Z-push and uid...
Christian Tardif
christian.tardif at servinfo.ca
Mon Oct 24 14:16:09 CEST 2011
On 24/10/2011 03:46, ABBAS Alain wrote:
> The Zpush module authenticate as the same way than Imap ( the parameters should be the same than
> your standard Email client Software
>
> You can Verify :
> 1) in the Z-push directory config.php
> Verify the dn and password of the nobody account
> (z-pusk makes a LDAP Request to find the User's Kolab server (kolabhomeserver))
> and then contact in IMAP that server
>
> 2) you can verify the credential directly to fire the activesync Url
The problem does not come with the IMAP request, but rather with the
first LDAP request (the one which searches for the User's Kolab server.
Actually, the LDAP request is only done with uid=email_addr, which does
not make sense as uid might be different from email_addr (which is
supported by Kolab and, as such, must be supported by z-push as well).
I've included parts of the LDAP logfile. The first log is when trying to
make z-push answer with the email address as login name. The second log
is when trying to make z-push answer with the uid as login name. And the
last one is a regular IMAP access with email address as login name.
Next is the search done by z-push when trying to connect with the email
address as login name. Note that it searches only with the email address
as uid, and stops after that.
=================================
slapd[14316]: conn=2 fd=12 ACCEPT from IP=127.0.0.1:56806 (IP=0.0.0.0:389)
slapd[14316]: conn=2 op=0 BIND
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=2 op=0 BIND
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=2 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=2 op=1 SRCH base="dc=servinfo,dc=stba" scope=2
deref=0 filter="(uid=bettyboob at servinfo.stba)"
slapd[14316]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[14316]: conn=2 op=2 UNBIND
slapd[14316]: conn=2 fd=12 closed
=================================
Here is the search done by z-push when trying to connect with the uid
(from the ldap directory) as login name. This works, but this is not
what's intended. The user, when configuring its client for push email,
will want to use its email address, not the "hidden" uid, as it may be
different (since Kolab allows to have these entries different).
=================================
slapd[14316]: conn=12 op=1 SRCH base="dc=servinfo,dc=stba" scope=2
deref=0 filter="(uid=boobboob)"
slapd[14316]: conn=12 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=12 op=2 UNBIND
slapd[14316]: conn=12 fd=20 closed
slapd[14316]: conn=13 fd=20 ACCEPT from IP=127.0.0.1:45897 (IP=0.0.0.0:389)
slapd[14316]: conn=13 op=0 BIND
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=13 op=0 BIND
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=13 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=13 op=1 SRCH base="dc=servinfo,dc=stba" scope=2
deref=3
filter="(&(|(mail=bettyboob at servinfo.stba)(mail=bettyboob)(uid=bettyboob at servinfo.stb
slapd[14316]: conn=13 op=1 SRCH attr=dn
slapd[14316]: conn=13 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=13 op=2 BIND anonymous mech=implicit ssf=0
slapd[14316]: conn=13 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba"
method=128
slapd[14316]: conn=13 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba"
mech=SIMPLE ssf=0
slapd[14316]: conn=13 op=2 RESULT tag=97 err=0 text=
slapd[14316]: conn=14 fd=21 ACCEPT from IP=127.0.0.1:45898 (IP=0.0.0.0:389)
slapd[14316]: conn=14 op=0 BIND
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=14 op=0 BIND
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=14 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=14 op=1 SRCH base="dc=servinfo,dc=stba" scope=2
deref=0 filter="(uid=boobboob)"
slapd[14316]: conn=14 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=14 op=2 UNBIND
slapd[14316]: conn=14 fd=21 closed
slapd[14316]: conn=9 op=5 SRCH base="dc=servinfo,dc=stba" scope=1
deref=0 filter="(&(objectClass=posixAccount)(uid=bettyboob at servinfo.stba))"
slapd[14316]: conn=9 op=5 SRCH attr=uid userPassword uidNumber gidNumber
cn homeDirectory loginShell gecos description objectClass
slapd[14316]: conn=9 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[14316]: conn=9 op=6 SRCH
base="ou=SmbComputers,cn=internal,dc=servinfo,dc=stba" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=bettyboob at servinfo.stba))
slapd[14316]: conn=9 op=6 SRCH attr=uid userPassword uidNumber gidNumber
cn homeDirectory loginShell gecos description objectClass
slapd[14316]: conn=9 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
=================================
The third example is what's get logged when using a regular email client
and email address as username. You'll see that it first check with
uid=email_addr, then (when no entry found) a slightly larger search
=================================
slapd[14316]: conn=21 op=1 SRCH base="dc=servinfo,dc=stba" scope=2
deref=0 filter="(uid=bettyboob at servinfo.stba)"
slapd[14316]: conn=21 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[14316]: conn=21 op=2 UNBIND
slapd[14316]: conn=21 fd=17 closed
slapd[14316]: conn=22 fd=17 ACCEPT from IP=127.0.0.1:39423 (IP=0.0.0.0:389)
slapd[14316]: conn=22 op=0 BIND
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=22 op=0 BIND
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=22 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=22 op=1 SRCH base="dc=servinfo,dc=stba" scope=2
deref=3
filter="(&(|(mail=bettyboob at servinfo.stba)(mail=bettyboob)(uid=bettyboob at servinfo.stba)(uid=bettyboob))(!(kolabDeleteflag=*)))"
slapd[14316]: conn=22 op=1 SRCH attr=dn
slapd[14316]: conn=22 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=22 op=2 BIND anonymous mech=implicit ssf=0
slapd[14316]: conn=22 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba"
method=128
slapd[14316]: conn=22 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba"
mech=SIMPLE ssf=0
slapd[14316]: conn=22 op=2 RESULT tag=97 err=0 text=
slapd[14316]: conn=19 op=7 SRCH base="dc=servinfo,dc=stba" scope=1
deref=0 filter="(&(objectClass=posixAccount)(uid=bettyboob at servinfo.stba))"
slapd[14316]: conn=19 op=7 SRCH attr=uid userPassword uidNumber
gidNumber cn homeDirectory loginShell gecos description objectClass
slapd[14316]: conn=19 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
=================================
--
Christian Tardif
More information about the users
mailing list