[RCU] LDAP address book - problem with groups

2018-02-09 Thread Franta Hanzlík 
Hi,
new to Roundcube, I have still some confusion about configuring the LDAP
address book. Please, is somewhere a little detailed description of the
configuration scenarios and individual options?

Now I have something as this (found somewhere on the net):

$config['ldap_public']['public'] = array(
'name'  => 'Public LDAP Addressbook',
'hosts' => array('ldap.mydomain'),
'base_dn'   => 'o=spse',
'bind_dn'   => 'cn=binduser,o=myorg',
'bind_pass' => 'binduseracces',
'filter'=> '(&(objectClass=inetOrgPerson)(cn=z*))',
'sort'  => 'sn',
'global_search' => true,
'fuzzy_search'  => true,
'groups'=> array(
'base_dn' => '',
'mail'=> '{Mail-Address}@mydomain.com',
'filter'  => '(&(objectClass=groupOfNames)(Mail-Address=*))',
'object_classes'  => array("top", "groupOfNames"),
'class_member_attr' => array(
  'groupofnames'   => 'member',
  'groupofuniquenames' => 'uniquemember'
),
),
'name_field' => 'uid',
'email_field' => 'mail',
'surname_field' => 'sn',
'firstname_field' => 'givenName',
'scope' => 'sub'
);

and although as I understand the description for individual people, I do
not even understand the description of groups - whole this block:

'groups'=> array(
'base_dn' => '',
'mail'=> '{Mail-Address}@mydomain.com',
'filter'  => '(&(objectClass=groupOfNames)(Mail-Address=*))',
'object_classes'  => array("top", "groupOfNames"),
'class_member_attr' => array(
  'groupofnames'   => 'member',
  'groupofuniquenames' => 'uniquemember'
),
),

- why it is included just where it is?
- what is meant by:

 'object_classes'  => array("top", "groupOfNames"),

? what is block:

'class_member_attr' => array(
  'groupofnames'   => 'member',
  'groupofuniquenames' => 'uniquemember'
),

In spite of all the confusion, RC puts something out. But what bothers
 me and I need to have it differently:

- when in new mail I write recipient address, autocompletion offers me
the required group. But when I click on it, in the address bar appears
no single address (groupname@mydomain), but mail addresses of all group
members! What with this?

- in address book menu, I want to display group names (as is now), but
not their members (or at least not to all RC users).
Is this possible somehow?

I'm trying Roundcube version 1.3.4, LDAP DB is some commercial one with
schema roughly corresponding with Openldap core, and groups are defined
as:

dn: cn=_groupName_,ou=Groups,o=myorg
Mail-Address: _groupName_
objectClass: groupOfNames
objectClass: Top
objectClass: Mail-Group
member: cn=_user1_,ou=XX,o=myorg
member: cn=_user2_,ou=YY,o=myorg
...
cn: _groupName_

(there isn't complete mail address - only part before '@'. All groups
in addressbook are in one domain)

Thanks in advance for your help!
Franta Hanzlik
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Security issue (possible?) (was: RE: Unknown user in users table, very odd, possible security hole)

2018-02-09 Thread Jorge Bastos 
> did you check if there is a matching logon on your imap server?
Yes, the domains that I'm referring to are not hosted here, somewhere else,

  maybe
> enable password logging if you can and log in as his user and see what
> he sees? 
Hum which setting is this? Can't find nothing for logs related to password's

 did you confirm that your roundcube is configured to use the
> correct imap server?
Well yes, but now i'm thinking, i have the imap server set to be dynamic
it's filled with:

mail. + domain.tld

ok this option in Roundcube is grrreeeaaattt, but I think it makes people
use my server for webmail! Damn!

How would I tell Roundcube, to connect just to my ip's?
I could do this via iptables but is some shared hosting user wants to
connect to any imap server he would be blocked

> -Original Message-
> From: Computerisms Corporation [mailto:b...@computerisms.ca]
> Sent: sexta-feira, 9 de Fevereiro de 2018 17:13
> To: Roundcube Users mailing list; Jorge Bastos
> Subject: Re: [RCU] Security issue (possible?) (was: RE: Unknown user in
> users table, very odd, possible security hole)
> 
> did you check if there is a matching logon on your imap server?  maybe
> enable password logging if you can and log in as his user and see what
> he sees?  did you confirm that your roundcube is configured to use the
> correct imap server?
> 
> On 2018-02-09 01:33 AM, Jorge Bastos wrote:
> > Ok, another login just right now:
> >
> > Feb  9 09:25:41 fastweb roundcube:  Successful login for
> > do...@adhigunaputera.com (ID: 100412) from 110.136.11.0 in session
> > sm6djv7vh6oplo694nff7ng2rp
> >
> > Alec, can you help debugging this?
> >
> > *From:*users-boun...@lists.roundcube.net
> > [mailto:users-boun...@lists.roundcube.net] *On Behalf Of *Jorge
> Bastos
> > *Sent:* 9 de fevereiro de 2018 09:18
> > *To:* 'Roundcube Users mailing list' 
> > *Subject:* [RCU] Security issue (possible?) (was: RE: Unknown user in
> > users table, very odd, possible security hole)
> >
> > ALEC!!!
> >
> > There’s some security problem in RC I believe!
> >
> > Check this:
> >
> > Feb  9 01:46:44 fastweb roundcube:  Successful login for
> > do...@adhigunaputera.com  (ID:
> > 100412) from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb
> >
> > This user doesn’t belong to any of the IMAP accounts, how was he able
> > to login?
> >
> > After the login, there’s some login failed lines:
> >
> > Feb  9 02:47:27 fastweb roundcube:  IMAP Error: Login
> failed
> > for do...@adhigunaputera.com  from
> > 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
> >
> /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php
> > on line 196 (POST /webmail/?_task=mail&_action=refresh)
> >
> > Feb  9 02:48:37 fastweb roundcube:  IMAP Error: Login
> failed
> > for do...@adhigunaputera.com  from
> > 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
> >
> /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php
> > on line 196 (POST /webmail/?_task=mail&_action=refresh)
> >
> > Feb  9 02:49:47 fastweb roundcube:  IMAP Error: Login
> failed
> > for do...@adhigunaputera.com  from
> > 110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
> >
> /home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php
> > on line 196 (POST /webmail/?_task=mail&_action=refresh
> >
> > (funny the IP is the network IP)
> >
> > What’s the best place to move forward with investigation with this
> > issue, here or dev list?
> >
> > Could you assist me on this?
> >
> > Thank you in advanced,
> >
> > *From:*users-boun...@lists.roundcube.net
> > 
> > [mailto:users-boun...@lists.roundcube.net] *On Behalf Of *Hannu
> > Hirvonen
> > *Sent:* 8 de fevereiro de 2018 20:43
> > *To:* users@lists.roundcube.net 
> > *Subject:* Re: [RCU] Unknown user in users table, very odd, possible
> > security hole
> >
> > On 08.02.2018 22:34, Jorge Bastos wrote:
> >
> > Not in there but you made me remind about:
> >
> > // Log successful/failed logins to /userlogins or to
> > syslog
> >
> > That's why I said "something like ...", might have been a bit
> clearer,
> > of course :-)
> >
> > --
> >
> >    Hannu Hirvonen (h...@uwasa.fi
> > ,http://www.uwasa.fi/~hh/)
> >
> >    Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA,
> > Finland
> >
> >
> >
> > ___
> > Roundcube Users mailing list
> > users@lists.roundcube.net
> > http://lists.roundcube.net/mailman/listinfo/users
> >
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Security issue (possible?) (was: RE: Unknown user in users table, very odd, possible security hole)

2018-02-09 Thread Computerisms Corporation 
did you check if there is a matching logon on your imap server?  maybe 
enable password logging if you can and log in as his user and see what 
he sees?  did you confirm that your roundcube is configured to use the 
correct imap server?


On 2018-02-09 01:33 AM, Jorge Bastos wrote:

Ok, another login just right now:

Feb  9 09:25:41 fastweb roundcube:  Successful login for 
do...@adhigunaputera.com (ID: 100412) from 110.136.11.0 in session 
sm6djv7vh6oplo694nff7ng2rp


Alec, can you help debugging this?

*From:*users-boun...@lists.roundcube.net 
[mailto:users-boun...@lists.roundcube.net] *On Behalf Of *Jorge Bastos

*Sent:* 9 de fevereiro de 2018 09:18
*To:* 'Roundcube Users mailing list' 
*Subject:* [RCU] Security issue (possible?) (was: RE: Unknown user in 
users table, very odd, possible security hole)


ALEC!!!

There’s some security problem in RC I believe!

Check this:

Feb  9 01:46:44 fastweb roundcube:  Successful login for 
do...@adhigunaputera.com  (ID: 100412) 
from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb


This user doesn’t belong to any of the IMAP accounts, how was he able to 
login?


After the login, there’s some login failed lines:

Feb  9 02:47:27 fastweb roundcube:  IMAP Error: Login failed 
for do...@adhigunaputera.com  from 
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in 
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php 
on line 196 (POST /webmail/?_task=mail&_action=refresh)


Feb  9 02:48:37 fastweb roundcube:  IMAP Error: Login failed 
for do...@adhigunaputera.com  from 
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in 
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php 
on line 196 (POST /webmail/?_task=mail&_action=refresh)


Feb  9 02:49:47 fastweb roundcube:  IMAP Error: Login failed 
for do...@adhigunaputera.com  from 
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in 
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php 
on line 196 (POST /webmail/?_task=mail&_action=refresh


(funny the IP is the network IP)

What’s the best place to move forward with investigation with this 
issue, here or dev list?


Could you assist me on this?

Thank you in advanced,

*From:*users-boun...@lists.roundcube.net 
 
[mailto:users-boun...@lists.roundcube.net] *On Behalf Of *Hannu Hirvonen

*Sent:* 8 de fevereiro de 2018 20:43
*To:* users@lists.roundcube.net 
*Subject:* Re: [RCU] Unknown user in users table, very odd, possible 
security hole


On 08.02.2018 22:34, Jorge Bastos wrote:

Not in there but you made me remind about:

// Log successful/failed logins to /userlogins or to syslog

That's why I said "something like ...", might have been a bit clearer, 
of course :-)


--

   Hannu Hirvonen (h...@uwasa.fi 
,http://www.uwasa.fi/~hh/)

   Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland



___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users


___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

Re: [RCU] Security issue (possible?) (was: RE: Unknown user in users table, very odd, possible security hole)

2018-02-09 Thread Jorge Bastos 
Ok, another login just right now:

 

Feb  9 09:25:41 fastweb roundcube:  Successful login for
do...@adhigunaputera.com (ID: 100412) from 110.136.11.0 in session
sm6djv7vh6oplo694nff7ng2rp

 

Alec, can you help debugging this?

 

From: users-boun...@lists.roundcube.net
[mailto:users-boun...@lists.roundcube.net] On Behalf Of Jorge Bastos
Sent: 9 de fevereiro de 2018 09:18
To: 'Roundcube Users mailing list' 
Subject: [RCU] Security issue (possible?) (was: RE: Unknown user in users
table, very odd, possible security hole)

 

ALEC!!!

 

There's some security problem in RC I believe!

 

Check this:

 

Feb  9 01:46:44 fastweb roundcube:  Successful login for
do...@adhigunaputera.com   (ID: 100412)
from 110.136.11.0 in session ibj96bvbj5akqlt5slpc47ikfb

 

This user doesn't belong to any of the IMAP accounts, how was he able to
login?

 

After the login, there's some login failed lines:

 

Feb  9 02:47:27 fastweb roundcube:  IMAP Error: Login failed for
do...@adhigunaputera.com   from
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on
line 196 (POST /webmail/?_task=mail&_action=refresh)

Feb  9 02:48:37 fastweb roundcube:  IMAP Error: Login failed for
do...@adhigunaputera.com   from
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on
line 196 (POST /webmail/?_task=mail&_action=refresh)

Feb  9 02:49:47 fastweb roundcube:  IMAP Error: Login failed for
do...@adhigunaputera.com   from
110.136.11.0. Empty startup greeting (mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on
line 196 (POST /webmail/?_task=mail&_action=refresh

 

(funny the IP is the network IP)

 

What's the best place to move forward with investigation with this issue,
here or dev list?

Could you assist me on this?

Thank you in advanced,

 

From: users-boun...@lists.roundcube.net

[mailto:users-boun...@lists.roundcube.net] On Behalf Of Hannu Hirvonen
Sent: 8 de fevereiro de 2018 20:43
To: users@lists.roundcube.net  
Subject: Re: [RCU] Unknown user in users table, very odd, possible security
hole

 

On 08.02.2018 22:34, Jorge Bastos wrote:

Not in there but you made me remind about:

// Log successful/failed logins to /userlogins or to syslog

That's why I said "something like ...", might have been a bit clearer, of
course :-)

-- 
  Hannu Hirvonen (h...@uwasa.fi  ,
http://www.uwasa.fi/~hh/)
  Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users

[RCU] Security issue (possible?) (was: RE: Unknown user in users table, very odd, possible security hole)

2018-02-09 Thread Jorge Bastos 
ALEC!!!

 

There's some security problem in RC I believe!

 

Check this:

 

Feb  9 01:46:44 fastweb roundcube:  Successful login for
do...@adhigunaputera.com (ID: 100412) from 110.136.11.0 in session
ibj96bvbj5akqlt5slpc47ikfb

 

This user doesn't belong to any of the IMAP accounts, how was he able to
login?

 

After the login, there's some login failed lines:

 

Feb  9 02:47:27 fastweb roundcube:  IMAP Error: Login failed for
do...@adhigunaputera.com from 110.136.11.0. Empty startup greeting
(mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on
line 196 (POST /webmail/?_task=mail&_action=refresh)

Feb  9 02:48:37 fastweb roundcube:  IMAP Error: Login failed for
do...@adhigunaputera.com from 110.136.11.0. Empty startup greeting
(mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on
line 196 (POST /webmail/?_task=mail&_action=refresh)

Feb  9 02:49:47 fastweb roundcube:  IMAP Error: Login failed for
do...@adhigunaputera.com from 110.136.11.0. Empty startup greeting
(mail.adhigunaputera.com:143) in
/home/hosting/dhosting.pt/webmail/program/lib/Roundcube/rcube_imap.php on
line 196 (POST /webmail/?_task=mail&_action=refresh

 

(funny the IP is the network IP)

 

What's the best place to move forward with investigation with this issue,
here or dev list?

Could you assist me on this?

Thank you in advanced,

 

From: users-boun...@lists.roundcube.net
[mailto:users-boun...@lists.roundcube.net] On Behalf Of Hannu Hirvonen
Sent: 8 de fevereiro de 2018 20:43
To: users@lists.roundcube.net
Subject: Re: [RCU] Unknown user in users table, very odd, possible security
hole

 

On 08.02.2018 22:34, Jorge Bastos wrote:

Not in there but you made me remind about:

// Log successful/failed logins to /userlogins or to syslog

That's why I said "something like ...", might have been a bit clearer, of
course :-)

-- 
  Hannu Hirvonen (h...@uwasa.fi  ,
http://www.uwasa.fi/~hh/)
  Computer Centre, University of Vaasa, BOX 700, FI-65101 VAASA, Finland
___
Roundcube Users mailing list
users@lists.roundcube.net
http://lists.roundcube.net/mailman/listinfo/users