Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 7 of 7
  1. #1
    gui Guest

    Default Unable to set acl on imap folders

    Hello,

    We're using Community version 6.14.0-Rev8 (and reproducible on 6.16.1-Rev3) and are experiencing problem when trying to share an imap folder through acl.
    When adding a user and click on save button, the result seems ok ("Your settings have been saved.") but when coming back to the acl on folder, the user doesn't appear on the list. If i login directly to dovecot i can see the acl :

    Code:
    # telnet localhost 143
    Trying 127.0.0.1...
    Connected to localhost.
    Escape character is '^]'.
    . login user1 password
    . OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS ACL RIGHTS=texk QUOTA] Logged in
    . getacl inbox
    * ACL "inbox" "user1" akxeilprwtscd "user2" elprwtsd
    . OK Getacl completed.
    System: Debian lenny 5.0.5 with full upgrades.
    Users : authenticated via ldap and not directly via dovecot.
    Imapd : dovecot-imapd 1:1.2.11-1~bpo50+2

    The /var/log/open-xchange/open-xchange.log.0 logfile contains the following errors :

    Code:
    Jul 28, 2010 10:29:11 AM com.openexchange.ajax.Folder$1 call
    SEVERE: ACC-0010 Category=8 Message=Password decryption failed for login support on server test.example.local (user=4, context=1). exceptionID=-1791204813-39
    ACC-0010 Category=8 Message=Password decryption failed for login support on server test.example.local (user=4, context=1). exceptionID=-1791204813-39
    	at com.openexchange.mail.api.MailConfig.fillLoginAndPassword(MailConfig.java:516)
    	at com.openexchange.mail.api.MailConfig.getConfig(MailConfig.java:283)
    	at com.openexchange.mail.api.MailAccess.createMailConfig(MailAccess.java:583)
    	at com.openexchange.mail.api.MailAccess.getMailConfig(MailAccess.java:560)
    	at com.openexchange.mail.api.MailAccess.connect0(MailAccess.java:429)
    	at com.openexchange.mail.api.MailAccess.getRootFolder(MailAccess.java:389)
    	at com.openexchange.ajax.Folder$1.call(Folder.java:701)
    	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:269)
    	at java.util.concurrent.FutureTask.run(FutureTask.java:123)
    	at com.openexchange.threadpool.internal.CustomThreadPoolExecutor$Worker.runTask(CustomThreadPoolExecutor.java:735)
    	at com.openexchange.threadpool.internal.CustomThreadPoolExecutor$Worker.run(CustomThreadPoolExecutor.java:761)
    	at java.lang.Thread.run(Thread.java:595)
    Caused by: ACC-0010 Category=8 Message=Password decryption failed for login support on server test.example.local (user=4, context=1). exceptionID=-1791204813-38
    	at com.openexchange.mailaccount.MailAccountExceptionFactory.createException(MailAccountExceptionFactory.java:82)
    	at com.openexchange.mailaccount.MailAccountExceptionFactory.createException(MailAccountExceptionFactory.java:60)
    	at com.openexchange.exceptions.Exceptions.create(Exceptions.java:139)
    	at com.openexchange.exceptions.Exceptions.create(Exceptions.java:159)
    	at com.openexchange.mailaccount.MailAccountExceptionMessages.create(MailAccountExceptionMessages.java:186)
    	... 12 more
    Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
    	at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    	at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
    	at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA12275)
    	at javax.crypto.Cipher.doFinal(DashoA12275)
    	at com.openexchange.mail.utils.MailPasswordUtil.decrypt(MailPasswordUtil.java:198)
    	at com.openexchange.mail.utils.MailPasswordUtil.decrypt(MailPasswordUtil.java:110)
    	at com.openexchange.mail.api.MailConfig.fillLoginAndPassword(MailConfig.java:514)
    	... 11 more
    I'm not sure the error is related to the problem, any feedback on this kind of probem ?
    Last edited by gui; 08-09-2010 at 05:45 PM. Reason: Highlight version

  2. #2
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi,

    i don't think the error message is related to the issue. Remember, you need to manually subscribe shared IMAP folders. Use right-click on INBOX -> Subscribe. Does that work?

    Greetings

  3. #3
    gui Guest

    Default Not reproducible on fresh install

    Ok thanks, you confirmed my mind on this unrelated error message. After some more investigations, i saw that this account has another mailbox configured with a wrong password that generates this error in logs.

    When i try to subscribe to folders, (right click, subscribe), the mainpage of the account is "fuzzied" and nothing happen. I've to reload the page to get into OX webinterface.

    I also tried with a fresh install (agreed, i maybe would started by this) of Open-Xchange 6.16.1 Rev3 and the problem is NOT reproducible. I suspect a configuration on the production server.

    I've to compare the configuration on my sandbox and the production server to see the differences.

  4. #4
    gui Guest

    Default Resolved issue (configuration)

    Hello,

    I've found the issue of our customer problem:

    In /opt/open-xchange/etc/groupware/mail.properties, if we set

    com.openexchange.mail.mailServerSource

    to "global", we *must* set:

    com.openexchange.mail.mailServer

    to "127.0.0.1" and not to the ip address of the primary network interface.


    Otherwise, if we set:

    com.openexchange.mail.mailServerSource

    to "user", we *must* set:

    com.openexchange.mail.mailServer

    to "<ipaddressofnetworkinterface>"

    The users were created with 127.0.0.1 (createuser).

    Did we forget something else in the configuration logic ?

    Thanks in advance.

  5. #5
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    Hi,

    if com.openexchange.mail.mailServerSource=user is configured, the login data is taken from the user, which can be specified via --imapserver, --smtpserver and --imaplogin per user (create/changeuser). Usually "global" is not used in production but the configuration is done per-user.

  6. #6
    gui Guest

    Default

    Thanks for your answer.

    Just in case of other peoples encounter same issue, i paste below the error messages seen in /var/log/open-xchange/open-xchange.log.0 when trying to share inbox folder:

    Code:
    GRAVE: IMAP-2018 Category=3 Message=Default folder INBOX cannot be updated on server mybox.mydomain with login myuser (user=38, context=1) exceptionID=1291983426-41
    IMAP-2018 Category=3 Message=Default folder INBOX cannot be updated on server mybox.mydomain with login myuser (user=38, context=1) exceptionID=1291983426-41
    I have noted that per user is preferred (default value) than global, but why did we encounter a problem when using the ipaddress of the imap server just for acl (which is, i agree, on the localhost) ?

    Imagine if the imap server is not on localhost but on another server, does it cause trouble with imap acl ? (if a had some time, i'll test this config on our lab).

    Thanks in advance.

  7. #7
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    3,695

    Default

    ACL also work if the server is remote, we've several IMAP Servers running remotely with ACL.

    Greetings

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •