Re: [SOGo] Password change behavior
Also, maybe this will help. I get messages like this, when trying to open up other windows ... object not found: lpeter...@mydomain.com = Mail = 0 = folderINBOX = 1 = popupview object not found: lpeter...@mydomain.com = preferences object not found: lpeter...@mydomain.com = logoff Sometimes it works flawlessly without any logging off or on. Most of the time the problem is taken care of within 1 minute. Rarely, but sometimes, the issue takes over 3 minutes until the user can log back in again. No cookies or cache on the user's side are impacting this issue. Authentication and mail servers seem to work fine without any issue. I can only think there might be an issue within the SOGo database or cache? Thank you. ~Laz On Thursday, November 21, 2013 06:45 AM PST, Jean Raby jr...@inverse.ca wrote: On 13-11-21 6:45 AM, Jean Raby wrote: On 13-11-21 12:09 AM, Laz C. Peterson wrote: Yikes. Then if it shouldn’t matter, I’m sure there’s something else going on here. I'll test it. But why are you running with a 10 seconds cache expiration? that's really low. I think you're running with passwordpolicy enable in sogo, but the passowrdpolicy overlay is not enabled in openldap. Just disable password policy in your sogo user source and it will work properly. Also, you didn't provide your config file, it would have saved us time and trouble if you had... (finally, unless you have a good reason to set the cache cleanup interval so low, you're probably better off keeping it at its default value) -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password change behavior
Jean~ I cannot seem to figure this out for my life ... (Let's hope it doesn't kill me! Ha ha ha.) I know you are a busy man, but if you could point me in the right direction I would greatly appreciate it. Let me break down the summary of the issue. -- No other services are running on the server except for SOGo. Nothing aside from my config has been modified. -- User changes password, and password is immediately updated in the LDAP database as well as the Kerberos database. User can authenticate immediately to any Kerberos services as well as LDAP services using the new password. -- After closing Preferences window, about 70-80% of the time, clicking anywhere brings up the login page. -- If the login page does not show when clicking on any other SOGo link, all is well. -- If the login page does show, most of the time the user will still be unable to log on, even if the user goes to another computer and tries a new session. The only way I can describe the behavior here is that if the usual URL after a successful login is https://sogo.paravis.net/SOGo/so/lpeter...@mydomain.com/Mail/view, the URL after an unsuccessful login is simply https://sogo.paravis.net/SOGo/so/lpeterson. -- User must wait an undefined period of time, after which everything works again with the new password. I am going to try rebuilding a new server for testing purposes, but I can confirm that all LDAP and Kerberos authentication is working great. The password changes perfectly through SOGo. It seems though that SOGo has something cached in its memory that is not being renewed when the password changes. Or maybe it is receiving a response from the LDAP server that makes it confused. Which debug information should I focus my efforts on? Or how would you suggest troubleshooting? I am truly baffled. Thank you so much Jean. ~Laz On Thursday, November 21, 2013 06:45 AM PST, Jean Raby jr...@inverse.ca wrote: On 13-11-21 6:45 AM, Jean Raby wrote: On 13-11-21 12:09 AM, Laz C. Peterson wrote: Yikes. Then if it shouldn’t matter, I’m sure there’s something else going on here. I'll test it. But why are you running with a 10 seconds cache expiration? that's really low. I think you're running with passwordpolicy enable in sogo, but the passowrdpolicy overlay is not enabled in openldap. Just disable password policy in your sogo user source and it will work properly. Also, you didn't provide your config file, it would have saved us time and trouble if you had... (finally, unless you have a good reason to set the cache cleanup interval so low, you're probably better off keeping it at its default value) -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password change behavior
Jean, My apologies for no config file (now attached). I do have ppolicy enabled in the LDAP server, though I am also running another module called smbkrb5pwd which synchronizes/updates the user's Kerberos password as well. I am not sure if this has any effect, though it may. I can confirm that user changing password through SOGo preferences immediately updates both Kerberos and LDAP passwords successfully, and user can authenticate through Kerberos or LDAP with no issues using their new password with other services. As you can see, I have now disabled the manual setting of SOGoCacheCleanupInterval. I only had that set due to another post I had read, not because I felt I needed it. (Bad idea on my part.) The most interesting thing I have found is that when the issue happens, I am not able to log in using any browser for a period of time. I feel that changing SOGoCacheCleanupInterval to default affects this even more, though I really have no idea. SOGo authenticates successfully, but never makes it past the login screen. The URL that shows after attempted (successful?) login is https://sogo.myemaildomain.com/SOGo/lpeterson ... Not the usual https://sogo.myemaildomain.com/SOGo/so/lpeter...@myemaildomain.com/Mail/view. And if I type a bad password (for example, the old password), it does respond with incorrect password I am thinking there must be the old password cached somewhere between SOGo, LDAP, KDC, or IMAP, but the updated password works quickly for LDAP, KDC, and IMAP services. Relevant services along with SOGo 2.1.1 (Ubuntu 12.04.3) are OpenLDAP v2.4.28 (Ubuntu 12.04.3) and Dovecot v2.1.7 (Ubuntu 13.04). Today is a really bad day for me, but as soon as I get a chance, I am going to look into the smbkrb5pwd module that is running alongside ppolicy. I will gladly take any other suggestions, too. I do appreciate your help very much. If there is anything I can do to help provide more information, please let me know how I can do that. Thanks again Jean. This is a wonderful piece of software and I am very grateful for your efforts. ~Laz On Thursday, November 21, 2013 06:45 AM PST, Jean Raby jr...@inverse.ca wrote: On 13-11-21 6:45 AM, Jean Raby wrote: On 13-11-21 12:09 AM, Laz C. Peterson wrote: Yikes. Then if it shouldn’t matter, I’m sure there’s something else going on here. I'll test it. But why are you running with a 10 seconds cache expiration? that's really low. I think you're running with passwordpolicy enable in sogo, but the passowrdpolicy overlay is not enabled in openldap. Just disable password policy in your sogo user source and it will work properly. Also, you didn't provide your config file, it would have saved us time and trouble if you had... (finally, unless you have a good reason to set the cache cleanup interval so low, you're probably better off keeping it at its default value) -- users@sogo.nu https://inverse.ca/sogo/lists sogo.conf Description: Binary data
Re: [SOGo] Password change behavior
On 13-11-21 6:45 AM, Jean Raby wrote: On 13-11-21 12:09 AM, Laz C. Peterson wrote: Yikes. Then if it shouldn’t matter, I’m sure there’s something else going on here. I'll test it. But why are you running with a 10 seconds cache expiration? that's really low. I think you're running with passwordpolicy enable in sogo, but the passowrdpolicy overlay is not enabled in openldap. Just disable password policy in your sogo user source and it will work properly. Also, you didn't provide your config file, it would have saved us time and trouble if you had... (finally, unless you have a good reason to set the cache cleanup interval so low, you're probably better off keeping it at its default value) -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] Password change behavior
Can someone please fill me in on the expected behavior of SOGo after the user changes their password through preferences? My users, who can change their passwords just fine through the preferences, get stuck in SOGo after changing the password. It appears as if they are still logged in, but if they go to write a new message or click on a different feature (such as Calendar), they are presented with a login box. (At this point, they can log in fine using their new password.) I want to confirm that this is by design, or if there is something I need to look into. It seems that either the user should not have to relog in at all, or that the user should immediately be logged off and presented with a new login screen. Thanks for any help. ~Laz-- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password change behavior
I might add that the behavior I see in Safari works as I would expect — changing password simply changes password and leaves all other functions working as they were, including SOGo, email and calendar. FireFox, on the other hand, exhibits the behavior where the authentication gets broken and the website does not display or operate properly until user logs back in. Thanks for any help. ~Laz On Nov 20, 2013, at 1:16 PM, Laz C. Peterson l...@paravis.net wrote: Can someone please fill me in on the expected behavior of SOGo after the user changes their password through preferences? My users, who can change their passwords just fine through the preferences, get stuck in SOGo after changing the password. It appears as if they are still logged in, but if they go to write a new message or click on a different feature (such as Calendar), they are presented with a login box. (At this point, they can log in fine using their new password.) I want to confirm that this is by design, or if there is something I need to look into. It seems that either the user should not have to relog in at all, or that the user should immediately be logged off and presented with a new login screen. Thanks for any help. ~Laz-- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password change behavior
Jean, So I went to another computer of mine and tried both FireFox and Safari (sorry, no Windows systems here!) and neither worked properly. On my workstation, FireFox does not work, and in further testing, I noticed that Safari did not actually work every time. So I tried a little troubleshooting ... I changed my password and stayed in the “Preferences” screen for a little while before clicking out. If I stay for a little while without clicking, it seems to work! If I close out almost immediately after and try doing other things, I get an error message something like object not found: lpeter...@myemaildomain.com = Mail = 0 = compose”. I do have “SOGoCacheCleanupInterval” set to 10, if that makes any difference. Attached is the SOGo debug log when it does not work and the SOGo debug log when it does. I honestly don’t know the difference of what we’re looking at there. Maybe I can try and get some better-looking logs for you, just let me know how. Also, the latency and connection between all of the servers is great (0.3ms average) … Thanks again Jean. ~Laz -- users@sogo.nu https://inverse.ca/sogo/lists sogo.log-broken Description: Binary data sogo.log-working Description: Binary data On Nov 20, 2013, at 2:14 PM, Jean Raby jr...@inverse.ca wrote: On 13-11-20 4:16 PM, Laz C. Peterson wrote: Can someone please fill me in on the expected behavior of SOGo after the user changes their password through preferences? My users, who can change their passwords just fine through the preferences, get stuck in SOGo after changing the password. It appears as if they are still logged in, but if they go to write a new message or click on a different feature (such as Calendar), they are presented with a login box. (At this point, they can log in fine using their new password.) I want to confirm that this is by design, or if there is something I need to look into. It seems that either the user should not have to relog in at all, or that the user should immediately be logged off and presented with a new login screen. Can you explain or post your sogo configuration? Anything relevant in the logs? I just tested this with sogo using openldap as its auth backend and it works as designed. That is: when I change my password, I can still use sogo without having to log back in. Thanks for any help. ~Laz-- -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password change behavior
Jean, hello. You are correct, it does work just fine as you have designed. Which browser are you using? There was nothing abnormal in the logs, neither on the LDAP server nor the SOGo server. All looks good. This is not debug logging, however. Maybe you can try reproducing the problem. I have been primarily using FireFox lately, which is the browser that is not acting properly. After I sent my initial message, I decided to try Safari just for fun, and that worked *perfectly*. If you don’t use FireFox, would you mind trying that out and see if you get the same result? I’m a little confused as to why it would act that way. Possibly it is an issue on my specific workstation’s install of FireFox? Thanks for your response. Please let me know if there is any more information I can get for you. ~Laz On Nov 20, 2013, at 2:14 PM, Jean Raby jr...@inverse.ca wrote: On 13-11-20 4:16 PM, Laz C. Peterson wrote: Can someone please fill me in on the expected behavior of SOGo after the user changes their password through preferences? My users, who can change their passwords just fine through the preferences, get stuck in SOGo after changing the password. It appears as if they are still logged in, but if they go to write a new message or click on a different feature (such as Calendar), they are presented with a login box. (At this point, they can log in fine using their new password.) I want to confirm that this is by design, or if there is something I need to look into. It seems that either the user should not have to relog in at all, or that the user should immediately be logged off and presented with a new login screen. Can you explain or post your sogo configuration? Anything relevant in the logs? I just tested this with sogo using openldap as its auth backend and it works as designed. That is: when I change my password, I can still use sogo without having to log back in. Thanks for any help. ~Laz-- -- users@sogo.nu https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Password change behavior
On 13-11-20 7:55 PM, Laz C. Peterson wrote: I do have “SOGoCacheCleanupInterval” set to 10, if that makes any difference. Why is the cleanup interval set so low? It should work anyway, but I'm curious. Also, for the record, I was testing with chrome. (with the default cache cleanup interval: 300) -- users@sogo.nu https://inverse.ca/sogo/lists