Another "wrong username or password" problem

[panama]

Hello all,

I have this problem with the mobile web client, no one can login. The SWA works great.

My system is:
CentOS 4.4
Scalix 11.0.4

I followed some previos posts on this topic so I am putting the results of some commands suggested:

1. omstat -a

[root@intranet ~]# omstat -a
PC Monitor Started NON-STOP 0
Directory Relay Server Started 11:54:42
Notification Server Started 11:54:42 0
Shared memory daemon Started NON-STOP
Notification Monitor Started NON-STOP
Session Monitor Started NON-STOP
Indexer Started NON-STOP
Stats Daemon Started NON-STOP
Container Access Monitor Started NON-STOP
Item Structure Server Stopped
Database Monitor Started 11:54:42
Licence Monitor Daemon Started NON-STOP
LDAP Daemon Started 11:54:42
Queue Manager Started NON-STOP
Item Delete Daemon Started NON-STOP
IMAP Server Daemon Started 12:08:19
SMTP Relay Started 11:54:42
Mime Browser Controller Started 11:54:42
Event Server Started 11:54:42

2. omstat -s

[root@intranet ~]# omstat -s
Service Router Started 11:54:45 0
Local Delivery Started 11:54:45 0
Internet Mail Gateway Started 11:54:45 0
Local Client Interface Enabled 11:54:45 0
Remote Client Interface Enabled 11:54:45 4
Test Server Started 11:54:45 0
Request Server Started 11:54:45 0
Print Server Started 11:54:45 0
Bulletin Board Server Started 11:54:45 0
Background Search Service Started 11:54:45 0
CDA Server Started 11:54:45 0
POP3 interface Started 11:54:45 0
Omscan Server Started 11:54:45 0
Archiver Started 11:54:45 0

3. ps ax | grep post
[root@intranet ~]# ps ax | grep post
2749 pts/3 S+ 0:00 grep post
3316 ? S 0:02 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
3318 ? S 0:00 postgres: stats buffer process
3319 ? S 0:00 postgres: stats collector process
3879 ? S 0:02 //home/journyx7/jtime/jtime/pd/Linux/pgres/bin/postmaster -i -N32 -B80 -D//home/journyx7/jtime/jtime/pi/db/data
3880 ? S 0:00 postgres: stats buffer process
3881 ? S 0:00 postgres: stats collector process
3905 ? S 0:00 postgres: journyx7 template1 [local] idle
3907 ? S 0:06 postgres: journyx7 template1 [local] idle
3911 ? S 0:24 postgres: journyx7 template1 [local] idle
17941 ? S 0:01 postgres: journyx7 template1 [local] idle

4. ps ax | grep tomcat

[root@intranet bin]# ps ax | grep tomcat
2857 pts/3 S+ 0:00 grep tomcat
11015 ? Sl 285:21 /usr/java/jre1.5.0_06/bin/java -server -Djava.net.preferIPv4Stack=true -Dscalix.instance=/var/opt/scalix/it -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/var/opt/scalix/it/tomcat/conf/logging.properties -Djava.endorsed.dirs=/opt/scalix-tomcat/common/endorsed -classpath /usr/java/jre1.5.0_06/lib/tools.jar:/opt/scalix-tomcat/bin/bootstrap.jar:/opt/scalix-tomcat/bin/commons-logging-api.jar -Dcatalina.base=/var/opt/scalix/it/tomcat -Dcatalina.home=/opt/scalix-tomcat -Djava.io.tmpdir=/var/opt/scalix/it/tomcat/temp org.apache.catalina.startup.Bootstrap start

5. lsof -i:8009

[root@intranet bin]# lsof -i:8009
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
httpd 9791 apache 16u IPv4 20847770 TCP intranet.mydomain.com:35230->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9792 apache 16u IPv4 20847776 TCP intranet.mydomain.com:35231->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9793 apache 16u IPv4 20847756 TCP intranet.mydomain.com:35226->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9794 apache 16u IPv4 20847753 TCP intranet.mydomain.com:35225->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9795 apache 16u IPv4 20847418 TCP intranet.mydomain.com:35219->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9796 apache 16u IPv4 20847762 TCP intranet.mydomain.com:35228->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9797 apache 16u IPv4 20847765 TCP intranet.mydomain.com:35229->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 9798 apache 16u IPv4 20847750 TCP intranet.mydomain.com:35224->intranet.mydomain.com:8009 (ESTABLISHED)
java 11015 root 32u IPv4 4817450 TCP intranet.mydomain.com:8009 (LISTEN)
java 11015 root 34u IPv4 20847454 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35223 (ESTABLISHED)
java 11015 root 35u IPv4 20847771 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35231 (ESTABLISHED)
java 11015 root 43u IPv4 20847763 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35229 (ESTABLISHED)
java 11015 root 46u IPv4 20847419 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35222 (ESTABLISHED)
java 11015 root 61u IPv4 20847751 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35225 (ESTABLISHED)
java 11015 root 760u IPv4 20847748 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35224 (ESTABLISHED)
java 11015 root 828u IPv4 20847754 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35226 (ESTABLISHED)
java 11015 root 830u IPv4 20847760 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35228 (ESTABLISHED)
java 11015 root 919u IPv4 20847766 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35230 (ESTABLISHED)
java 11015 root 1057u IPv4 20847757 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35227 (ESTABLISHED)
java 11015 root 1074u IPv4 20846452 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35217 (ESTABLISHED)
java 11015 root 1080u IPv4 20847412 TCP intranet.mydomain.com:8009->intranet.mydomain.com:35219 (ESTABLISHED)
httpd 13796 apache 16u IPv4 20847759 TCP intranet.mydomain.com:35227->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 13801 apache 16u IPv4 20847453 TCP intranet.mydomain.com:35222->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 13803 apache 16u IPv4 20847411 TCP intranet.mydomain.com:35217->intranet.mydomain.com:8009 (ESTABLISHED)
httpd 25821 apache 16u IPv4 20847747 TCP intranet.mydomain.com:35223->intranet.mydomain.com:8009 (ESTABLISHED)
[root@intranet bin]#

6. I also tried reconfiguring Scalix-DB and Scalix Messaging Services.

Can you see anything wrong?, any ideas?, does anybody could solve this issue?

Thanks for all your help.

[gren]

Hi Panama,

Anything interesting in the log files under /var/opt/scalix/it/tomcat/logs/ ?

In particular, catalina.out and scalix-mobile.log?

If there isn't anything, try increasing the logging levels in /var/opt/scalix/it/tomcat/webapps/m/WEB-INF/classes/log4j.properties
to INFO or DEBUG and re-start tomcat.

What errors are you seeing in your web clients when trying to access?

Regards,
Gren.

[panama]

Thanks Gren.

1. scalix-mobile.log:
------------------------
[root@intranet logs]# tail -f scalix-mobile.log
2007-06-19 08:59:56,340 DEBUG [Init.contextInitialized:16] Received contextInitialized event
2007-06-19 08:59:56,363 DEBUG [Config.getInputStreamForFile:101] Reading config from /var/opt/scalix/it/mobile/mobile.properties
2007-06-19 08:59:56,377 DEBUG [Config.load:78] done loading Scalix Mobile Web Client configuration (version 11.0.4.25)
2007-06-19 09:01:18,616 DEBUG [Connection.execute:102] could not re-authenticate
2007-06-19 09:01:18,621 DEBUG [LoginController.processFormSubmission:61] authentication failed for user01

Where user01 is a valid user and can login SWA without problems.


2.catalina.out:
-----------------
org.hibernate.exception.GenericJDBCException: Cannot open connection
at org.hibernate.exception.SQLStateConverter.handledNonSpecificException(SQLStateConverter.java:103)
at org.hibernate.exception.SQLStateConverter.convert(SQLStateConverter.java:91)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:43)
at org.hibernate.exception.JDBCExceptionHelper.convert(JDBCExceptionHelper.java:29)
at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:420)
at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144)
at org.hibernate.jdbc.BorrowedConnectionProxy.invoke(BorrowedConnectionProxy.java:40)
at $Proxy0.createStatement(Unknown Source)
at com.scalix.api.db.DbUtils.getSession(DbUtils.java:74)
at com.scalix.api.mailbox.Mailbox.checkForTables(Mailbox.java:1100)
at com.scalix.api.mailbox.Mailbox.init(Mailbox.java:98)
at com.scalix.api.service.ServiceFactory.createService(ServiceFactory.java:24)
at com.scalix.api.service.Context.create(Context.java:87)
at com.scalix.api.session.SessionManager.aquire(SessionManager.java:48)
at com.scalix.api.rest.CheckAuthInterceptor.preHandle(CheckAuthInterceptor.java:49)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:707)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:658)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:392)
at com.scalix.api.PlatformDispatcherServlet.service(PlatformDispatcherServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Unknown Source)
Caused by: java.sql.SQLException: Connections could not be acquired from the underlying database!
at com.mchange.v2.sql.SqlUtils.toSQLException(SqlUtils.java:104)
at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:236)
at com.mchange.v2.c3p0.PoolBackedDataSource.getConnection(PoolBackedDataSource.java:94)
at org.hibernate.connection.C3P0ConnectionProvider.getConnection(C3P0ConnectionProvider.java:35)
at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:417)
... 30 more
Caused by: com.mchange.v2.resourcepool.CannotAcquireResourceException: A ResourcePool could not acquire a resource from its primary factory or source.
at com.mchange.v2.resourcepool.BasicResourcePool.awaitAcquire(BasicResourcePool.java:970)
at com.mchange.v2.resourcepool.BasicResourcePool.checkoutResource(BasicResourcePool.java:208)
at com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:232)
... 33 more


3. I also checked in scalix-api.log and I see a database authentication error:
-------------------------------------------------------------------------------------------
2007-06-19 09:07:39,863 ERROR [CheckAuthInterceptor.preHandle:58] Problem encoutered during authentication
M00021 could not connect to database

Any additional suggestions?

Thanks in advance.

[gren]

M00021 means "could not connect to database".

Looking back at your earlier post, I notice that you are running a non-Scalix instance of postgres. I suspect this is interfering - probably preventing scalix-postgres from starting.

On my system, the main postgres invocation running is :
/usr/bin/postmaster -h crowley.uk.scalix.com -p 5733 -D /var/opt/scalix/cy/postgres/data -k /var/opt/scalix/cy/postgres/data

Probably worth looking at :
/var/opt/scalix/??/postgres/data/pgstartup.log

Also, try :
/etc/init.d/scalix-postgres status

[panama]

Hi Gren,

It is solved!. Seems there was a conflict with my other instance of Postgres. I restarted scalix-posgtres and the mobile client is working.

I still have a doubt, if the scalix-postgres was not running how the SWA was working fine? I though SWA retrieve the mails from the postgres database?, could you clarify me this point?

Thanks in advance.

[gren]

Hi Panama,

I'm glad you have fixed the issue.
SWA can exploit the Scalix Messaging Services header cache (stored in the postgres database) if it is available but when it is not, it will fall back to an old way of working where it accesses the Scalix message store directly.

Regards,
Gren.

[panama]

Thanks Gren.

Regards.

[Beleggrodion]

I don't make a new thread, I hope it's ok, when i use this Thread.

I also have a Problem when i try to Login into the Scalix Mobile Web Client.

Some Information about the System and the Scalix Software that is used: CentOS 5 with Scalix 11.2.0

scalix-api.log

Code: Select all

2007-10-31 15:34:20,435 ERROR [Directory.getAttributesBySmtpAddress:82] Naming exception!
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - LDAP server requires authenticated bind]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
        at javax.naming.InitialContext.init(Unknown Source)
        at javax.naming.InitialContext.<init>(Unknown Source)
        at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
        at com.scalix.api.directory.Directory.getAttributesBySmtpAddress(Directory.java:50)
        at com.scalix.api.auth.ImapAuthenticationService.authenticate(ImapAuthenticationService.java:174)
        at com.scalix.api.auth.Frontdoor.authenticate(Frontdoor.java:18)
        at com.scalix.api.rest.CheckAuthInterceptor.authenticateAccount(CheckAuthInterceptor.java:76)
        at com.scalix.api.rest.CheckAuthInterceptor.preHandle(CheckAuthInterceptor.java:50)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:829)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:774)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:460)
        at com.scalix.api.PlatformDispatcherServlet.service(PlatformDispatcherServlet.java:73)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.springframework.web.filter.AbstractRequestLoggingFilter.doFilterInternal(AbstractRequestLoggingFilter.java:133)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Unknown Source)
2007-10-31 15:34:20,437  WARN [PlatformDispatcherServlet.service:76] processRequest threw exception
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException
Caused by:
java.lang.NullPointerException
        at com.scalix.api.directory.Directory.getAttributesBySmtpAddress(Directory.java:85)
        at com.scalix.api.auth.ImapAuthenticationService.authenticate(ImapAuthenticationService.java:174)
        at com.scalix.api.auth.Frontdoor.authenticate(Frontdoor.java:18)
        at com.scalix.api.rest.CheckAuthInterceptor.authenticateAccount(CheckAuthInterceptor.java:76)
        at com.scalix.api.rest.CheckAuthInterceptor.preHandle(CheckAuthInterceptor.java:50)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:829)
        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:774)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:460)
        at com.scalix.api.PlatformDispatcherServlet.service(PlatformDispatcherServlet.java:73)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.springframework.web.filter.AbstractRequestLoggingFilter.doFilterInternal(AbstractRequestLoggingFilter.java:133)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Unknown Source)


The Internet don't seem's to know many things about "[LDAP: error code 53 - LDAP server requires authenticated bind]" , Because i Think there is the Problem that Login don't work. The /webmail/ Interface and The /sac/ Interface Work's fine.

[gren]

Could you paste the contents of your general.cfg file here please? By default, the Scalix LDAP service does not require authentication to use it but it can be configured to do so.
It appears that Scalix Web Services (which is used by Scalix Mobile Web Client) is attempting to use the Scalix LDAP service without providing a user name and password but the LDAP service is requiring one.

This may point to a bug in Scalix Web Services in that I don't believe it is possible to configure it to provide a username and password currently.

Regards,
Gren.

[Beleggrodion]

Ok, here is the general.cfg:

Code: Select all

# @(#) $Id: general.cfg,v 1.3 2003/01/14 16:12:27 tonyn Exp $
#
#
# File: general.cfg  - general customization file for Scalix
#
# This file is used to override hard-coded configuration settings.
# See the Scalix Technical Guide for details of the options that
# can be specified in this file.
#
# Options in this file use the syntax:
#
#    <tag>=<value>
#
# You cannot enter a <value> containing an underscore character (_);
# the underscore character is used to represent a space.
#
USRL_AUTO_GEN_SGI_2_CN=G S
USRL_AUTO_GEN_AUTHID=G.S
INET_AUTO_GEN_DOMAIN=firm.com
# These three tweaks allow users to signon using an alias. Only
# system-defined aliases are permitted and it the alias name is ignored
# for the purposes of message creation and so on.
# Note that changing these settings normally requires Scalix to be
# restarted.
UAL_SIGNON_ALIAS=YES
UAL_SIGNON_ALIAS_CONFIG=SYS
UAL_USE_SIGNON_ALIAS=FALSE
# The CDA service (used for "type down" in some clients) is more
# efficient if it can check the directory change log before attempting
# to update the access tables that it uses.   One slow machines, it may
# also be worth uncommenting the CDA_CHECKTIME tweak to reduce the check
# interval from five minutes to an hour.
CDA_USE_CHANGE_LOG=TRUE
# CDA_CHECKTIME=60
# These tweaks limit the number and rate of IMAP connections to the
# server. The IMAP_CONNECTION_LIMIT simply restricts the total number of
# connections to the server -- note that many IMAP clients have several
# connections for each IMAP session. The IMAP_CONNRATE_LIMIT restricts
# the rate at which clients can connect to the server, in this case, at
# most ten connections per second; if clients try to connect faster
# than that, the IMAP server simply slows down the rate at which it will
# accept new connections.
IMAP_CONNECTION_LIMIT=500
IMAP_CONNRATE_LIMIT=10
# The IMAP_IDLE_TIMEOUT tweak is the maximum time an IMAP connection
# will wait for a command before terminating the connection. The default
# setting, and the minimum required setting, is thirty minutes. Some
# clients will "refresh" their connection once every thirty minutes
# exactly -- but if they are a little bit late, the server drops their
# connection. Setting a timeout of 31 minutes avoids this problem.
IMAP_IDLE_TIMEOUT=31
# This tweak arranges for Local Delivery to automatically create a
# message store for users who have been created without one.
# Users who have been added using the bulk-add mechanism used by the
# wizard will not have a message store and so setting this tweak allows
# them to receive mail before they have been signed on initially.
LD_CREATE_MESSAGE_STORE=TRUE


[gren]

Hmmm. Afraid nothing in there jumps out at me.
Are you sure that the LDAP service running on your machine is the Scalix LDAP service?

Regards,
Gren.

[Beleggrodion]

Yes, im think that the service is running. See outputs below.

netstat -an | grep LISTEN | grep 389

Code: Select all

tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN


ps waufx | grep ldap

Code: Select all

root      3198  0.0  0.0   4888  1224 ?        Ss   Oct06   0:00 /opt/scalix/bin/ldapmapper --pidfile /var/run/ldapmapper.pid
root     11323  0.0  0.0  60232   696 pts/1    S+   17:34   0:00          \_ grep ldap


omstat -a

Code: Select all

PC Monitor                    Started        NON-STOP       0
Directory Relay Server        Started        15:04:55
Notification Server           Started        15:04:55       0
Shared memory daemon          Started        NON-STOP
Notification Monitor          Started        NON-STOP
Session Monitor               Started        NON-STOP
Indexer                       Started        NON-STOP
Stats Daemon                  Started        NON-STOP
Container Access Monitor      Started        NON-STOP
Item Structure Server         Stopped
Database Monitor              Started        15:04:55
Licence Monitor Daemon        Started        NON-STOP
LDAP Daemon                   Started        15:04:55
Queue Manager                 Started        NON-STOP
Item Delete Daemon            Started        NON-STOP
IMAP Server Daemon            Started        15:04:55
SMTP Relay                    Started        15:04:55
Mime Browser Controller       Started        15:04:55
Event Server                  Started        15:04:55


lsof -i:389

Code: Select all

COMMAND  PID USER   FD   TYPE   DEVICE SIZE NODE NAME
omslapd 8763 root   14u  IPv4 10120993       TCP *:ldap (LISTEN)


[gren]

Now I'm really confused. It is possible that the LDAP query is against a different host. May be worth trying to capture network traffic and see if anything can be spotted.

Regards,
Gren.

[Beleggrodion]

Hmm i don't see something that can help, but see the dump below. That's all traffic that goes over the ldap port, and i see the same message as above in the logfile.

tcpdump -i any port ldap -nXs0

Code: Select all

tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

13:30:51.122046 IP 192.168.8.84.55464 > 192.168.8.84.ldap: S 2659601154:2659601154(0) win 32792 <mss 16396,sackOK,timestamp 564453470 0,nop,wscale 7>
        0x0000:  4500 003c ab5c 4000 4006 fd66 c0a8 0854  E..<.\@.@..f...T
        0x0010:  c0a8 0854 d8a8 0185 9e86 4b02 0000 0000  ...T......K.....
        0x0020:  a002 8018 35dd 0000 0204 400c 0402 080a  ....5.....@.....
        0x0030:  21a4 e05e 0000 0000 0103 0307            !..^........
13:30:51.122214 IP 192.168.8.84.ldap > 192.168.8.84.55464: S 2666021729:2666021729(0) ack 2659601155 win 32768 <mss 16396,sackOK,timestamp 564453470 564453470,nop,wscale 7>
        0x0000:  4500 003c 0000 4000 4006 a8c3 c0a8 0854  E..<..@.@......T
        0x0010:  c0a8 0854 0185 d8a8 9ee8 4361 9e86 4b03  ...T......Ca..K.
        0x0020:  a012 8000 5197 0000 0204 400c 0402 080a  ....Q.....@.....
        0x0030:  21a4 e05e 21a4 e05e 0103 0307            !..^!..^....
13:30:51.122274 IP 192.168.8.84.55464 > 192.168.8.84.ldap: . ack 1 win 257 <nop,nop,timestamp 564453470 564453470>
        0x0000:  4500 0034 ab5d 4000 4006 fd6d c0a8 0854  E..4.]@.@..m...T
        0x0010:  c0a8 0854 d8a8 0185 9e86 4b03 9ee8 4362  ...T......K...Cb
        0x0020:  8010 0101 39bb 0000 0101 080a 21a4 e05e  ....9.......!..^
        0x0030:  21a4 e05e                                !..^
13:30:51.122283 IP 192.168.8.84.55464 > 192.168.8.84.ldap: P 1:15(14) ack 1 win 257 <nop,nop,timestamp 564453470 564453470>
        0x0000:  4500 0042 ab5e 4000 4006 fd5e c0a8 0854  E..B.^@.@..^...T
        0x0010:  c0a8 0854 d8a8 0185 9e86 4b03 9ee8 4362  ...T......K...Cb
        0x0020:  8018 0101 922d 0000 0101 080a 21a4 e05e  .....-......!..^
        0x0030:  21a4 e05e 300c 0201 0160 0702 0103 0400  !..^0....`......
        0x0040:  8000                                     ..
13:30:51.122292 IP 192.168.8.84.ldap > 192.168.8.84.55464: . ack 15 win 256 <nop,nop,timestamp 564453470 564453470>
        0x0000:  4500 0034 a33c 4000 4006 058f c0a8 0854  E..4.<@.@......T
        0x0010:  c0a8 0854 0185 d8a8 9ee8 4362 9e86 4b11  ...T......Cb..K.
        0x0020:  8010 0100 39ae 0000 0101 080a 21a4 e05e  ....9.......!..^
        0x0030:  21a4 e05e                                !..^
13:30:51.125444 IP 192.168.8.84.ldap > 192.168.8.84.55464: P 1:54(53) ack 15 win 256 <nop,nop,timestamp 564453471 564453470>
        0x0000:  4500 0069 a33d 4000 4006 0559 c0a8 0854  E..i.=@.@..Y...T
        0x0010:  c0a8 0854 0185 d8a8 9ee8 4362 9e86 4b11  ...T......Cb..K.
        0x0020:  8018 0100 9254 0000 0101 080a 21a4 e05f  .....T......!.._
        0x0030:  21a4 e05e 3033 0201 0161 2e0a 0135 0400  !..^03...a...5..
        0x0040:  0427 4c44 4150 2073 6572 7665 7220 7265  .'LDAP.server.re
        0x0050:  7175 6972 6573 2061 7574 6865 6e74 6963  quires.authentic
        0x0060:  6174 6564 2062 696e 64                   ated.bind
13:30:51.125580 IP 192.168.8.84.55464 > 192.168.8.84.ldap: . ack 54 win 257 <nop,nop,timestamp 564453471 564453471>
        0x0000:  4500 0034 ab5f 4000 4006 fd6b c0a8 0854  E..4._@.@..k...T
        0x0010:  c0a8 0854 d8a8 0185 9e86 4b11 9ee8 4397  ...T......K...C.
        0x0020:  8010 0101 3976 0000 0101 080a 21a4 e05f  ....9v......!.._
        0x0030:  21a4 e05f                                !.._
13:30:51.125657 IP 192.168.8.84.55464 > 192.168.8.84.ldap: F 15:15(0) ack 54 win 257 <nop,nop,timestamp 564453471 564453471>
        0x0000:  4500 0034 ab60 4000 4006 fd6a c0a8 0854  E..4.`@.@..j...T
        0x0010:  c0a8 0854 d8a8 0185 9e86 4b11 9ee8 4397  ...T......K...C.
        0x0020:  8011 0101 3975 0000 0101 080a 21a4 e05f  ....9u......!.._
        0x0030:  21a4 e05f                                !.._
13:30:51.129300 IP 192.168.8.84.ldap > 192.168.8.84.55464: F 54:54(0) ack 16 win 256 <nop,nop,timestamp 564453472 564453471>
        0x0000:  4500 0034 a33e 4000 4006 058d c0a8 0854  E..4.>@.@......T
        0x0010:  c0a8 0854 0185 d8a8 9ee8 4397 9e86 4b12  ...T......C...K.
        0x0020:  8011 0100 3974 0000 0101 080a 21a4 e060  ....9t......!..`
        0x0030:  21a4 e05f                                !.._
13:30:51.129313 IP 192.168.8.84.55464 > 192.168.8.84.ldap: . ack 55 win 257 <nop,nop,timestamp 564453472 564453472>
        0x0000:  4500 0034 ab61 4000 4006 fd69 c0a8 0854  E..4.a@.@..i...T
        0x0010:  c0a8 0854 d8a8 0185 9e86 4b12 9ee8 4398  ...T......K...C.
        0x0020:  8010 0101 3972 0000 0101 080a 21a4 e060  ....9r......!..`
        0x0030:  21a4 e060     


[gren]

You could try placing :
LDAP_MUST_AUTHENTICATE="false"
in general.cfg
However, bear in mind that if you are using the Mailnode Hosting version of Scalix, this may affect segmented address book functionality.

Regards,
Gren.