0002913: Login failed due to unhandled error case: -1 - SOGo | BTS

ID	Project	Category	View Status	Date Submitted	Last Update

0002913	SOGo	Backend General	public	2014-09-01 13:37	2015-01-16 17:57

Reporter	Altibox	Assigned To	ludovic
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Platform	[Server] Linux	OS	RHEL/CentOS	OS Version	6
Product Version	2.2.7
Target Version	2.2.14	Fixed in Version	2.2.14

Summary	0002913: Login failed due to unhandled error case: -1
Description	I am trying to enable ldap passwordPolicy in SOGo. We are currently authentication the users from our RHEL 389 directory server. We want to enable password policy to force to users having stronger passwords. I am curently testing it in our lab environment.
Steps To Reproduce	Before - Testing that login and change of password in SOGo works fine. 389-DS: Enable password policy 389-console: Configuration / Data: Enable fine-grained password policy. 389-console: Directory sub-tree: Create subtree level password policy. Check password syntax: minimum 8 chars, 2 digits, and 3 alpha characters Was logged-in during enabling of policy. Trying to change password. new weak password password according to new policy I get 'password change failed' for both. Disconnecting and trying to login again: Now I get: 'Wrong username or password' /var/log/sogo/sogo.log: Sep 01 10:12:20 sogod [6198]: \|SOGo\| starting method 'POST' on uri '/SOGo/connect' Sep 01 10:12:20 sogod [6198]: <0x0x7f2ed4a342c8[LDAPSource]> <NSException: 0x7f2ed4d86668> NAME:LDAPException REASON:operation bind failed: Invalid credentials (0x31) INFO:{login = "uid=hansl,ou=people,o=yyyy.net,o=isp,o=altibox,c=no"; } Sep 01 10:12:20 sogod [6198]: SOGoRootPage Login from 'xx.xx.xx.xx' for user 'hansl@yyyy.net' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Sep 01 10:12:20 sogod [6198]: \|SOGo\| request took 0.012208 seconds to execute xx.xx.xx.xx - - [01/Sep/2014:10:12:20 GMT] "POST /SOGo/connect HTTP/1.1" 403 34/53 0.015 - - 0 Sep 01 10:12:42 sogod [6198]: \|SOGo\| starting method 'POST' on uri '/SOGo/connect' Enabling passwordPolicy in SOGo I get this message on the login screen when trying to login: 'Login failed due to unhandled error case: -1' /var/log/sogo/sogo.log Sep 01 10:30:35 sogod [7099]: \|SOGo\| starting method 'POST' on uri '/SOGo/connect' Sep 01 10:30:35 sogod [7099]: <0x0x7fcd166bd8b8[NGLdapConnection]> bind - ldap_result call result: 97 Sep 01 10:30:35 sogod [7099]: <0x0x7fcd166bd8b8[NGLdapConnection]> bind - ldap_parse_result - ctrls is NULL Sep 01 10:30:35 sogod [7099]: SOGoRootPage Login from 'xx.xx.xx.xx' for user 'hansl@yyyy.net' might not have worked - password policy: -1 grace: -1 expire: -1 bound: 1 Sep 01 10:30:35 sogod [7099]: \|SOGo\| request took 0.010639 seconds to execute xx.xx.xx.xx - - [01/Sep/2014:10:30:35 GMT] "POST /SOGo/connect HTTP/1.1" 403 31/52 0.027 - - 40K Any ideas on what is wrong?
Additional Information	Running RHEL 6.5 on both servers 389-DS server: 389-admin-console-1.1.8-1.el6.noarch 389-ds-base-libs-1.2.11.15-14.el6_4.x86_64 389-admin-1.1.29-1.el6.x86_64 389-ds-console-1.2.6-1.el6.noarch 389-adminutil-1.1.15-1.el6.x86_64 389-ds-base-1.2.11.15-14.el6_4.x86_64 389-console-1.1.7-1.el6.noarch SOGo server sogo-tool-2.2.7-1.centos6.x86_64 sogo-2.2.7-1.centos6.x86_64 sogo-debuginfo-2.2.7-1.centos6.x86_6
Tags	No tags attached.

ludovic 2014-09-02 13:19 administrator ~0007457	We'll have to test it with 389 DS. My guess is that data structures used a while back with OpenLDAP need to be slightly adjusted.

ludovic 2015-01-05 20:33 administrator ~0007998	Which openldap libraries are you using?

Altibox 2015-01-12 11:22 reporter ~0008053	We are using: openldap-2.4.23-34.el6_5.1.x86_64

ludovic 2015-01-14 15:56 administrator ~0008076	I can reproduce the issue. It seems to be a difference in the way 389 ds works regarding password policies and the control object returned. I'll continue to investigate.

ludovic 2015-01-14 21:20 administrator ~0008082	I fixed the login issue. I'll fix the password change with ppolicy enabled tomorrow. 389ds definitively works differently than OpenLDAP regarding ppolicy objects.

ludovic 2015-01-16 17:57 administrator ~0008087	The fix for the login was pushed in SOPE. Please update SOPE to test it. Note that your MUST use LDAP over SSL with 389 DS if you want to use the password policy feature. Otherwise, the server will NEVER return the policy control object and things like password changes will never work. The SOGo documentation has been improved in this regard.

Date Modified	Username	Field	Change
2014-09-01 13:37	Altibox	New Issue
2014-09-02 13:19	ludovic	Note Added: 0007457
2014-09-05 19:04	ludovic	Target Version	=> 2.2.9
2014-09-26 13:37	ludovic	Target Version	2.2.9 => 2.2.10
2014-11-07 20:41	ludovic	Target Version	2.2.10 => 2.2.11
2014-12-04 19:30	ludovic	Target Version	2.2.11 => 2.2.12
2014-12-18 14:38	ludovic	Target Version	2.2.12 => 2.2.13
2014-12-30 15:28	ludovic	Target Version	2.2.13 => 2.2.14
2015-01-05 20:33	ludovic	Note Added: 0007998
2015-01-12 11:22	Altibox	Note Added: 0008053
2015-01-14 15:56	ludovic	Note Added: 0008076
2015-01-14 21:20	ludovic	Note Added: 0008082
2015-01-16 17:57	ludovic	Note Added: 0008087
2015-01-16 17:57	ludovic	Status	new => resolved
2015-01-16 17:57	ludovic	Fixed in Version	=> 2.2.14
2015-01-16 17:57	ludovic	Resolution	open => fixed
2015-01-16 17:57	ludovic	Assigned To	=> ludovic