Re: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
On 06/04/13 18:57, lloydsystems wrote: So, I repeated the whole process, and this time went back to hanging at the Outlook splash screen. But, once it opens after 12 minutes, the mail is there. I ambitiously tried to send an email, but it just stuck in the outbox. That issue has been fixed a few days ago with the help from Microsoft. It'll be part of v2.0.5. -- Ludovic Marcotte +1.514.755.3630 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: Re: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
Hi Jean, Thanks very much for your response. I created a sogo.conf file from the output of the 'sogo-tool dump-defaults' and it works! I found by trial and error it accepts C-style comments too. Thanks also for the tip about running imapd with '-N' option. That is certainly better than using pwcheck_method = alwaystrue because, on EL, that requires a rebuild of the SASL rpm to enable the option. Should add it to the documentation one day. I also updated the openchange packages (3 of) to those on the nightly build and, as you suggested, this fixed the 100% CPU usage problem with paster. I ran the openchange_cleanup.py script and got the following output: Logged in as 'testuser' Traceback (most recent call last): File ./openchange_cleanup.py, line 254, in module main() File ./openchange_cleanup.py, line 88, in main sqlCleanup(username) File ./openchange_cleanup.py, line 229, in sqlCleanup OCSFolderInfoURL = getOCSFolderInfoURL() File ./openchange_cleanup.py, line 193, in getOCSFolderInfoURL sogoDefaults = plistlib.readPlist(sogoSysDefaultsFile) File /usr/lib64/python2.6/plistlib.py, line 78, in readPlist rootObject = p.parse(pathOrFile) File /usr/lib64/python2.6/plistlib.py, line 406, in parse parser.ParseFile(fileobj) xml.parsers.expat.ExpatError: not well-formed (invalid token): line 1, column 0 so I'm not sure if it was successful. I deleted the user profile and tried Outlook again, but unfortunately I got the same result as before (as posted on the 5th). Outlook hangs at the splash screen for 12 minutes, then opens and displays mail. When it does the maillog shows testuser logged in on service 'imaplocal' (127.0.0.1). If the authentication works, why does Outlook hang for 12 minutes? The apache logs are not much help. The ocsmanager log shows little more than service start/stop messages. When Outlook does open it shows some messages 'client did not pass auth cookie'. The samba log, just before Outlook hangs shows this: registered class 'MAPIStoreNotesContext' as handler of 'notes' contexts registered class 'MAPIStoreFallbackContext' as handler of 'fallback' contexts registered class 'MAPIStoreCalendarContext' as handler of 'calendar' contexts registered class 'MAPIStoreOutboxContext' as handler of 'outbox' contexts registered class 'MAPIStoreTasksContext' as handler of 'tasks' contexts registered class 'MAPIStoreContactsContext' as handler of 'contacts' contexts registered class 'MAPIStoreMailContext' as handler of 'mail' contexts [ERROR] 0x0x2b3f868[NGLdapAttribute] cound not convert value of objectGUID to string [ERROR] 0x0x3719c78[NGLdapAttribute] cound not convert value of objectSid to string [WARN] 0x0x4517108[SOGoWebDAVAclManager] entry '{DAV:}write' already exists in DAV permissions table [WARN] 0x0x4517108[SOGoWebDAVAclManager] entry '{DAV:}write-properties' already exists in DAV permissions table [WARN] 0x0x4517108[SOGoWebDAVAclManager] entry '{DAV:}write-content' already exists in DAV permissions table [ERROR] 0x0x4191128[NGLdapAttribute] cound not convert value of objectGUID to string [ERROR] 0x0x4191888[NGLdapAttribute] cound not convert value of objectSid to string WARNING: IMAP4 connection pooling is disabled! Once Outlook opens there is reams of openchange-related junk written to the log making it impossible to gather anything useful. Looks more like programmers debugging info than a log file. Maybe this is of some help? Regards, Stephen Jones -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
On 13-04-06 9:38 AM, lloydsystems wrote: Hi Jean, Thanks very much for your response. I created a sogo.conf file from the output of the 'sogo-tool dump-defaults' and it works! I found by trial and error it accepts C-style comments too. I didn't know that dictionaryWithContentsOfFile would ignore lines with C-style (/* ... */) comments. Thanks for pointing this out. Thanks also for the tip about running imapd with '-N' option. That is certainly better than using pwcheck_method = alwaystrue because, on EL, that requires a rebuild of the SASL rpm to enable the option. Should add it to the documentation one day. Yes indeed. I also updated the openchange packages (3 of) to those on the nightly build and, as you suggested, this fixed the 100% CPU usage problem with paster. I ran the openchange_cleanup.py script and got the following output: Logged in as 'testuser' Traceback (most recent call last): File ./openchange_cleanup.py, line 254, in module main() File ./openchange_cleanup.py, line 88, in main sqlCleanup(username) File ./openchange_cleanup.py, line 229, in sqlCleanup OCSFolderInfoURL = getOCSFolderInfoURL() File ./openchange_cleanup.py, line 193, in getOCSFolderInfoURL sogoDefaults = plistlib.readPlist(sogoSysDefaultsFile) File /usr/lib64/python2.6/plistlib.py, line 78, in readPlist rootObject = p.parse(pathOrFile) File /usr/lib64/python2.6/plistlib.py, line 406, in parse parser.ParseFile(fileobj) xml.parsers.expat.ExpatError: not well-formed (invalid token): line 1, column 0 so I'm not sure if it was successful. I deleted the user profile and tried Outlook again, but unfortunately I got the same result as before (as posted on the 5th). Outlook hangs at the splash screen for 12 minutes, then opens and displays mail. When it does the maillog shows testuser logged in on service 'imaplocal' (127.0.0.1). If the authentication works, why does Outlook hang for 12 minutes? The script was not successful. You have to update sogo to the nightly version too. Or at least, grab the cleanup script for the git repo. The plistlib module can only read xml plists, so it will fail to parse sogo.conf. The new version don't use that module anymore. Do the steps again: update sogo to nigthly cleanup testuser restart samba new outlook profile The apache logs are not much help. The ocsmanager log shows little more than service start/stop messages. When Outlook does open it shows some messages 'client did not pass auth cookie'. The samba log, just before Outlook hangs shows this: registered class 'MAPIStoreNotesContext' as handler of 'notes' contexts registered class 'MAPIStoreFallbackContext' as handler of 'fallback' contexts registered class 'MAPIStoreCalendarContext' as handler of 'calendar' contexts registered class 'MAPIStoreOutboxContext' as handler of 'outbox' contexts registered class 'MAPIStoreTasksContext' as handler of 'tasks' contexts registered class 'MAPIStoreContactsContext' as handler of 'contacts' contexts registered class 'MAPIStoreMailContext' as handler of 'mail' contexts [ERROR] 0x0x2b3f868[NGLdapAttribute] cound not convert value of objectGUID to string [ERROR] 0x0x3719c78[NGLdapAttribute] cound not convert value of objectSid to string [WARN] 0x0x4517108[SOGoWebDAVAclManager] entry '{DAV:}write' already exists in DAV permissions table [WARN] 0x0x4517108[SOGoWebDAVAclManager] entry '{DAV:}write-properties' already exists in DAV permissions table [WARN] 0x0x4517108[SOGoWebDAVAclManager] entry '{DAV:}write-content' already exists in DAV permissions table [ERROR] 0x0x4191128[NGLdapAttribute] cound not convert value of objectGUID to string [ERROR] 0x0x4191888[NGLdapAttribute] cound not convert value of objectSid to string WARNING: IMAP4 connection pooling is disabled! Once Outlook opens there is reams of openchange-related junk written to the log making it impossible to gather anything useful. Looks more like programmers debugging info than a log file. Maybe this is of some help? It is programmer debugging info, and the log file ;-) Regards, Stephen Jones -- Jean Raby jr...@inverse.ca :: +1.514.447.4918 (x120) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) -- users@sogo.nu https://inverse.ca/sogo/lists
Re: Re: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
Hi Jean, OK, I grabbed the latest openchange_cleanup.py script and ran it and, from the output, appeared to be successful. I tried Outlook again with a new profile and this time it did not hang at the splash screen. However, there was no email visible other than a message created by Outlook about sync issues, seemingly with Inbox. It did create the folder 'Junk E-mail'. Attempting to update folders failed. After a few minutes Outlook said it was disconnected - game over. In the samba log file there were many messages related to MAPIStore___Context saying 'you should *never* get here'!! The last log entry was a 'panic: internal error'. The maillog showed 'testuser nopassword' logged in on service 'imaplocal'. The imap protocol logging shows connection activity by testuser, but nothing retrieved. So, I repeated the whole process, and this time went back to hanging at the Outlook splash screen. But, once it opens after 12 minutes, the mail is there. I ambitiously tried to send an email, but it just stuck in the outbox. It seems to be some connection problem between OpenChange and the SOGo backend or IMAP server. But SOGo works just fine from its web GUI, and I guess I'll have to settle with that for now. It may be a hard question but do you know at what timeframe or version the OpenChange/Outlook solution should reach a point where it is stable for live use? Regards, Stephen Jones -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
On 13-03-28 4:32 PM, lloydsystems wrote: Dear SOGo Group, Hi Stephen, I am having difficulty getting SOGo/OpenChange to work with Outlook 2010. SOGo itself works through its web interface, but email with Outlook does not. I have been messing around with it for days without success, so I thought I would ask for some help. Setup: Server is running CentOS 6.4 with Postfix 2.6 and Cyrus-IMAP 2.4. The email system was setup and tested before starting with SOGo. I also had Samba4 from the SOGo repo already installed and AD setup and tested. DNS: Here I will call the server domain example.local, so AD is setup with domain EXAMPLE, realm example.local. The server is also hosting a real world domain example.com, so there is a split DNS setup. The example.local is managed by Samba using BIND with DLZ plugin, and example.com has traditional BIND zone files. All setup and tested. The users are in Samba4 AD, but will have u...@example.com as their email address. Postfix is setup with example.com as a virtual mailbox domain and delivers mail to Cyrus-IMAP. I used Cyrus-IMAP because, being a sealed system makes it well suited to virtual domains. It authenticates users by SASL (saslauthd) configured for PAM. The /etc/pam.d/imap file uses pam_krb5 to authenticate email users by Kerberos against AD. All works. I installed SOGo following the guide with MySQL database backend. For LDAP authentication I used the template in the Outlook configuration guide. I would recommend using the nightly builds (or waiting for 2.0.5) to test the outlook compatibility. We've fixed quite a few bugs after 2.0.4. Side note: I read somewhere that the SOGo configuration is being changed to a proper “sogo.conf” file rather than using that awful “defaults” method, but maybe it was only for Debian. Can this be done for RHEL/CentOS? I got so sick of it I actually wrote a script to do the config. Is anyone aware that running ‘defaults –u sogo’ blows away the existing file?I learned that the hard way. Yes, this sucks... sogo.conf can be used on rhel or debian, it doesn't matter. Simply create /etc/sogo/sogo.conf with the appropriate content. You can use sogo-tool dump-defaults to convert from GNUstepDefaults. When finished I started SOGo and could login from the web interface with my EXAMPLE\testuser AD account. Calendar, contacts and email (as testu...@example.com) all worked perfectly. I then followed the Outlook configuration guide to install and configure the SOGo/OpenChange packages. The only part I did not follow initially was under the IMAP trust section. It reads like a couple of lines thrown in there as an afterthought, and with no example to follow, so it did not make sense at the time. I will come back to this. All steps appeared to work OK. Adding testuser to OpenChange initially failed with “not found”. I discovered from the code that it only looks in CN=Users, but my users are under OU=People in order to apply group policy. When I moved testuser it worked OK and I could see the extended attributes. I assume that, after this step, users could be moved back to an OU without any issues? I left testuser in CN=Users for now. CN=Users is hardcoded in a few places in openchange,in the provision scripts and in ocsmanager, so, for now you should keep your users under this OU. At the end the services start OK and I login as testuser from a VM client joined to the EXAMPLE domain. I create the Outlook profile and start Outlook. It appears to work – Outlook says it is connected to Exchange, but there is no mail folder creation and no email visible. However, the calendar and contact items are there. Eventually Outlook says it is disconnected, and Samba is rather unhappy and appears to have stopped working and must be restarted. If I run the “Test Email AutoConfiguration” utility it fails. The Apache logs show requests for “autodiscover” returning 401 or 502 errors. But I had setup DNS for autodiscover. In DNS Manager I tried both methods – using a SRV entry and adding a CNAME alias. I also added an alias to the example.com DNS just in case. In the maillog I see cyrus-imap errors for badlogin, SASL(-13), authentication failure. This, with the 401 error, suggests SOGo/OpenChange will not connect to Cyrus-IMAP. I revisited the IMAP trust section and attempted to use ‘sasl_pwcheck_method = alwaystrue’. However, I found that on EL this is not available because the option is not enabled at compile. So I downloaded the cyrus-sasl source RPM, rebuilt it with ‘--enable-alwaystrue’ and installed it. I could now use the ‘imtest’ utility to authenticate as testuser with any password. Seems OK. I setup ‘cyrus.conf’ with separate imap services, one bound to 127.0.0.1 and the other to the server IP, using different ‘imapd.conf’ files. The only difference being one has ‘sasl_pwcheck_method = saslauthd’ and the other ‘sasl_pwcheck_method = alwaystrue’. You can also acheive the same
Re: [SOGo] Cannot get SOGo/OpenChange working with Cyrus-IMAP
Hi, I have continued trying to get OpenChange to work with SOGo, but still unsuccessful, and have not received any feedback to guide me to the problem. I do have some more information. I initially suspected an IMAP authentication problem, but now I am not so sure. I believe I have covered the IMAP trust issue. I have Cyrus-IMAP running 2 instances - 'imap' listening on the server IP and 'imaplocal' listening on the loopback address. 'imap' has pwcheck_method = saslauthd while 'imaplocal' has pwcheck_method = alwaystrue as per the setup guide. With this I can login at the server using the imtest utility with my testuser AD account and any password, so this should be correct. My testing shows 2 scenarios, depending on how I configure SOGo: 1. Set SOGoIMAPServer = server.example.com Using the SOGo web GUI the testuser AD account can login OK. saslauthd shows successful authentication by testuser, and Cyrus reports successful authentication in maillog by testuser and service 'imap'. testuser can see mail, contacts and calendar. Starting Outlook and login as testuser, Outlook will open and says it is connected to Exchange, but there is no mail folder creation and no mail items visible. In the maillog Cyrus service 'imap' reports authentication failed for testuser. This is oviously the IMAP trust issue. So... 2. Set SOGoIMAPServer = localhost The testuser can still login via SOGo web GUI. Cyrus now shows successful authentication in maillog by testuser on service 'imaplocal'. No activity reported by saslauthd, as expected, because pwcheck_method = alwaystrue. Looks good up to here, but... Starting Outlook and login as testuser, Outlook will hang at the splash screen for 12 minutes (every time) before finally opening. When it does there is no folder creation, but I can see existing mail in Inbox/Sent folders. I can view contacts, but selecting calendar crashes Outlook. When Outlook does open Cyrus reports a successful authentication in the maillog by testuser on service 'imaplocal'. This would suggest to me that there is no problem with Cyrus-IMAP or SASL, but the problem is OpenChange. Furthermore, in both scenarios above, once Outlook is started I see 100% CPU usage on the server. The process consuming this is 'paster'. paster is part of the python-paste-script package, required by python-pylons, required by openchange-ocsmanager. The only way to free the CPU is to restart the openchange-ocsmanager service. I have followed the guide and tested everything systematically but still cannot make it work. SOGo itself appears to be stable and works through its web GUI so I am happy to use it, but OpenChange seems to me to be still experimental and not something I can use in a live system. I think I will have to give up for now and wait until OpenChange reaches greater maturity. Stephen Jones -- users@sogo.nu https://inverse.ca/sogo/lists