/client/lib/Horde/Registry.php"]
> Mar 24 13:08:08 HORDE [debug] [kronolith] Hook  
> _prefs_change_hook_display_external_cals in application horde not  
> called. [pid 11541 on line 1683 of  
> "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:08 HORDE [debug] [kronolith] Hook  
> _prefs_change_hook_display_cals in application horde not called.  
> [pid 11541 on line 1683 of  
> "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:08 HORDE [debug] [nag] Hook _horde_hook_share_init in  
> application horde not called. [pid 11541 on line 1683 of  
> "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:08 HORDE [error] [nag] IMAP error. Server:  
> <servername>.<mydomain>.<tld>. Error: IMAP Authentication cancelled  
> [pid 11541 on line 281 of  
> "/kolab/var/kolab/www/client/nag/lib/Nag.php"]
> Mar 24 13:08:08 HORDE [error] [nag] IMAP error. Server:  
> <servername>.<mydomain>.<tld>. Error: IMAP Authentication cancelled  
> [pid 11541 on line 281 of  
> "/kolab/var/kolab/www/client/nag/lib/Nag.php"]
> Mar 24 13:08:08 HORDE [debug] [nag] Hook  
> _prefs_change_hook_display_tasklists in application horde not  
> called. [pid 11541 on line 1683 of  
> "/kolab/var/kolab/www/client/lib/Horde.php"]
> Mar 24 13:08:08 HORDE [debug] [imp] SQL query by  
> Horde_Alarm_sql::_list(): SELECT alarm_id, alarm_uid, alarm_start,  
> alarm_end, alarm_methods, alarm_params, alarm_title, alarm_text,  
> alarm_snooze, alarm_internal FROM horde_alarms WHERE alarm_dismissed  
> = 0 AND ((alarm_snooze IS NULL AND alarm_start <= ?) OR alarm_snooze  
> <= ?) AND (alarm_end IS NULL OR alarm_end >= ?) AND (alarm_uid = ?  
> OR alarm_uid = ?) ORDER BY alarm_start, alarm_end [pid 11541 on line  
> 148 of "/kolab/var/kolab/www/client/lib/Horde/Alarm/sql.php"]
> Mar 24 13:08:08 HORDE [debug] [imp] Max memory usage: 18350080 bytes  
> [pid 11541 on line 339 of  
> "/kolab/var/kolab/www/client/lib/Horde/Registry.php"]
>
> /var/log/kolab/client/php-errors.log
>
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: SECURITY PROBLEM:  
> insecure server advertised AUTH=PLAIN (errflg=1) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: IMAP protocol error:  
> Client canceled authentication (errflg=2) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: IMAP Authentication  
> cancelled (errflg=2) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: SECURITY PROBLEM:  
> insecure server advertised AUTH=PLAIN (errflg=1) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: IMAP protocol error:  
> Client canceled authentication (errflg=2) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: IMAP Authentication  
> cancelled (errflg=2) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: SECURITY PROBLEM:  
> insecure server advertised AUTH=PLAIN (errflg=1) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: IMAP protocol error:  
> Client canceled authentication (errflg=2) in Unknown on line 0
> [24-Mar-2010 13:10:22] PHP Notice:  Unknown: IMAP Authentication  
> cancelled (errflg=2) in Unknown on line 0
>
>
> _______________________________________________
> Kolab-users mailing list
> Kolab-users at kolab.org
> https://kolab.org/mailman/listinfo/kolab-users
>



-- 
______ http://kdab.com _______________ http://kolab-konsortium.com _

p at rdus Kolab work is funded in part by KDAB and the Kolab Konsortium

____ http://www.pardus.de _________________ http://gunnarwrobel.de _
E-mail : p at rdus.de                                 Dr. Gunnar Wrobel
Tel.   : +49 700 6245 0000                          Bundesstrasse 29
Fax    : +49 721 1513 52322                          D-20146 Hamburg
--------------------------------------------------------------------
    >> Mail at ease - Rent a kolab groupware server at p at rdus <<
--------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.kolab.org/pipermail/users/attachments/20100326/dd206f3a/attachment.sig>


More information about the users mailing list