ptloader issues preventing login
webmaster at artturnip.co.uk
webmaster at artturnip.co.uk
Sat Feb 28 23:59:18 CET 2015
I've narrowed the problem down now to the LDAP lookup for the user failing.
In the dirsrv access logs below, it shows the successful search for the
domain but when it searches for the user it mangles the base and so is
unable to find it. Can anyone help me out with this? Also note that
ptloader completely fails for both new and existing users but I presume
there is some sort of 'cache' for logins that have already been canonified.
[28/Feb/2015:23:45:15 +0100] conn=101764 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn="uid=kolab-service,ou=special users,dc=example,dc=com"
[28/Feb/2015:23:45:15 +0100] conn=101764 op=1 SRCH
base="cn=kolab,cn=config" scope=2
filter="(&(objectClass=domainrelatedobject)(associatedDomain=example.com))"
attrs="associatedDomain inetDomainBaseDN"
[28/Feb/2015:23:45:15 +0100] conn=101764 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[28/Feb/2015:23:45:15 +0100] conn=101764 op=2 SRCH base="dc=example,*dc=c1*"
scope=2
filter="(|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=john.doe))(&(|(uid=john.doe)(mail=
john.doe at example.com)(mail=john.doe@))(objectClass=kolabinetorgperson)))"
attrs="1.1"
[28/Feb/2015:23:45:15 +0100] conn=101764 op=2 RESULT err=32 tag=101
nentries=0 etime=0
Thanks in advance,
Adam Turner
On Fri, Feb 27, 2015 at 10:16 PM, webmaster at artturnip.co.uk <
webmaster at artturnip.co.uk> wrote:
> Hi Franz,
>
> The problem exists with both existing and new users logging in. Even when
> existing users login it fails to canonify the username however it must just
> use a cached version instead.
>
> The problem seems to be an underlying issue with my Cyrus LDAP config
> because ptloader worked before (And I forgot to take a backup)
>
> Adam
> On 26 Feb 2015 17:22, "Franz Skale" <i.bin at dah.am> wrote:
>
>>
>>
>>
>> Hi,
>> the problem still exists.
>> If ploader crashes on creating a new mailbox, you have to recreate it
>> though.
>> I have the problem on every 3rd mailbox creation.
>> It's really a showstopper, so i'm reading the source to get a static
>> mapping working. (like manually edit the file).
>> Read the post on ptloaderer segfault.
>>
>> My reply from dec. 2014 once again:
>>
>> Hi,
>> do you have updates on this issus ?
>> I have the same problem now with the "stable" editon of kolab.
>> I upgraded cyrus to the newest git and now it works, but after i add one
>> kolab the same problem occurs.
>> For now, my workaround is quite unusal, but perhaps you've a better
>> solution.
>>
>> 1.) service stop kolab-server
>> 2.) I delete the failed mailbox with ldapdelete:
>> /usr/lib/mozldap/ldapdelete -D cn="Directory Manager" -w xxxxxxxx
>> uid=deaduser,ou=People,dc=example,dc=org
>> 3.) delete the failed mailbox:
>> kolab dm user/deaduser at example.org
>> 4.) service stop cyrus-imapd (killing the idled)
>> 5.) service start cyrus-imapd
>> Check, that there's no error visible in the imapd.log
>> 6.) service kolab-server start
>> 7.) recreating the user.
>> It works for another user, than i have to do it all over again for the
>> new user.
>>
>> The problem seems to be ptclient interaction with dirsrv389.
>>
>> Rgds.
>>
>> Franz
>>
>>
>>
>>
>>
>>
>>
>> Am 26.02.15 um 17:53 schrieb webmaster at artturnip.co.uk:
>>
>> Hello!
>>
>> After about two hours of googling and fiddling around, I'm still having
>> a problem with users logging in. The issue seems to be with ptloader which
>> refuses to work... Below is an excerpt from mail.log and my imapd.conf
>>
>> The situation:
>> (Attempted) multi domain setup however only one works.
>> Debian 7
>> Kolab 3.3
>>
>> imap.conf:
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> admins: cyrus-admin
>> sievedir: /var/lib/imap/sieve
>> sendmail: /usr/sbin/sendmail
>> sasl_pwcheck_method: auxprop saslauthd
>> sasl_mech_list: PLAIN LOGIN
>> allowplaintext: no
>> tls_cert_file: /etc/ssl/certs/example.crt
>> tls_key_file: /etc/ssl/private/example.key
>> tls_ca_file: /etc/ssl/certs/example.ca-chain.pem
>> # uncomment this if you're operating in a DSCP environment (RFC-4594)
>> # qosmarking: af13
>> auth_mech: pts
>> pts_module: ldap
>> ldap_servers: ldaps://localhost:636
>> ldap_sasl: 0
>> ldap_base: dc=example,dc=com
>> ldap_bind_dn: uid=kolab-service,ou=Special Users,dc=example,dc=com
>> ldap_domain_base_dn: cn=kolab,cn=config
>> ldap_domain_filter:
>> (&(objectclass=domainrelatedobject)(associateddomain=%s))
>> ldap_domain_name_attribute: associatedDomain
>> ldap_domain_result_attribute: inetdomainbasedn
>> ldap_domain_scope: sub
>> ldap_password: ***
>> ldap_filter:
>> (|(&(|(uid=cyrus-admin)(uid=cyrus-murder))(uid=%U))(&(|(uid=%U)(mail=%U@
>> %d)(mail=%U@%r))(objectclass=kolabinetorgperson)))
>> ldap_user_attribute: mail
>> ldap_group_base: ou=groups,ou=people,dc=example,dc=com
>> ldap_group_filter:
>> (&(cn=%u)(objectclass=ldapsubentry)(objectclass=nsroledefinition))
>> ldap_group_scope: one
>> ldap_member_base: ou=groups,ou=people,dc=example,dc=com
>> ldap_member_method: attribute
>> ldap_member_attribute: nsrole
>> ldap_restart: 1
>> ldap_timeout: 10
>> ldap_time_limit: 10
>> unixhierarchysep: 1
>> virtdomains: userid
>> annotation_definitions: /etc/imapd.annotations.conf
>> sieve_extensions: fileinto reject envelope body vacation imapflags notify
>> include regex subaddress relational copy
>> allowallsubscribe: 0
>> allowusermoves: 1
>> altnamespace: 0
>> hashimapspool: 1
>> anysievefolder: 1
>> fulldirhash: 0
>> sieveusehomedir: 0
>> sieve_allowreferrals: 0
>> lmtp_downcase_rcpt: 1
>> lmtp_fuzzy_mailbox_match: 1
>> username_tolower: 1
>> deletedprefix: DELETED
>> delete_mode: delayed
>> expunge_mode: delayed
>> flushseenstate: 1
>> postuser: postuser
>>
>> mail.log:
>> Feb 26 17:22:41 webmail imaps[22032]: starttls: TLSv1.2 with cipher
>> DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
>> Feb 26 17:22:41 webmail ptloader[22040]: starting: ptloader.c,v git2.5+0
>> Feb 26 17:22:41 webmail imaps[22032]: ptload(): bad response from
>> ptloader server: identifier not found
>> Feb 26 17:22:41 webmail imaps[22032]: ptload completely failed: unable to
>> canonify identifier: john.smith at example.com
>> Feb 26 17:22:41 webmail imaps[22032]: SASL bad userid authenticated
>> Feb 26 17:22:41 webmail imaps[22032]: badlogin: localhost [127.0.0.1]
>> PLAIN [SASL(-13): authentication failure: bad userid authenticated]
>> Feb 26 17:22:44 webmail imaps[21999]: starttls: TLSv1.2 with cipher
>> DHE-RSA-AES256-GCM-SHA384 (256/256 bits new) no authentication
>> Feb 26 17:22:45 webmail imaps[21999]: ptload(): empty response from
>> ptloader server
>> Feb 26 17:22:45 webmail imaps[21999]: ptload completely failed: unable to
>> canonify identifier: john.smith at example.com
>>
>>
>>
>>
>> _______________________________________________
>> users mailing listusers at lists.kolab.orghttps://lists.kolab.org/mailman/listinfo/users
>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20150228/c4234bf6/attachment.html>
More information about the users
mailing list