[kolab3.1][multi-domain] user authentication from users of 2nd domain does not work

hoagie hoagie at todes.net
Sun Feb 2 00:44:43 CET 2014


On 02.02.2014 00:34, Daniel Hoffend wrote:
> Hi Hoagie
> 
> You've to modify the roundcube configuration to support multi domain
> lookups/logins and various other parts of kolab to make them aware of
> the multiple domains and the different used ldap directories (domain
> part == different ldap user space == different organization)
> 
> If you don't need separate name spaces (aka same company multiple
> domains) just add them as additional domains to your main one.
> 
> Please take at this howto:
> http://docs.kolab.org/howtos/multi-domain.html
> 
> For roundcube this is basically replacing things things like
> "ou=People,dc=example,dc=org" with "ou=People,%dc", etc.
> 
> Cyrus (remove canonfication) and Postfix (add additional lookup tables)
> have similar bigger changes.
> 
> Hope that helps
> 
> 
> Regards
> Daniel
> 
> ------ Originalnachricht ------
> Von: "hoagie" <hoagie at todes.net>
> An: users at lists.kolab.org
> Gesendet: 02.02.2014 00:12:36
> Betreff: [kolab3.1][multi-domain] user authentication from users of 2nd
> domain does not work
> 
>> Hi Everybody,
>>
>> I hope someone can help me, i cannot find the cause of the problem.
>>
>> I have a multidomain setup and the problem is that users that I created
>> for the second domain cannot login to roundcubemail.
>>
>> management domain = example.org
>> 2nd domain = example.net (real 2nd domain, no alias).
>>
>>
>> output from "cat /var/log/roundcubemail/imap" shows an authentication
>> failure:
>>
>> [01-Feb-2014 23:50:38,000000 +0100]: [252F] C: A0004 AUTHENTICATE PLAIN
>> <some-alphanumeric-long-code>
>> [01-Feb-2014 23:50:41,000000 +0100]: [252F] S: A0004 NO authentication
>> failure
>>
>>
>> output from "cat /var/log/roundcubemail/userlogins" shows as well an
>> error:
>>
>> [01-Feb-2014 23:50:41,000000 +0100]: Failed login for name at example.net
>> from 10.0.0.4 in session mcbij4ac9vks4l3rrbr0lfj5v3 (error: 0)
>>
>>
>> however the user does exist in LDAP (output from "cat
>> /var/log/roundcubemail/ldap")
>>
>> [01-Feb-2014 23:50:38,000000 +0100]: C: Connect to localhost:389 [Kolab
>> Auth]
>> [01-Feb-2014 23:50:38,000000 +0100]: S: OK
>> [01-Feb-2014 23:50:38,000000 +0100]: C: Bind
>> uid=kolab-service,ou=Special Users,dc=example,dc=org [pass: **********]
>> [01-Feb-2014 23:50:38,000000 +0100]: S: OK
>> [01-Feb-2014 23:50:38,000000 +0100]: C: Search
>> ou=People,dc=example,dc=net for
>> (&(objectclass=inetorgperson)(|(uid=name)(mail=name at example.net)(alias=aliasname at example.net)))
>>
>> [01-Feb-2014 23:50:38,000000 +0100]: S: 1 record(s) found
>> [01-Feb-2014 23:50:41,000000 +0100]: C: Close
>>
>>
>> Something is not right as well in /etc/kolab/kolab.conf:
>>
>> # tail -f pykolab.log
>> 2014-02-01 23:35:19,639 pykolab.conf WARNING Option ldap/auth_cache_uri
>> does not exist in config file /etc/kolab/kolab.conf, pulling from
>> defaults
>> 2014-02-01 23:35:19,640 pykolab.conf WARNING Option does not exist in
>> defaults.
>> 2014-02-01 23:35:19,663 pykolab.conf WARNING Option imap/virtual_domains
>> does not exist in config file /etc/kolab/kolab.conf, pulling from
>> defaults
>>
>> and am getting an error as well here:
>>
>> # tail -f /var/log/dirsrv/slapd-civitas/errors
>> [02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
>> [ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
>> [dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>> users,dc=example,dc=org]
>> [02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
>> [ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
>> [dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>> users,dc=example,dc=org]
>>
>>
>> and maillog shows a password verification error:
>>
>> # tail -f /var/log/maillog
>> Feb 2 00:04:39 civitas imap[1869]: starttls: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>> Feb 2 00:04:39 civitas imap[1869]: client id: "name" "Roundcube"
>> "version" "1.0-git" "php" "5.3.3" "os" "Linux" "command"
>> "/roundcubemail/?_task=login"
>> Feb 2 00:04:39 civitas imap[1869]: badlogin: localhost [::1] PLAIN
>> [SASL(-13): authentication failure: Password verification failed]
>>
>>
>>
>> For any clues, notes or hints i´d be greatful.
>>
>> tnx.
>>
>> Regards,
>> Hoagie
>>
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
> 



More information about the users mailing list