Announcement

Collapse
No announcement yet.

Unable to set acl on imap folders

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to set acl on imap folders

    Hello,

    We're using Community version 6.14.0-Rev8 (and reproducible on 6.16.1-Rev3) and are experiencing problem when trying to share an imap folder through acl.
    When adding a user and click on save button, the result seems ok ("Your settings have been saved.") but when coming back to the acl on folder, the user doesn't appear on the list. If i login directly to dovecot i can see the acl :

    Code:
    # telnet localhost 143
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    . login user1 password
    . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk QUOTA] Logged in
    . getacl inbox
    * ACL "inbox" "user1" akxeilprwtscd "user2" elprwtsd
    . OK Getacl completed.
    System: Debian lenny 5.0.5 with full upgrades.
    Users : authenticated via ldap and not directly via dovecot.
    Imapd : dovecot-imapd 1:1.2.11-1~bpo50+2

    The /var/log/open-xchange/open-xchange.log.0 logfile contains the following errors :

    Code:
    Jul 28, 2010 10:29:11 AM com.openexchange.ajax.Folder$1 call
    SEVERE: ACC-0010 Category=8 Message=Password decryption failed for login support on server test.example.local (user=4, context=1). exceptionID=-1791204813-39
    ACC-0010 Category=8 Message=Password decryption failed for login support on server test.example.local (user=4, context=1). exceptionID=-1791204813-39
    	at com.openexchange.mail.api.MailConfig.fillLoginAndPassword(MailConfig.java:516)
    	at com.openexchange.mail.api.MailConfig.getConfig(MailConfig.java:283)
    	at com.openexchange.mail.api.MailAccess.createMailConfig(MailAccess.java:583)
    	at com.openexchange.mail.api.MailAccess.getMailConfig(MailAccess.java:560)
    	at com.openexchange.mail.api.MailAccess.connect0(MailAccess.java:429)
    	at com.openexchange.mail.api.MailAccess.getRootFolder(MailAccess.java:389)
    	at com.openexchange.ajax.Folder$1.call(Folder.java:701)
    	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)
    	at java.util.concurrent.FutureTask.run(FutureTask.java:123)
    	at com.openexchange.threadpool.internal.CustomThreadPoolExecutor$Worker.runTask(CustomThreadPoolExecutor.java:735)
    	at com.openexchange.threadpool.internal.CustomThreadPoolExecutor$Worker.run(CustomThreadPoolExecutor.java:761)
    	at java.lang.Thread.run(Thread.java:595)
    Caused by: ACC-0010 Category=8 Message=Password decryption failed for login support on server test.example.local (user=4, context=1). exceptionID=-1791204813-38
    	at com.openexchange.mailaccount.MailAccountExceptionFactory.createException(MailAccountExceptionFactory.java:82)
    	at com.openexchange.mailaccount.MailAccountExceptionFactory.createException(MailAccountExceptionFactory.java:60)
    	at com.openexchange.exceptions.Exceptions.create(Exceptions.java:139)
    	at com.openexchange.exceptions.Exceptions.create(Exceptions.java:159)
    	at com.openexchange.mailaccount.MailAccountExceptionMessages.create(MailAccountExceptionMessages.java:186)
    	... 12 more
    Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    	at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    	at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    	at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA12275)
    	at javax.crypto.Cipher.doFinal(DashoA12275)
    	at com.openexchange.mail.utils.MailPasswordUtil.decrypt(MailPasswordUtil.java:198)
    	at com.openexchange.mail.utils.MailPasswordUtil.decrypt(MailPasswordUtil.java:110)
    	at com.openexchange.mail.api.MailConfig.fillLoginAndPassword(MailConfig.java:514)
    	... 11 more
    I'm not sure the error is related to the problem, any feedback on this kind of probem ?
    Last edited by Guest; 08-09-2010, 05:45 PM. Reason: Highlight version

  • #2
    Hi,

    i don't think the error message is related to the issue. Remember, you need to manually subscribe shared IMAP folders. Use right-click on INBOX -> Subscribe. Does that work?

    Greetings

    Comment


    • #3
      Not reproducible on fresh install

      Ok thanks, you confirmed my mind on this unrelated error message. After some more investigations, i saw that this account has another mailbox configured with a wrong password that generates this error in logs.

      When i try to subscribe to folders, (right click, subscribe), the mainpage of the account is "fuzzied" and nothing happen. I've to reload the page to get into OX webinterface.

      I also tried with a fresh install (agreed, i maybe would started by this) of Open-Xchange 6.16.1 Rev3 and the problem is NOT reproducible. I suspect a configuration on the production server.

      I've to compare the configuration on my sandbox and the production server to see the differences.

      Comment


      • #4
        Resolved issue (configuration)

        Hello,

        I've found the issue of our customer problem:

        In /opt/open-xchange/etc/groupware/mail.properties, if we set

        com.openexchange.mail.mailServerSource

        to "global", we *must* set:

        com.openexchange.mail.mailServer

        to "127.0.0.1" and not to the ip address of the primary network interface.


        Otherwise, if we set:

        com.openexchange.mail.mailServerSource

        to "user", we *must* set:

        com.openexchange.mail.mailServer

        to "<ipaddressofnetworkinterface>"

        The users were created with 127.0.0.1 (createuser).

        Did we forget something else in the configuration logic ?

        Thanks in advance.

        Comment


        • #5
          Hi,

          if com.openexchange.mail.mailServerSource=user is configured, the login data is taken from the user, which can be specified via --imapserver, --smtpserver and --imaplogin per user (create/changeuser). Usually "global" is not used in production but the configuration is done per-user.

          Comment


          • #6
            Thanks for your answer.

            Just in case of other peoples encounter same issue, i paste below the error messages seen in /var/log/open-xchange/open-xchange.log.0 when trying to share inbox folder:

            Code:
            GRAVE: IMAP-2018 Category=3 Message=Default folder INBOX cannot be updated on server mybox.mydomain with login myuser (user=38, context=1) exceptionID=1291983426-41
            IMAP-2018 Category=3 Message=Default folder INBOX cannot be updated on server mybox.mydomain with login myuser (user=38, context=1) exceptionID=1291983426-41
            I have noted that per user is preferred (default value) than global, but why did we encounter a problem when using the ipaddress of the imap server just for acl (which is, i agree, on the localhost) ?

            Imagine if the imap server is not on localhost but on another server, does it cause trouble with imap acl ? (if a had some time, i'll test this config on our lab).

            Thanks in advance.

            Comment


            • #7
              ACL also work if the server is remote, we've several IMAP Servers running remotely with ACL.

              Greetings

              Comment

              Working...
              X