New user login problems

Axel ar at xlrs.de
Sat Apr 23 00:32:07 CEST 2016 

Hi,

i experience login problems with new created users.
There's a thread on the german list with no further help and I already 
tried to debug and solve this problem as described in the 
troubleshooting guide and Google with no luck. Perhaps can anyone point 
me to the right direction...

System:

Centos 7 with these packages
389-ds-base.x86_64  1.3.4.0-29.el7_2  @updates
cyrus-imapd.x86_64  2.5-108.3.el7.kolab_3.4  @Kolab_3.4_Updates
kolab.noarch  3.1.9-3.4.el7.kolab_3.4  @Kolab_3.4_Updates
roundcubemail.noarch  1.1.4-4.11.el7.kolab_3.4  @Kolab_3.4_Updates


Situation:
Create an user in Kolab Webadmin and it doesn't matter whether I chose 
"Kolab User" or "Mail enabled Kolab user".

Login to Roundcube not possible according to the logs

===
/var/log/roundcubemail/userlogins

[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> Failed login for 
name.surname at domain.tld from 10.100.10.2(X-Real-IP: 
1.2.3.4,X-Forwarded-For: 1.2.3.4) in session 9eis8qgu8eokcsiaf2cjjfvbd7 
(error: 0)

===
/var/log/roundcubemail/imap

[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: * OK 
[CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED] 
kolab.domain.tld Cyrus IMAP git2.5+0-Kolab-2.5-108.3.el7.kolab_3.4 
server ready
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] C: A0001 STARTTLS
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: A0001 OK Begin 
TLS negotiation now
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] C: A0002 
CAPABILITY
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: * CAPABILITY 
IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA MAILBOX-REFERRALS 
NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY 
CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY SORT=UID 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE 
ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS 
WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE 
URLAUTH URLAUTH=BINARY X-NETSCAPE AUTH=PLAIN AUTH=LOGIN SASL-IR 
COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE 
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: A0002 OK 
Completed
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] C: A0003 ID 
("name" "Roundcube" "version" "1.1.4" "php" "5.4.16" "os" "Linux" 
"command" "/roundcubemail/?_task=login")
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: * ID ("name" 
"Cyrus IMAPD" "version" "git2.5+0-Kolab-2.5-108.3.el7.kolab_3.4 " 
"vendor" "Project Cyrus" "support-url" "http://www.cyrusimap.org" "os" 
"Linux" "os-version" "3.10.0-327.13.1.el7.x86_64" "environment" "Built 
w/Cyrus SASL 2.1.26; Running w/Cyrus SASL 2.1.26; Built w/OpenSSL 
1.0.1e-fips 11 Feb 2013; Running w/OpenSSL 1.0.1e-fips 11 Feb 2013; 
Built w/zlib 1.2.7; Running w/zlib 1.2.7; CMU Sieve 2.4; TCP Wrappers; 
NET-SNMP; mmap = shared; lock = fcntl; nonblock = fcntl; idle = idled")
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: A0003 OK 
Completed
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] C: A0004 
AUTHENTICATE PLAIN ****** [45]
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: A0004 OK 
[CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ 
SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES 
ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS 
LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE 
CREATE-SPECIAL-USE URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED 
COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE 
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (tls 
protection) 
SESSIONID=<kolab.domain.tld-23872-1461362875-1-4100288112662633837>
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] C: A0005 
NAMESPACE
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: * NAMESPACE 
(("" "/")) (("Other Users/" "/")) (("Shared Folders/" "/"))
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: A0005 OK 
Completed
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] C: A0006 LOGOUT
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: * BYE LOGOUT 
received
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> [DEAB] S: A0006 OK 
Completed

===
/var/log/roundcubemail/ldap

[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> C: Connect 
[localhost:389]
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> S: OK
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> C: Bind [dn: 
uid=kolab-service,ou=Special Users,dc=domain,dc=tld]
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> S: OK
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> C: Search base dn: 
[ou=People,dc=domain,dc=tld] scope [sub] with filter 
[(&(objectClass=kolabInetOrgPerson)(|(uid=name)(mail=name at domain.tld)(alias=name at domain.tld)))]
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> Using function 
ldap_search on scope sub ($ns_function is ldap_search)
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> C: (Without VLV) Setting 
a filter of 
(&(objectClass=kolabInetOrgPerson)(|(uid=name)(mail=name at domain.tld)(alias=name at domain.tld)))
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> Executing search with 
return attributes: array (
   0 => 'displayname',
   1 => 'mail',
   2 => 'alias',
   3 => 'nsroledn',
   4 => 'uid',
)
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> S: 1 record(s) found
[23-Apr-2016 00:07:55,000000 +0200]: <9eis8qgu> C: Close


Although the user seems to get a correct LDAP entry and a mailbox:

===
* ~# ldapsearch -D "uid=kolab-service,ou=Special Users,dc=domain,dc=tld" 
-w password -b "ou=People,dc=domain,dc=tld" uid=name

# extended LDIF
#
# LDAPv3
# base <dc=domain,dc=tld> with scope subtree
# filter: uid=name
# requesting: ALL
#

# name, People, domain.tld
dn: uid=name,ou=People,dc=domain,dc=tld
alias: j.name at domain.tld
alias: name at domain.tld
givenName: Name
kolabInvitationPolicy: ACT_MANUAL
loginShell: /usr/bin/zsh
mailQuota: 4194304
preferredLanguage: en_US
sn: Surname
cn: Name Surname
displayName: Surname, Name
gidNumber: 1002
homeDirectory: /home/name
mail: name.surname at domain.tld
uid: name
uidNumber: 1002
objectClass: inetorgperson
objectClass: kolabinetorgperson
objectClass: mailrecipient
objectClass: organizationalperson
objectClass: person
objectClass: posixaccount
objectClass: top
mailHost: localhost

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

===
* ~# kolab lm "user/name.surname at domain.tld"
user/name.surname at domain.tld

* ~# kolab list-mailbox-metadata user/name.surname at domain.tld
Folder user/jana.tasch at xlrs.intern
   /shared/vendor/cmu/cyrus-imapd/partition          default
   /shared/vendor/cmu/cyrus-imapd/lastupdate         22-Apr-2016 23:15:50 
+0200
   /shared/vendor/cmu/cyrus-imapd/duplicatedeliver   false
   /shared/vendor/cmu/cyrus-imapd/pop3newuidl        true
   /shared/vendor/cmu/cyrus-imapd/size               0
   /shared/vendor/cmu/cyrus-imapd/sharedseen         false
   /shared/vendor/cmu/cyrus-imapd/uniqueid           
12345678-acc7-4ec7-b564-12345678

===
* cyrus at localhost ~# cyradm -u cyrus-admin localhost

lm user/name.surname at domain.tld
user/name.surname at domain.tld (\HasChildren)

lam user/name.surname at domain.tld
name.surname at domain.tld lrswipkxtecdan


What's the next step? Where should I look next?

THX

* 
https://docs.kolab.org/administrator-guide/verifying-the-installation.html

More information about the users mailing list