Yet another can't login to SAC problem

[mglazier]

I have never been able to login to SAC with sxadmin. I have been reading these logs for the past week trying to find an answer. None of the issues that relate to mine seem to have had any resolution other than that sxqueryadmin may be locked. It does not appear to me that this id is locked.

CentOS 4.2

I understand that the LDAP: error code 49 is due to the sxqueryadmin not being able to login. I am pretty sure I have the expiary turned off and omshowu displays:

Authentication ID: sxqueryadmin@mail.****.org
User Name : sxqueryadmin /CN=sxqueryadmin
MailNode : mail,****
Internet Address : sxqueryadmin-mail@****.org
System Login : 60534
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : Never.
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Limited

omsearch -e cn=sxqueryadmin -m @all-attr@ -v
S=sxqueryadmin
OU1=mail
OU2=*****
CN=sxqueryadmin
INTERNET-ADDR=sxqueryadmin-mail@*****.org
ENTRY-TYPE=1
UL-AUTHID=sxqueryadmin@mail.****.org
UL-CAPS=7
UL-CLASS=Limited
UL-IL=C
IA-FORMAL=sxqueryadmin-mail@*****.org
S-SDX=S635
HOST-FQDN=mail.*****.org
GLOBAL-UNIQUE-ID=11100000cd23e144-42.1.861.291
LOCAL-UNIQUE-ID=289
DBV-ID=33554440

I have verified that revers DNS is correct.

hostname --fqdn
mail.****.org

from scalix/global/config
OMNAME=mail
OMHOSTNAME=mail.****.org

caa.log
2006-03-23 20:50:22,770 ERROR [RbacAuthorizationHelper.isScalixUser:228] Exception:
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

[ScalixSupport]

Which user are you trying to logon to SAC as? Could you post the exact string you're entering as the Login ID? Could you then post the output from and omshowu -n of that user as well as the omsearch output with the -v -m @all-attr@.

Thanks,
Rachel

[mglazier]

I am using sxadmin@example.org and also try sxadmin@mail.example.org as well. Neither allow a login.

omshowu -n
Authentication ID: sxadmin@mail.example.org
User Name : sxadmin /CN=sxadmin
MailNode : mail,example
Internet Address : sxadmin-mail@example.org
System Login : sxadmin
Password : set
Admin Capabilities : YES
Mailbox Admin Capabilities : NO
Language : C
Virtual Vault : Enabled (default)
Mail Account: Unlocked
Last Signon : 03.21.06 21:13:36
Receipt of mail : ENABLED
Service level : 0
Excluded from Tidying : NO
User Class : Limited


omsearch output
S=sxadmin
OU1=mail
OU2=example
CN=sxadmin
INTERNET-ADDR=sxadmin-mail@example.org
ENTRY-TYPE=1
UL-AUTHID=sxadmin@mail.example.org
UL-CAPS=7
UL-CLASS=Limited
UL-IL=C
IA-FORMAL=sxadmin-mail@example.org
S-SDX=S355
HOST-FQDN=mail.example.org
GLOBAL-UNIQUE-ID=15000000cd23e144-42.1.861.291
LOCAL-UNIQUE-ID=97
DBV-ID=33554433

[ScalixSupport]

The correct login name is the sxadmin AuthID, so you should be entering "sxadmin@mail.example.org". Can you logon to SWA as sxadmin? Can you post the output from:

ps -aef|grep tomcat

Thanks,
Rachel

[mglazier]

Is SWA the webmail? If so, then yes, the sxadmin user is able to login to webmail.
The sxadmin user is not able to login to SAC with the sxadmin@mail.example.org AUTHID.


ps -aef | grep tomcat
root 12159 1 67 08:48 pts/10 00:00:12 /usr/java/j2re1.4.2_11/bin/java -server -Djava.net.preferIPv4Stack=true -Xms512m -Xmx512m -Djava.endorsed.dirs=/opt/scalix-tomcat/common/endorsed -classpath /usr/java/j2re1.4.2_11/lib/tools.jar:/opt/scalix-tomcat/bin/bootstrap.jar:/opt/scalix-tomcat/bin/commons-logging-api.jar -Dcatalina.base=/opt/scalix-tomcat -Dcatalina.home=/opt/scalix-tomcat -Djava.io.tmpdir=/opt/scalix-tomcat/temp org.apache.catalina.startup.Bootstrap start

[florian]

did you reset the password of sxqueryadmin? if so, we recommend uninstalling the sac and res components of the server (no data will be lost), then deleting sxqueryadmin with omdelu and then re-installing the two components so that the user will be recreated.

We'll be releasing a patch release to Scalix 10, 10.0.1, in the next few days, that, among other fixes, will provide a more elegant solution to this problem; it will also take care of the password expiration and other issues around this.

Cheers,
Florian.

[mglazier]

No, I did not reset the sxqueryadmin password.
I'll try what you suggest. I am crossing my fingers.

Thanks

[mglazier]

It works now after deleting the sxqueryadmin user and reinstalling SAC and RES.
If I were female I would being crying now :D

[florian]

Hi....

yes, I believe it was the auto-generated password of sxqueryadmin that got lost somehow. Due to the changes we did in password expiration, this mechanism sometimes no longer works as expected. We've made some changes and will use an admin-assigned LDAP access security key going forward. The changes will be available in our upcoming 10.0.1 patch release that I expect to see out this week. Then, hopefully all these sxqueryadmin problems will be history!

Please don't cry! Fortunately, it's only software.

Cheers,
Florian.