Forums

Resolved
0 votes
Hello,

When a user tries to change his password in webconfig it is not working in Zarafa and Z-push.

When the admin (root) change the password for the user, then it is working also in Zarafa or Z-push.
Is this a bug or is the user not able to change his own password ?
In Users
Monday, December 05 2016, 11:38 AM
Share this post:
Responses (15)
  • Accepted Answer

    Tuesday, January 03 2017, 02:37 PM - #Permalink
    Resolved
    0 votes
    Ben Chambers wrote:

    Try ruling out the password policies app causing the issue...disable Account Lockout for a bit and see if the issue re-occurs.

    B.

    Done. Now let just wait for a while.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2017, 02:33 PM - #Permalink
    Resolved
    0 votes
    Try ruling out the password policies app causing the issue...disable Account Lockout for a bit and see if the issue re-occurs.

    B.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2017, 02:23 PM - #Permalink
    Resolved
    0 votes
    Ben Chambers wrote:

    Patrick,

    Strange...we've had no other reports of such behaviour, so this is something specific to your system(s).

    Do you have Password Policies app installed on both servers?

    B.

    Of course it is only on my systems.... :-). The same when you go to the doctor with ....... hahaha

    I've on both systems the app password policies installed.


    Minimum Password - Length 5
    Minimum Password Age - Modify Any Time
    Maximum Password Age - No Expire
    History Size - No History
    Account Lockout - Enabled
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2017, 02:18 PM - #Permalink
    Resolved
    0 votes
    Patrick,

    Strange...we've had no other reports of such behaviour, so this is something specific to your system(s).

    Do you have Password Policies app installed on both servers?

    B.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2017, 12:20 PM - #Permalink
    Resolved
    0 votes
    Update:

    On my own server at home i'd just the same problem on my own account.
    I'd a popup on my phone for the mail account to enter my password.
    I needed to reset my password in webconfig as root
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, January 03 2017, 09:18 AM - #Permalink
    Resolved
    0 votes
    The last few days a lot of users couldn't login any more, even after re-entering the password as root.
    After entering a complete new password a few time as a root it was possible to login again.

    How is it possible that the login has failed after a while, even when nothing has been changed.
    Also re-entering the same password as a root did not work.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, December 10 2016, 07:48 PM - #Permalink
    Resolved
    0 votes
    Peter Baldwin wrote:

    No luck. Same problem with zarafa/webapp, z-push and owncloud


    The common thread with those 3 packages: all use the external Apache web server (i.e. not the Webconfig Apache engine on port 81, but the normal port 80/443 Apache engine). Apache Sessions? Memcache? php.ini changes?

    Peter,

    Both systems are running without any changes as per default installation.


    As mentioned before it is working after a short time waiting (20-30 mins).
    Yesterday on both systems, where i've tried to changed the user password a few days ago, the account wasn't accesable any more.
    I needed to re-enter the password as admin.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, December 07 2016, 03:45 AM - #Permalink
    Resolved
    0 votes
    No luck. Same problem with zarafa/webapp, z-push and owncloud


    The common thread with those 3 packages: all use the external Apache web server (i.e. not the Webconfig Apache engine on port 81, but the normal port 80/443 Apache engine). Apache Sessions? Memcache? php.ini changes?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, December 06 2016, 11:03 AM - #Permalink
    Resolved
    0 votes
    UPDATE
    --------------------
    After changing the password as an enduser, you can not login with the new password directly.
    It takes approx. 20-30 minutes and then it is possible with the new password.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, December 06 2016, 10:13 AM - #Permalink
    Resolved
    0 votes
    Ben Chambers wrote:

    Nothing jumping out.

    I'm not aware of anything that cache's auth credentials from LDAP. I don't believe nscd daemon caches auth credentials, but I guess we could test it. Go ahead and change your user's password from the user's Webconfig login, and then run:

    nscd -i passwd


    Then try logging into to Zarafa portal or using z-push...any joy?

    B.

    Hi Ben,

    No luck. Same problem with zarafa/webapp, z-push and owncloud
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 05 2016, 07:57 PM - #Permalink
    Resolved
    0 votes
    Nothing jumping out.

    I'm not aware of anything that cache's auth credentials from LDAP. I don't believe nscd daemon caches auth credentials, but I guess we could test it. Go ahead and change your user's password from the user's Webconfig login, and then run:

    nscd -i passwd


    Then try logging into to Zarafa portal or using z-push...any joy?

    B.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 05 2016, 07:36 PM - #Permalink
    Resolved
    0 votes
    Patrick de Brabander wrote:

    Ben Chambers wrote:

    Can you paste your /etc/zarafa/server.cfg and /etc/zarafa/ldap.cfg files? I wonder if we can spot anything different.

    Can you confirm that logging into Zarafa's webapp (eg. https://example.com/webapp) mail GUI, you cannot login after you change the user password inside ClearOS's webconfing (https://example.com:81/app/) while logged in as the user (not root).

    Thanks,

    B.

    Ben,

    I can confirm that on both system you can not login at https://system/webapp nor owncloud

    /etc/zarafa/server.cfg

    ##############################################################
    # SERVER SETTINGS

    # IP Address to bind to (0.0.0.0 for ANY)
    # Set to 127.0.0.1 if connections should only come from localhost
    # and through the webserver proxy
    server_bind = 0.0.0.0

    # Accept normal TCP connections (not recommended to disable)
    server_tcp_enabled = yes

    # Port to bind to
    server_tcp_port = 236

    # Accept unix pipe connections (not recommended to disable)
    server_pipe_enabled = yes

    # Unix socket location
    server_pipe_name = /var/run/zarafa

    # Priority unix socket location
    server_pipe_priority = /var/run/zarafa-prio

    # Name for identifying the server in a multi-server environment
    server_name = Zarafa

    # Override the hostname of this server, used by Kerberos SSO if enabled
    server_hostname =

    # Database engine (mysql)
    database_engine = mysql

    # Allow connections from normal users through the unix socket
    allow_local_users = yes

    # local admin users who can connect to any store (use this for the zarafa-dagent)
    # field is SPACE separated
    # eg: local_admin_users = root vmail
    local_admin_users = root

    # The user has full rights on a folder by default, uncomment the following line to disable this.
    # owner_auto_full_access = false
    owner_auto_full_access = true

    # e-mail address of the Zarafa System user
    system_email_address = postmaster@localhost

    # drop privileges and run the process as this user
    run_as_user =

    # drop privileges and run the process as this group
    run_as_group =

    # create a pid file for stopping the service via the init.d scripts
    pid_file = /var/run/zarafa-server.pid

    # run server in this path (when not using the -F switch)
    running_path = /

    # create memory coredumps upon crash in the running_path directory
    coredump_enabled = yes

    # session timeout for clients. Values lower than 300 will be upped to 300
    # automatically. If the server hears nothing from a client in session_timeout
    # seconds, then the session is killed.
    session_timeout = 300

    # Socket to connect to license server
    license_socket = /var/run/zarafa-licensed

    # Time (in seconds) to wait for a connection to the license server before
    # terminating the request.
    license_timeout = 10

    ##############################################################
    # LOG SETTINGS

    # Logging method (syslog, file), syslog facility is 'mail'
    log_method = file

    # Logfile (for log_method = file, '-' for stderr)
    log_file = /var/log/zarafa/server.log

    # Loglevel (0=no logging, 5=full logging)
    log_level = 2

    # Log timestamp - prefix each log line with timestamp in 'file' logging mode
    log_timestamp = 1

    ##############################################################
    # AUDIT LOG SETTINGS

    # Audit logging is by default not enabled
    audit_log_enabled = no

    # Audit logging method (syslog, file), syslog facility is 'authpriv'
    audit_log_method = syslog

    # Audit logfile (for log_method = file, '-' for stderr)
    audit_log_file = /var/log/zarafa/audit.log

    # Audit loglevel (0=no logging, 1=full logging)
    audit_log_level = 1

    # Audit log timestamp - prefix each log line with timestamp in 'file' logging mode
    audit_log_timestamp = 1

    ##############################################################
    # MYSQL SETTINGS (for database_engine = mysql)

    # MySQL hostname to connect to for database access
    mysql_host = 127.0.0.1

    # MySQL port to connect with (usually 3306)
    mysql_port = 3308

    # The user under which we connect with MySQL
    mysql_user = zarafa

    # The password for the user (leave empty for no password)
    mysql_password = XXXXXXXXXXXXXXXXXXXXX

    # Override the default MySQL socket to access mysql locally
    # Works only if the mysql_host value is empty or 'localhost'
    mysql_socket =

    # Database to connect to
    mysql_database = zarafa

    # Where to place attachments. Value can be 'database' or 'files'
    attachment_storage = files

    # When attachment_storage is 'files', use this path to store the files
    attachment_path = /var/lib/zarafa/attachments

    # Compression level for attachments when attachment_storage is 'files'.
    # Set compression level for attachments disabled=0, max=9
    attachment_compression = 6

    ##############################################################
    # SSL SETTINGS

    # enable SSL support in server
    server_ssl_enabled = yes

    # Listen for SSL connections on this port
    server_ssl_port = 237

    # Required Server certificate, contains the certificate and the private key parts
    server_ssl_key_file = /etc/zarafa/ssl/server.pem

    # Password of Server certificate
    server_ssl_key_pass = replace-with-server-cert-password

    # Required Certificate Authority of server
    server_ssl_ca_file = /etc/zarafa/ssl/cacert.pem

    # Path with CA certificates, e.g. /etc/ssl/certs
    server_ssl_ca_path =

    # SSL protocols to use, set to '!SSLv2' for 'server_ssl_enable_v2 = no'
    server_ssl_protocols = !SSLv2

    # SSL ciphers to use, set to 'ALL' for backward compatibility
    server_ssl_ciphers = ALL:!LOW:!SSLv2:!EXP:!aNULL

    # Prefer the server's order of SSL ciphers over client's
    server_ssl_prefer_server_ciphers = no

    # Path of SSL Public keys of clients
    sslkeys_path = /etc/zarafa/sslkeys

    ##############################################################
    # THREAD SETTINGS

    # Number of server threads
    # default: 8
    threads = 8

    # Watchdog frequency. The number of watchdog checks per second.
    # default: 1
    watchdog_frequency = 1

    # Watchdog max age. The maximum age in ms of a task before a
    # new thread is started.
    # default: 500
    watchdog_max_age = 500

    # Maximum SOAP keep_alive value
    # default: 100
    server_max_keep_alive_requests = 100

    # SOAP recv timeout value (time between requests)
    # default: 5
    server_recv_timeout = 5

    # SOAP read timeout value (time during requests)
    # default: 60
    server_read_timeout = 60

    # SOAP send timeout value
    # default: 60
    server_send_timeout = 60

    ##############################################################
    # OTHER SETTINGS

    # Softdelete clean cycle (in days) 0=never running
    softdelete_lifetime = 30

    # Sync lifetime, removes all changes remembered for a client after x days of inactivity
    sync_lifetime = 90

    # Set to 'yes' if all changes (for synchronization) to messages should be logged to the database
    sync_log_all_changes = yes

    # Set to 'yes' if you have Kerberos or NTLM correctly configured for single sign-on
    enable_sso = no

    # Set to 'yes' if you want to show the GAB to your users
    enable_gab = yes

    # Authentication can be through plugin (default, recommended), pam or kerberos
    auth_method = plugin

    # If auth_method is set to pam, you should provide the pam service name
    pam_service = passwd


    #############################################################
    # CACHE SETTINGS
    #
    # To see the live cache usage, use 'zarafa-stats --system'.

    # Size in bytes of the 'cell' cache (should be set as high as you can afford to set it)
    cache_cell_size = 4096M

    # Size in bytes of the 'object' cache
    cache_object_size = 32M

    # Size in bytes of the 'indexed object' cache
    cache_indexedobject_size = 64M

    # Size in bytes of the userquota details
    cache_quota_size = 1M

    # Lifetime for userquota details
    cache_quota_lifetime = 1

    # Size in bytes of the acl cache
    cache_acl_size = 1M

    # Size in bytes of the store id/guid cache
    cache_store_size = 1M

    # Size in bytes of the 'user id' cache (this is allocated twice)
    cache_user_size = 1M

    # Size in bytes of the 'user details' cache
    cache_userdetails_size = 26214400

    # Lifetime for user details
    cache_userdetails_lifetime = 0

    # Size in bytes of the server details (multiserver setups only)
    cache_server_size = 1M

    # Lifetime for server details (multiserver setups only)
    cache_server_lifetime = 30


    ##############################################################
    # QUOTA SETTINGS

    # The default Warning Quota Level. Set to 0 to disable this level.
    # The user will receive an email when this level is reached. Value is in Mb. Default value is 0.
    quota_warn = 3500

    # The default Soft Quota Level. Set to 0 to disable this level.
    # The user will still receive mail, but sending new mail is prohibited, until objects are removed from the store.
    # VALUE is in Mb. Default value is 0.
    quota_soft = 4000

    # The default Hard Quota Level. Set to 0 to disable this level.
    # The user can not receive and send mail, until objects are removed from the store.
    # Value is in Mb. Default value is 0.
    quota_hard = 5000

    # The default Warning Quota Level for multitenant public stores. Set to 0 to disable this level.
    # The tenant administrator will receive an email when this level is reached. Value is in Mb. Default value is 0.
    companyquota_warn = 0


    ##############################################################
    # USER PLUGIN SETTINGS

    # Name of the plugin that handles users
    # Required, default = db
    # Values: ldap, unix, db, ldapms (available in enterprise license)
    user_plugin = ldap

    # configuration file of the user plugin, examples can be found in /usr/share/doc/zarafa/example-config
    user_plugin_config = /etc/zarafa/ldap.cfg

    # location of the zarafa plugins
    # if you have a 64bit distribution, this probably should be changed to /usr/lib64/zarafa
    plugin_path = /usr/lib64/zarafa

    # scripts which create stores for users from an external source
    # used for ldap and unix plugins only
    createuser_script = /etc/zarafa/userscripts/createuser
    deleteuser_script = /etc/zarafa/userscripts/deleteuser
    creategroup_script = /etc/zarafa/userscripts/creategroup
    deletegroup_script = /etc/zarafa/userscripts/deletegroup
    createcompany_script = /etc/zarafa/userscripts/createcompany
    deletecompany_script = /etc/zarafa/userscripts/deletecompany

    # Set this option to 'yes' to skip the creation and deletion of new users
    # The action will be logged, so you can see if your changes to the plugin
    # configuration are correct.
    user_safe_mode = no

    ##############################################################
    # MISC SETTINGS

    # Thread size in KB, default is 512
    # WARNING: Do not set too small, your server WILL crash
    thread_stacksize = 512

    # Enable multi-tenancy environment
    # When set to true it is possible to create tenants within the
    # zarafa instance and assign all users and groups to particular
    # tenants.
    # When set to false, the normal single-tenancy environment is created.
    enable_hosted_zarafa = false

    # Enable multi-server environment
    # When set to true it is possible to place users and tenants on
    # specific servers.
    # When set to false, the normal single-server environment is created.
    enable_distributed_zarafa = false

    # Display format of store name
    # Allowed variables:
    # %u Username
    # %f Fullname
    # %c Teantname
    # default: %f
    storename_format = %f

    # Loginname format (for Multi-tenancy installations)
    # When the user does not login through a system-wide unique
    # username (like the email address) a unique name is created
    # by combining the username and the tenantname.
    # With this configuration option you can set how the
    # loginname should be built up.
    #
    # Note: Do not use the = character in the format.
    #
    # Allowed variables:
    # %u Username
    # %c Teantname
    #
    # default: %u
    loginname_format = %u

    # Set to yes for Windows clients to be able to download the latest
    # Zarafa Outlook client from the Zarafa server
    client_update_enabled = false

    # Place the correct Zarafa Outlook Client in this directory for
    # Windows clients to download through the Zarafa server
    client_update_path = /var/lib/zarafa/client

    # Recieve update information from the client (0 = disabled, 1 = only on error, 2 = log always)
    client_update_log_level = 1

    # Log location for the client auto update files
    client_update_log_path = /var/log/zarafa/autoupdate

    # Everyone is a special internal group, which contains every user and group
    # You may want to disable this group from the Global Addressbook by setting
    # this option to 'yes'. Administrators will still be able to see the group.
    hide_everyone = no

    # System is a special internal user, which has super-admin privileges
    # You may want to disable this user from the Global Addressbook by setting
    # this option to 'yes'. Administrators will still be able to see the user.
    hide_system = yes

    # Use Indexing service for faster searching.
    # Enabling this option requires the zarafa-search service to
    # be running.
    search_enabled = yes

    # Path to the zarafa-search service, this option is only required
    # if the server is going to make use of the indexing service.
    search_socket = file:///var/run/zarafa-search

    # Time (in seconds) to wait for a connection to the zarafa-search service
    # before terminating the indexed search request.
    search_timeout = 10

    # Allow enhanced ICS operations to speedup synchronization with cached profiles.
    # default: yes
    enable_enhanced_ics = yes

    # SQL Procedures allow for some optimized queries when streaming with enhanced ICS.
    # This is default disabled because you must set 'thread_stack = 256k' in your
    # MySQL server config under the [mysqld] tag and restart your MySQL server.
    enable_sql_procedures = no

    # Synchronize GAB users on every open of the GAB (otherwise, only on
    # zarafa-admin --sync)
    sync_gab_realtime = yes

    # Disable features for users. Default all features are disabled. This
    # list is space separated. Currently valid values: imap
    disabled_features =

    # Maximum number of deferred records in total
    max_deferred_records = 0

    # Maximum number of deferred records per folder
    max_deferred_records_folder = 20

    # Restrict the permissions that admins receive to folder permissions only. Please
    # read the server.cfg manpage before enabling this option so you really understand
    # the implications
    restrict_admin_permissions = no

    # The maximum level of attachment recursion; Defines the number of
    # attachment-in-attachment in-attachment levels are allowed when saving and
    # replicating objects in the database. If you really want a higher level of
    # recursion than about 20, you probably have to increase MySQL's stack_size
    # to allow replication to work properly.
    embedded_attachment_limit = 20

    # Header to detect whether a connection has been received through a proxy. The
    # value of the header is not inspected. If the header exists then the connection
    # is taken to be received via a proxy. An empty value disables proxy detection
    # and the value of '*' is used to indicate that all connections are proxied
    proxy_header =


    /etc/zarafa/ldap.cfg


    # Please do not edit - this file is automatically generated.

    ##############################################################
    # LDAP/ACTIVE DIRECTORY USER PLUGIN SETTINGS
    #
    # Any of these directives that are required, are only required if the
    # userplugin parameter is set to ldap.

    # LDAP host name/IP address
    # Optional, default = localhost
    ldap_host = localhost

    # LDAP port
    # Optional, default = 389
    # Use 636 for ldaps
    ldap_port = 389

    # LDAP protocol
    # Optional, default = ldap
    # use 'ldaps' for SSL encryption. Make sure /etc/ldap/ldap.conf is
    # configured correctly with TLS_CACERT
    ldap_protocol = ldap

    # The charset that strings are stored in on the LDAP server. Normally this
    # is utf-8, but this can differ according to your setup. The charset specified
    # here must be supported by your iconv(1) setup. See iconv -l for all charset
    ldap_server_charset = utf-8

    # The DN of the user to bind as for normal operations (not used for
    # authentication if ldap_authentication_method is set to "bind"
    # Optional, default = empty (anonymous bind)
    # The userPassword attribute must be readable for this user if the
    # ldap_authentication_method option is set to password.
    ldap_bind_user = cn=manager,ou=Internal,dc=pdebrabander,dc=nl

    # LDAP bind password
    # Optional, default = empty (no password)
    ldap_bind_passwd =XXXXXXXXX

    # The timeout for network operations in seconds
    ldap_network_timeout = 30

    # When an object (user/group/company) is changed, this attribute will also change:
    # Active directory: uSNChanged
    # LDAP: modifyTimestamp
    ldap_last_modification_attribute = modifyTimestamp

    # ldap_page_size limits the number of results from a query that will be downloaded at a time.
    # Default ADS MaxPageSize is 1000.
    ldap_page_size = 1000

    ##########
    # Object settings

    # Top level search base, every object should be available under this tree
    ldap_search_base = dc=pdebrabander,dc=nl

    # attribute name which is/(should: was) used in ldap_user_search_filter
    ldap_object_type_attribute = objectClass
    ldap_user_type_attribute_value = zarafa-user
    ldap_group_type_attribute_value = clearMailGroupAccount
    ldap_contact_type_attribute_value = zarafa-contact
    ldap_company_type_attribute_value = organizationalUnit
    ldap_addresslist_type_attribute_value = zarafa-addresslist
    ldap_dynamicgroup_type_attribute_value = zarafa-dynamicgroup


    ##########
    # There should be no need to edit any values below this line
    ##########

    ##########
    # User settings

    # Extra search for users using this LDAP filter. See ldap_search(3) or RFC
    # 2254 for details on the filter syntax.
    #
    # Hint: Use the zarafaAccount attribute in the filter to differentiate
    # between non-zarafa and zarafa users.
    #
    # Note: This filter should include contacts.
    #
    # Optional, default = empty (match everything)
    # For active directory, use:
    # (objectCategory=Person)
    # For LDAP with posix users:
    # no need to use the search filter.
    ldap_user_search_filter = (zarafaAccount=1)

    # unique user id for find the user
    # Required
    # For active directory, use:
    # objectGuid ** WARNING: This WAS: objectSid ** Updates *WILL* fail! **
    # For LDAP with posixAccount, use:
    # uidNumber
    # Note: contacts also use this field for uniqueness. If you change this,
    # you might need to update the zarafa.schema file too, and change
    # the MUST uidNumber to whatever you set here.dnl
    ldap_user_unique_attribute = uidNumber

    # Type of unique user id
    # default: text
    # For active directory, use:
    # binary
    # For LDAP with posix user, use:
    # text
    ldap_user_unique_attribute_type = text

    # Optional, default = cn
    # For active directory, use:
    # cn or displayName
    # For LDAP with posix user, use:
    # cn
    ldap_fullname_attribute = cn

    # Optional, default = uid
    # Active directory: sAMAccountName
    # LDAP: uid
    ldap_loginname_attribute = uid

    # Optional, default = userPassword
    # Active directory: unicodePwd
    # LDAP: userPassword
    ldap_password_attribute = userPassword

    # If set to bind, users are authenticated by trying to bind to the
    # LDAP tree using their username + password. Otherwise, the
    # ldap_password_attribute is requested and checked.
    # Optional, default = bind
    # Choices: bind, password
    # Active directory: bind
    # LDAP: password
    ldap_authentication_method = bind

    # Optional, default = mail
    # Active directory: mail
    # LDAP: mail
    ldap_emailaddress_attribute = mail

    # Optional, default = zarafaAliases
    # Active directory: zarafaAliases
    # LDAP: zarafaAliases
    ldap_emailaliases_attribute = clearMailAliases

    # Whether the user is an admin. The field is interpreted as a
    # boolean, 0 and false (case insensitive) meaning no, all other values
    # yes.
    # Optional, default = zarafaAdmin
    # Active directory: zarafaAdmin
    # LDAP: zarafaAdmin
    ldap_isadmin_attribute = zarafaAdmin

    # Whether a user is a non-active user. This means that the user will
    # not count towards your user count, but the user will also not be
    # able to log in
    # Optional, default = empty
    # Active directory: zarafaSharedStoreOnly
    # LDAP: zarafaSharedStoreOnly
    ldap_nonactive_attribute =

    # A nonactive store, or resource, can be specified to be a user, room or equipment.
    # Set it to 'room' or 'equipment' to make such types. If set to empty,
    # or wrong word, or 'user' it will be a nonactive user.
    # Optional, default = zarafaResourceType
    # Active directory: zarafaResourceType
    # LDAP: zarafaResourceType
    ldap_resource_type_attribute = zarafaResourceType

    # Numeric resource capacity
    # Optional, default = zarafaResourceCapacity
    # Active directory: zarafaResourceCapacity
    # LDAP: zarafaResourceCapacity
    ldap_resource_capacity_attribute = zarafaResourceCapacity

    # Optional
    # The attribute which indicates which users are allowed
    # to send on behalf of the selected user
    ldap_sendas_attribute = zarafaSendAsPrivilege

    # Optional, default = text
    # Active directory: dn
    # LDAP: text
    ldap_sendas_attribute_type = text

    # The attribute of the user and group which is listed in
    # the ldap_sendas_attribute
    # Empty default, using ldap_user_unique_attribute
    ldap_sendas_relation_attribute =

    # Optional, default = userCertificate
    # Active directory: userCertificate
    # LDAP: userCertificate
    ldap_user_certificate_attribute = userCertificate

    # Load extra user properties from the propmap file
    !propmap /etc/zarafa/ldap.propmap.cfg

    ##########
    # Group settings

    # Search for groups using this LDAP filter. See ldap_search(3) for
    # details on the filter syntax.
    # Hint: Use the zarafaAccount attribute in the filter to differentiate
    # between non-zarafa and zarafa groups.
    # Optional, default = empty (match everything)
    # For active directory, use:
    # (objectCategory=Group)
    # For LDAP with posix groups, use:
    # no need to set the search filter
    ldap_group_search_filter = (clearMailDistributionList=1)

    # unique group id for find the group
    # Required
    # For active directory, use:
    # objectSid
    # For LDAP with posix group, use:
    # gidNumber
    ldap_group_unique_attribute = cn

    # Type of unique group id
    # default: text
    # For active directory, use:
    # binary
    # For LDAP with posix group, use:
    # text
    ldap_group_unique_attribute_type = text

    # Optional, default = cn
    # Active directory: cn
    # LDAP: cn
    ldap_groupname_attribute = cn

    # Optional, default = member
    # Active directory: member
    # LDAP: memberUid
    ldap_groupmembers_attribute = member

    # Optional, default = text
    # Active directory: dn
    # LDAP: text
    ldap_groupmembers_attribute_type = dn

    # The attribute of the user which is listed in ldap_groupmember_attribute
    # Active directory: empty, matching dn's
    # LDAP: uidNumber, matching users in ldap_user_unique_attribute
    ldap_groupmembers_relation_attribute =

    # A group can also be used for security, eg. setting permissions on folders.
    # This makes a group a security group. The zarafaSecurityGroup value is boolean.
    # Optional, default = zarafaSecurityGroup
    # Active directory = groupType
    # LDAP: zarafaSecurityGroup
    ldap_group_security_attribute = zarafaSecurityGroup

    # In ADS servers, a special bitmask action is required on the groupType field.
    # This is actived by setting the ldap_group_security_attribute_type to `''ads`''
    # Otherwise, just the presence of the field will make the group security enabled.
    # Optional, default = boolean
    # Active directory = ads
    # LDAP: boolean
    ldap_group_security_attribute_type = boolean

    ##########
    # Company settings

    # Search for companies using this LDAP filter.
    # Hint: Use the zarafaAccount attribute in the filter to differentiate
    # between non-zarafa and zarafa companies.
    # Optional, default = empty (match everything)
    # For active directory, use:
    # (objectCategory=Company)
    # For LDAP with posix users, use:
    # no need to set the filter
    ldap_company_search_filter =

    # unique company id for find the company
    # Active directory: objectGUID
    # LDAP: ou
    ldap_company_unique_attribute = ou

    # Optional, default = text
    # Active directory: binary
    # LDAP: text
    ldap_company_unique_attribute_type = text

    # Optional, default = ou
    # Active directory: ou
    # LDAP: ou
    ldap_companyname_attribute = ou

    # Optional
    # The attribute which indicates which companies are allowed
    # to view the members of the selected company
    ldap_company_view_attribute = zarafaViewPrivilege

    # Optional, default = text
    ldap_company_view_attribute_type = text

    # The attribute of the company which is listed in the
    # ldap_company_view_attribute
    # Empty default, using ldap_company_unique_attribute
    ldap_company_view_relation_attribute =

    # Optional
    # The attribute which indicates which users from different companies
    # are administrator over the selected company.
    ldap_company_admin_attribute = zarafaAdminPrivilege

    # Optional, default = text
    # Active directory: dn
    # LDAP: text
    ldap_company_admin_attribute_type = text

    # The attribute of the company which is listed in the
    # ldap_company_admin_attribute
    # Empty default, using ldap_user_unique_attribute
    ldap_company_admin_relation_attribute =

    # The attribute which indicates which user is the system administrator
    # for the specified company.
    ldap_company_system_admin_attribute = zarafaSystemAdmin

    # Optional, default = text
    # Active directory: dn
    # LDAP: text
    ldap_company_system_admin_attribute_type = text

    # The attribute of the company which is listed in the
    # ldap_company_system_admin attribute
    # Empty default, using ldap_user_unique_attribute
    ldap_company_system_admin_relation_attribute =


    ##########
    # Addresslist settings

    # Add a filter to the addresslist search
    # Hint: Use the zarafaAccount attribute in the filter to differentiate
    # between non-zarafa and zarafa addresslists.
    # Optional, default = empty (match everything)
    ldap_addresslist_search_filter =

    # This is the unique attribute of a addresslist which is never going
    # to change, unless the addresslist is removed from LDAP. When this
    # value changes, Zarafa will remove the previous addresslist from the
    # database, and create a new addresslist with this unique value
    ldap_addresslist_unique_attribute = cn

    # This value can be 'text' or 'binary'. For OpenLDAP, only text is used.
    ldap_addresslist_unique_attribute_type = text

    # This is the name of the attribute on the addresslist object that
    # specifies the filter to be applied for this addresslist. All users
    # matching this filter AND matching the default
    # ldap_user_search_filter will be included in the addresslist
    ldap_addresslist_filter_attribute = zarafaFilter

    # This is the name of the attribute on the addresslist object that
    # specifies the search base to be applied for this addresslist.
    ldap_addresslist_search_base_attribute = zarafaBase

    # The attribute containing the name of the addresslist
    ldap_addresslist_name_attribute = cn


    ##########
    # Dynamicgroup settings

    # Add a filter to the dynamicgroup search
    # Hint: Use the zarafaAccount attribute in the filter to differentiate
    # between non-zarafa and zarafa dynamic groups.
    # Optional, default = empty (match everything)
    ldap_dynamicgroup_search_filter =

    # This is the unique attribute of a dynamicgroup which is never going
    # to change, unless the dynamicgroup is removed from LDAP. When this
    # value changes, Zarafa will remove the previous dynamicgroup from the
    # database, and create a new dynamicgroup with this unique value
    ldap_dynamicgroup_unique_attribute = cn

    # This value can be 'text' or 'binary'. For OpenLDAP, only text is used.
    ldap_dynamicgroup_unique_attribute_type = text

    # This is the name of the attribute on the dynamicgroup object that
    # specifies the filter to be applied for this dynamicgroup. All users
    # matching this filter AND matching the default
    # ldap_user_search_filter will be included in the dynamicgroup
    ldap_dynamicgroup_filter_attribute = zarafaFilter

    # This is the name of the attribute on the dynamicgroup object that
    # specifies the search base to be applied for this dynamicgroup.
    ldap_dynamicgroup_search_base_attribute = zarafaBase

    # The attribute containing the name of the dynamicgroup
    ldap_dynamicgroup_name_attribute = cn


    ##########
    # Quota settings

    # Optional
    # The attribute which indicates which users (besides the user who exceeds his quota)
    # should also receive a warning mail when a user exceeds his quota.
    ldap_quota_userwarning_recipients_attribute = zarafaQuotaUserWarningRecipients

    # Optional, default = text
    # Active directory: dn
    # LDAP: text
    ldap_quota_userwarning_recipients_attribute_type = text

    # Optional, default empty
    ldap_quota_userwarning_recipients_relation_attribute =

    # Optional
    # The attribute which indicates which users should receive a warning mail
    # when a company exceeds his quota.
    ldap_quota_companywarning_recipients_attribute = zarafaQuotaCompanyWarningRecipients

    # Optional, default = text
    # Active directory: dn
    # LDAP: text
    ldap_quota_companywarning_recipients_attribute_type = text

    # Optional, default empty
    ldap_quota_companywarning_recipients_relation_attribute =

    # Whether to override the system wide quota settings
    ldap_quotaoverride_attribute = zarafaQuotaOverride

    ldap_warnquota_attribute = zarafaQuotaWarn
    ldap_softquota_attribute = zarafaQuotaSoft
    ldap_hardquota_attribute = zarafaQuotaHard

    # Whether to override the system wide quota settings for all users within the company
    ldap_userdefault_quotaoverride_attribute = zarafaUserDefaultQuotaOverride

    ldap_userdefault_warnquota_attribute = zarafaUserDefaultQuotaWarn
    ldap_userdefault_softquota_attribute = zarafaUserDefaultQuotaSoft
    ldap_userdefault_hardquota_attribute = zarafaUserDefaultQuotaHard

    # Mapping from the quota attributes to a number of bytes. Qmail-LDAP
    # schema uses bytes (1), ADS uses kilobytes (1024*1024).
    ldap_quota_multiplier = 1048576

    ##########
    # Misc. settings

    # Attribute which indicates if the user should be hidden from addressbook
    ldap_addressbook_hide_attribute = zarafaHidden

    # LDAP object search filter. %s in this filter will be replaced with
    # the object being searched.
    # Hint: Use the zarafaAccount attribute in the filter to differentiate
    # between non-zarafa and zarafa objects.
    # Default: empty
    # ADS recommended: (anr=%s)
    # OpenLDAP optional: (|(mail=%s*)(uid=%s*)(cn=*%s*)(fullname=*%s*)(givenname=*%s*)(lastname=*%s*)(sn=*%s*))
    ldap_object_search_filter =

    # If a request want more objects than this value, it will download the
    # full ldap tree (from the base with the search filter) and discard
    # wat was not required. This is faster for large requests.
    # Default: 1000
    ldap_filter_cutoff_elements = 1000
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 05 2016, 07:26 PM - #Permalink
    Resolved
    0 votes
    Can you paste your /etc/zarafa/server.cfg and /etc/zarafa/ldap.cfg files? I wonder if we can spot anything different.

    Can you confirm that logging into Zarafa's webapp (eg. https://example.com/webapp) mail GUI, you cannot login after you change the user password inside ClearOS's webconfing (https://example.com:81/app/) while logged in as the user (not root).

    Thanks,

    B.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 05 2016, 05:58 PM - #Permalink
    Resolved
    0 votes
    Ben Chambers wrote:

    The user password change and the 'root' account editing a user to change the password use the exact same API function call, so I can't explain what you're seeing.

    Furthermore, I tried to duplicate the situation you describe, and I could not. Changing my user password inside Webconfig using my 'enduser' account required me to use this new password immediately upon trying to login to Zarafa.

    Ben

    Hi Ben,

    I've tried it on my own system at home and i'm having the same issue.
    After login as an enduser in webconfig and chaning my password, gives directly a popup on my phone.
    Using the new password is not working and the same is with Zarafa.
    After changing the password for the enduser as root in webconfig, makes it work again.

    For your info :
    ClearOS 7.2 home edition Essentials
    ZCP 7.2.0-48204
    Z-push 2.2.12

    The same problem is with Owncloud, which you cannot get logged in too
    The reply is currently minimized Show
  • Accepted Answer

    Monday, December 05 2016, 04:13 PM - #Permalink
    Resolved
    0 votes
    The user password change and the 'root' account editing a user to change the password use the exact same API function call, so I can't explain what you're seeing.

    Furthermore, I tried to duplicate the situation you describe, and I could not. Changing my user password inside Webconfig using my 'enduser' account required me to use this new password immediately upon trying to login to Zarafa.

    Ben
    The reply is currently minimized Show
Your Reply