[kolab3.1][multi-domain] user authentication from users of 2nd domain does not work

hoagie hoagie at todes.net
Sun Feb 2 00:12:36 CET 2014


Hi Everybody,

I hope someone can help me, i cannot find the cause of the problem.

I have a multidomain setup and the problem is that users that I created
for the second domain cannot login to roundcubemail.

management domain = example.org
2nd domain = example.net (real 2nd domain, no alias).


output from "cat /var/log/roundcubemail/imap" shows an authentication
failure:

[01-Feb-2014 23:50:38,000000 +0100]: [252F] C: A0004 AUTHENTICATE PLAIN
<some-alphanumeric-long-code>
[01-Feb-2014 23:50:41,000000 +0100]: [252F] S: A0004 NO authentication
failure


output from "cat /var/log/roundcubemail/userlogins" shows as well an error:

[01-Feb-2014 23:50:41,000000 +0100]: Failed login for name at example.net
from 10.0.0.4 in session mcbij4ac9vks4l3rrbr0lfj5v3 (error: 0)


however the user does exist in LDAP (output from "cat
/var/log/roundcubemail/ldap")

[01-Feb-2014 23:50:38,000000 +0100]: C: Connect to localhost:389 [Kolab
Auth]
[01-Feb-2014 23:50:38,000000 +0100]: S: OK
[01-Feb-2014 23:50:38,000000 +0100]: C: Bind
uid=kolab-service,ou=Special Users,dc=example,dc=org [pass: **********]
[01-Feb-2014 23:50:38,000000 +0100]: S: OK
[01-Feb-2014 23:50:38,000000 +0100]: C: Search
ou=People,dc=example,dc=net for
(&(objectclass=inetorgperson)(|(uid=name)(mail=name at example.net)(alias=aliasname at example.net)))
[01-Feb-2014 23:50:38,000000 +0100]: S: 1 record(s) found
[01-Feb-2014 23:50:41,000000 +0100]: C: Close


Something is not right as well in /etc/kolab/kolab.conf:

# tail -f pykolab.log
2014-02-01 23:35:19,639 pykolab.conf WARNING Option ldap/auth_cache_uri
does not exist in config file /etc/kolab/kolab.conf, pulling from defaults
2014-02-01 23:35:19,640 pykolab.conf WARNING Option does not exist in
defaults.
2014-02-01 23:35:19,663 pykolab.conf WARNING Option imap/virtual_domains
does not exist in config file /etc/kolab/kolab.conf, pulling from defaults

and am getting an error as well here:

# tail -f /var/log/dirsrv/slapd-civitas/errors
[02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
[ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
[dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
users,dc=example,dc=org]
[02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
[ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
[dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
users,dc=example,dc=org]


and maillog shows a password verification error:

# tail -f /var/log/maillog
Feb  2 00:04:39 civitas imap[1869]: starttls: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Feb  2 00:04:39 civitas imap[1869]: client id: "name" "Roundcube"
"version" "1.0-git" "php" "5.3.3" "os" "Linux" "command"
"/roundcubemail/?_task=login"
Feb  2 00:04:39 civitas imap[1869]: badlogin: localhost [::1] PLAIN
[SASL(-13): authentication failure: Password verification failed]



For any clues, notes or hints i´d be greatful.

tnx.

Regards,
Hoagie



More information about the users mailing list