SWA 'Edit Delegates' and 'Add Additional Mailbox not working

[simrid]

Hiya,

SWA seems to be working fine except for the "Edit Delegates" and "Add Additional Mailbox" functions.

I can:
- Log in as user ok
- Send, receive mail
- See Public Folders
- See Personal Contacts.

I can't
- Edit Delegates
When I press the "Add" button the correct box pops up but it contains an error "An error has occurred. Contact your email administrator if the problem persists."

- Add Additional Mailboxes
When I press the "Add" button the correct box pops up but it contains an error "An error has occurred. Contact your email administrator if the problem persists."


The only relevant log entries I can find are in scalix-api.log:

Code: Select all

2009-03-20 10:42:56,381 ERROR [Directory.getAttributesBySmtpAddress:85] Naming exception! ProviderURL=ldap://scalix.blah.com.au:389

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

        at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

        at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

        at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

        at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

        at javax.naming.InitialContext.init(Unknown Source)

        at javax.naming.InitialContext.<init>(Unknown Source)

        at javax.naming.directory.InitialDirContext.<init>(Unknown Source)

        at com.scalix.api.directory.Directory.getAttributesBySmtpAddress(Directory.java:53)

        at com.scalix.api.rest.ResolvePrincipalInterceptor.preHandle(ResolvePrincipalInterceptor.java:44)

        at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:829)

        at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:774)

        at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:460)

        at com.scalix.api.PlatformDispatcherServlet.service(PlatformDispatcherServlet.java:74)

        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)

        at org.springframework.web.filter.AbstractRequestLoggingFilter.doFilterInternal(AbstractRequestLoggingFilter.java:133)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)

        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)

        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)

        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)

        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)

        at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)

        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)

        at java.lang.Thread.run(Unknown Source)


This error only occurs when the user logs into SWA, not when requesting delegates or adding additional mailboxes.

We are using Scalix 11.4.2
I can log into SAC ok.
Both sxadmin and sxqueryadmin are not locked.
Postgres is running.
- Have tried restarting scalix-tomcat and postgres
Wound up the logging with omconfaud but no extra errors appeared using omshowlog..

Any ideas?



Thanks,
Sim

[simrid]

A bit of extra info after a bit of playing around.

I tcpdump'd the failed LDAP request.
The request contained the correct user ID and that user's password.
The response was: invalid credentials (49)

I had a little play with omldapsearch using the username and password captured in the tcpdump.

This search authenticated ok:

Code: Select all

omldapsearch -b o=system -D testuser@blah.com.au -v cn=


This search failed:

Code: Select all

omldapsearch -b o=system -D testuser@blah.com.au -w password123 -v cn=


[sg]

in some version, i believe it was 11.4.0, the ldap was changed, so you have to 'authenticate' for ldap connections.

for me it looks like swa is doiing it right, but ldap isn't accepting this.

[simrid]

Thanks sg, you were correct.

We are using Kerberos auth for everything else but pam.d/omslapdeng still had the default config of

Code: Select all

auth     required om_auth nullok


Modified so that it uses Kerberos and it now works fine.
omldapsearch also now authenticates as expected.