Z-push and uid...

Christian Tardif christian.tardif at servinfo.ca
Mon Oct 24 14:16:09 CEST 2011


On 24/10/2011 03:46, ABBAS Alain wrote:
> The Zpush module authenticate as the same way than Imap ( the parameters should be the same than
> your standard Email client Software
>
> You can Verify :
> 1) in the Z-push directory config.php
> Verify the dn and password of the nobody account
> (z-pusk makes a LDAP Request to find the User's Kolab server (kolabhomeserver))
> and then contact in IMAP that server
>
> 2) you can verify the credential directly to fire the activesync Url

The problem does not come with the IMAP request, but rather with the 
first LDAP request (the one which searches for the User's Kolab server. 
Actually, the LDAP request is only done with uid=email_addr, which does 
not make sense as uid might be different from email_addr (which is 
supported by Kolab and, as such, must be supported by z-push as well).

I've included parts of the LDAP logfile. The first log is when trying to 
make z-push answer with the email address as login name. The second log 
is when trying to make z-push answer with the uid as login name. And the 
last one is a regular IMAP access with email address as login name.

Next is the search done by z-push when trying to connect with the email 
address as login name. Note that it searches only with the email address 
as uid, and stops after that.

=================================
slapd[14316]: conn=2 fd=12 ACCEPT from IP=127.0.0.1:56806 (IP=0.0.0.0:389)
slapd[14316]: conn=2 op=0 BIND 
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=2 op=0 BIND 
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=2 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=2 op=1 SRCH base="dc=servinfo,dc=stba" scope=2 
deref=0 filter="(uid=bettyboob at servinfo.stba)"
slapd[14316]: conn=2 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[14316]: conn=2 op=2 UNBIND
slapd[14316]: conn=2 fd=12 closed
=================================

Here is the search done by z-push when trying to connect with the uid 
(from the ldap directory) as login name. This works, but this is not 
what's intended. The user, when configuring its client for push email, 
will want to use its email address, not the "hidden" uid, as it may be 
different (since Kolab allows to have these entries different).

=================================
slapd[14316]: conn=12 op=1 SRCH base="dc=servinfo,dc=stba" scope=2 
deref=0 filter="(uid=boobboob)"
slapd[14316]: conn=12 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=12 op=2 UNBIND
slapd[14316]: conn=12 fd=20 closed
slapd[14316]: conn=13 fd=20 ACCEPT from IP=127.0.0.1:45897 (IP=0.0.0.0:389)
slapd[14316]: conn=13 op=0 BIND 
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=13 op=0 BIND 
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=13 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=13 op=1 SRCH base="dc=servinfo,dc=stba" scope=2 
deref=3 
filter="(&(|(mail=bettyboob at servinfo.stba)(mail=bettyboob)(uid=bettyboob at servinfo.stb
slapd[14316]: conn=13 op=1 SRCH attr=dn
slapd[14316]: conn=13 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=13 op=2 BIND anonymous mech=implicit ssf=0
slapd[14316]: conn=13 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba" 
method=128
slapd[14316]: conn=13 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba" 
mech=SIMPLE ssf=0
slapd[14316]: conn=13 op=2 RESULT tag=97 err=0 text=
slapd[14316]: conn=14 fd=21 ACCEPT from IP=127.0.0.1:45898 (IP=0.0.0.0:389)
slapd[14316]: conn=14 op=0 BIND 
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=14 op=0 BIND 
dn="cn=nobody,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=14 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=14 op=1 SRCH base="dc=servinfo,dc=stba" scope=2 
deref=0 filter="(uid=boobboob)"
slapd[14316]: conn=14 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=14 op=2 UNBIND
slapd[14316]: conn=14 fd=21 closed
slapd[14316]: conn=9 op=5 SRCH base="dc=servinfo,dc=stba" scope=1 
deref=0 filter="(&(objectClass=posixAccount)(uid=bettyboob at servinfo.stba))"
slapd[14316]: conn=9 op=5 SRCH attr=uid userPassword uidNumber gidNumber 
cn homeDirectory loginShell gecos description objectClass
slapd[14316]: conn=9 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[14316]: conn=9 op=6 SRCH 
base="ou=SmbComputers,cn=internal,dc=servinfo,dc=stba" scope=1 deref=0 
filter="(&(objectClass=posixAccount)(uid=bettyboob at servinfo.stba))
slapd[14316]: conn=9 op=6 SRCH attr=uid userPassword uidNumber gidNumber 
cn homeDirectory loginShell gecos description objectClass
slapd[14316]: conn=9 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text=
=================================

The third example is what's get logged when using a regular email client 
and email address as username. You'll see that it first check with 
uid=email_addr, then (when no entry found) a slightly larger search

=================================
slapd[14316]: conn=21 op=1 SRCH base="dc=servinfo,dc=stba" scope=2 
deref=0 filter="(uid=bettyboob at servinfo.stba)"
slapd[14316]: conn=21 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[14316]: conn=21 op=2 UNBIND
slapd[14316]: conn=21 fd=17 closed
slapd[14316]: conn=22 fd=17 ACCEPT from IP=127.0.0.1:39423 (IP=0.0.0.0:389)
slapd[14316]: conn=22 op=0 BIND 
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" method=128
slapd[14316]: conn=22 op=0 BIND 
dn="cn=manager,cn=internal,dc=servinfo,dc=stba" mech=SIMPLE ssf=0
slapd[14316]: conn=22 op=0 RESULT tag=97 err=0 text=
slapd[14316]: conn=22 op=1 SRCH base="dc=servinfo,dc=stba" scope=2 
deref=3 
filter="(&(|(mail=bettyboob at servinfo.stba)(mail=bettyboob)(uid=bettyboob at servinfo.stba)(uid=bettyboob))(!(kolabDeleteflag=*)))"
slapd[14316]: conn=22 op=1 SRCH attr=dn
slapd[14316]: conn=22 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[14316]: conn=22 op=2 BIND anonymous mech=implicit ssf=0
slapd[14316]: conn=22 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba" 
method=128
slapd[14316]: conn=22 op=2 BIND dn="cn=Betty Boob,dc=servinfo,dc=stba" 
mech=SIMPLE ssf=0
slapd[14316]: conn=22 op=2 RESULT tag=97 err=0 text=
slapd[14316]: conn=19 op=7 SRCH base="dc=servinfo,dc=stba" scope=1 
deref=0 filter="(&(objectClass=posixAccount)(uid=bettyboob at servinfo.stba))"
slapd[14316]: conn=19 op=7 SRCH attr=uid userPassword uidNumber 
gidNumber cn homeDirectory loginShell gecos description objectClass
slapd[14316]: conn=19 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text=
=================================

-- 
Christian Tardif




More information about the users mailing list