[kolab3.1][multi-domain] user authentication from users of 2nd domain does not work

hoagie hoagie at todes.net
Sun Feb 2 00:45:32 CET 2014


Hi Daniel,

That link was actually my starting point and I believe I followed all
steps correctly.

I actually WAS able to login in the beginning with the user of the 2nd
domain, however there was a problem that this user did not had a mailbox.

I saw then in the output of "kolab list-mailboxes" that this particular
user had some strange entries + certain default folders had not been
created.

So I deleted the user again in the webgui + manually deleted the user
with the kolab cli command. restarted the kolabd.
added the user again via webgui.

output of "kolab list-mailboxes" now shows a mailbox like any other
(working) user on the management domain.

and since THEN i could not login. :-/

probably it has something to do that whatever I configured via the
webgui does somehow not become synced with the directory server?

regards,
Hoagie



On 02.02.2014 00:44, hoagie wrote:
> On 02.02.2014 00:34, Daniel Hoffend wrote:
>> Hi Hoagie
>>
>> You've to modify the roundcube configuration to support multi domain
>> lookups/logins and various other parts of kolab to make them aware of
>> the multiple domains and the different used ldap directories (domain
>> part == different ldap user space == different organization)
>>
>> If you don't need separate name spaces (aka same company multiple
>> domains) just add them as additional domains to your main one.
>>
>> Please take at this howto:
>> http://docs.kolab.org/howtos/multi-domain.html
>>
>> For roundcube this is basically replacing things things like
>> "ou=People,dc=example,dc=org" with "ou=People,%dc", etc.
>>
>> Cyrus (remove canonfication) and Postfix (add additional lookup tables)
>> have similar bigger changes.
>>
>> Hope that helps
>>
>>
>> Regards
>> Daniel
>>
>> ------ Originalnachricht ------
>> Von: "hoagie" <hoagie at todes.net>
>> An: users at lists.kolab.org
>> Gesendet: 02.02.2014 00:12:36
>> Betreff: [kolab3.1][multi-domain] user authentication from users of 2nd
>> domain does not work
>>
>>> Hi Everybody,
>>>
>>> I hope someone can help me, i cannot find the cause of the problem.
>>>
>>> I have a multidomain setup and the problem is that users that I created
>>> for the second domain cannot login to roundcubemail.
>>>
>>> management domain = example.org
>>> 2nd domain = example.net (real 2nd domain, no alias).
>>>
>>>
>>> output from "cat /var/log/roundcubemail/imap" shows an authentication
>>> failure:
>>>
>>> [01-Feb-2014 23:50:38,000000 +0100]: [252F] C: A0004 AUTHENTICATE PLAIN
>>> <some-alphanumeric-long-code>
>>> [01-Feb-2014 23:50:41,000000 +0100]: [252F] S: A0004 NO authentication
>>> failure
>>>
>>>
>>> output from "cat /var/log/roundcubemail/userlogins" shows as well an
>>> error:
>>>
>>> [01-Feb-2014 23:50:41,000000 +0100]: Failed login for name at example.net
>>> from 10.0.0.4 in session mcbij4ac9vks4l3rrbr0lfj5v3 (error: 0)
>>>
>>>
>>> however the user does exist in LDAP (output from "cat
>>> /var/log/roundcubemail/ldap")
>>>
>>> [01-Feb-2014 23:50:38,000000 +0100]: C: Connect to localhost:389 [Kolab
>>> Auth]
>>> [01-Feb-2014 23:50:38,000000 +0100]: S: OK
>>> [01-Feb-2014 23:50:38,000000 +0100]: C: Bind
>>> uid=kolab-service,ou=Special Users,dc=example,dc=org [pass: **********]
>>> [01-Feb-2014 23:50:38,000000 +0100]: S: OK
>>> [01-Feb-2014 23:50:38,000000 +0100]: C: Search
>>> ou=People,dc=example,dc=net for
>>> (&(objectclass=inetorgperson)(|(uid=name)(mail=name at example.net)(alias=aliasname at example.net)))
>>>
>>> [01-Feb-2014 23:50:38,000000 +0100]: S: 1 record(s) found
>>> [01-Feb-2014 23:50:41,000000 +0100]: C: Close
>>>
>>>
>>> Something is not right as well in /etc/kolab/kolab.conf:
>>>
>>> # tail -f pykolab.log
>>> 2014-02-01 23:35:19,639 pykolab.conf WARNING Option ldap/auth_cache_uri
>>> does not exist in config file /etc/kolab/kolab.conf, pulling from
>>> defaults
>>> 2014-02-01 23:35:19,640 pykolab.conf WARNING Option does not exist in
>>> defaults.
>>> 2014-02-01 23:35:19,663 pykolab.conf WARNING Option imap/virtual_domains
>>> does not exist in config file /etc/kolab/kolab.conf, pulling from
>>> defaults
>>>
>>> and am getting an error as well here:
>>>
>>> # tail -f /var/log/dirsrv/slapd-civitas/errors
>>> [02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
>>> [ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
>>> [dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>>> users,dc=example,dc=org]
>>> [02/Feb/2014:00:00:26 +0100] NSACLPlugin - acllas__client_match_URL: url
>>> [ldap:///dc=example,dc=net??sub?(objectclass=*)] scope is subtree but dn
>>> [dc=example,dc=net] is not a suffix of [uid=kolab-service,ou=special
>>> users,dc=example,dc=org]
>>>
>>>
>>> and maillog shows a password verification error:
>>>
>>> # tail -f /var/log/maillog
>>> Feb 2 00:04:39 civitas imap[1869]: starttls: TLSv1 with cipher
>>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>>> Feb 2 00:04:39 civitas imap[1869]: client id: "name" "Roundcube"
>>> "version" "1.0-git" "php" "5.3.3" "os" "Linux" "command"
>>> "/roundcubemail/?_task=login"
>>> Feb 2 00:04:39 civitas imap[1869]: badlogin: localhost [::1] PLAIN
>>> [SASL(-13): authentication failure: Password verification failed]
>>>
>>>
>>>
>>> For any clues, notes or hints i´d be greatful.
>>>
>>> tnx.
>>>
>>> Regards,
>>> Hoagie
>>>
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users
>>
> 
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users
> 



More information about the users mailing list