Page MenuHomekolab.org

roundcube "helpdesk-login" add/save delegation not possible
Closed, ResolvedPublic

Description

root@kolabwebp003a [0] roundcubemail # yum list installed roundcubemail*
Loaded plugins: product-id, rhnplugin, search-disabled-repos, subscription-manager
This system is receiving updates from RHN Classic or Red Hat Satellite.
Installed Packages
roundcubemail.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-core.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-core-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-acl.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-acl-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-acl-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-acl-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-archive.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-archive-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-archive-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-archive-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-attachment_reminder.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-attachment_reminder-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-calendar.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-calendar-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-calendar-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-calendar-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-contextmenu.noarch 2.1.1-2.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-csv_export.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-csv_export-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-filesystem_attachments.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-filesystem_attachments-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-help.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-help-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-help-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-help-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-jqueryui.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-jqueryui-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-jqueryui-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-jqueryui-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_activesync.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_activesync-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_activesync-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_activesync-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_addressbook.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_addressbook-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_addressbook-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_addressbook-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_auth.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_auth-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_config.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_config-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_delegation.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_delegation-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_delegation-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_delegation-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_files.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_files-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_files-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_files-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_folders.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_folders-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_notes.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_notes-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_notes-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_notes-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_shortcuts.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_shortcuts-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_tags.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_tags-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_tags-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-kolab_tags-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-legacy_browser.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-legacy_browser-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-legacy_browser-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-legacy_browser-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libcalendaring.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libcalendaring-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libcalendaring-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libcalendaring-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libkolab.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libkolab-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libkolab-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-libkolab-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-managesieve.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-managesieve-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-managesieve-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-managesieve-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-markasjunk.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-markasjunk-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-markasjunk-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-markasjunk-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-newmail_notifier.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-newmail_notifier-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-odfviewer.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-odfviewer-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-password.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-password-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-pdfviewer.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-pdfviewer-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-redundant_attachments.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-redundant_attachments-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-tasklist.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-tasklist-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-tasklist-skin-larry.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugin-tasklist-skin-larry-assets.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-plugins-kolab.noarch 3.2.14-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-skin-enterprise.noarch 0.3.5-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-skin-enterprise-assets.noarch 0.3.5-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-skin-enterprise-core.noarch 0.3.5-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-skin-larry.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates
roundcubemail-skin-larry-assets.noarch 1.1.5.9-2.1.el6.kolab_14 @kolab-14-updates

I think I discovered a problem in delegation handling while using the "helpdesk-login" functionality in roundcubemail.
"...[2016-Aug-17 15:29:04 +0200]: <ur9chdr2> PHP Error: LDAP: Bind..." seems to be problematic here because roundcube tries to bind to LDAP as the "login as" user but doesn't have the required password/credentials to do so. I think "helpdesk-login" needs a different/special bind-user to do what is needed for delegation activities.

root@kolabwebp003a [0] roundcubemail # grep -B 5 -A 15 -ir -e "2016-Aug-17 16.\:0[456]*schnaps" -e "2016-Aug-17 16\:0[456].*benu" -e "2016-Aug-17 16\:0[456].*deleg" -e "2016-Aug-17 16\:0[456].*ERROR" /var/log/roundcubemail/*
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:03:04 +0200]: <1qtfmv72> mail [5.7 MB/6.3 MB]: 2.3162 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:03:04 +0200]: <1qtfmv72> mail/getunread [3.4 MB/3.5 MB]: 0.1871 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:03:04 +0200]: <1qtfmv72> mail/list [5.7 MB/5.9 MB]: 0.3069 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> mail/refresh [4.5 MB/4.6 MB]: 0.2295 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:04:28 +0200]: <1qtfmv72> settings [4.2 MB/4.4 MB]: 0.0352 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> settings/plugin.delegation [4.5 MB/4.7 MB]: 0.0466 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> settings/plugin.delegation [4.4 MB/4.6 MB]: 0.2071 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:53 +0200]: <1qtfmv72> settings/plugin.delegation-autocomplete [4.2 MB/4.3 MB]: 14.6007 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:53 +0200]: <1qtfmv72> settings/plugin.delegation-autocomplete [4.2 MB/4.3 MB]: 12.5007 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:53 +0200]: <1qtfmv72> settings/plugin.delegation-autocomplete [4.2 MB/4.3 MB]: 11.7491 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:53 +0200]: <1qtfmv72> settings/plugin.delegation-autocomplete [4.2 MB/4.3 MB]: 17.0109 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:59 +0200]: <1qtfmv72> settings/plugin.delegation-autocomplete [4.2 MB/4.3 MB]: 14.3911 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:04:59 +0200]: <1qtfmv72> settings/plugin.delegation-autocomplete [4.2 MB/4.3 MB]: 15.2923 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console:[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> settings/plugin.delegation-save [4.2 MB/4.3 MB]: 0.0350 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.1303 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:06:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0330 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:07:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0401 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:08:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0339 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:09:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0353 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.1371 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:11:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0353 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:12:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0297 sec
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/console-[2016-Aug-17 16:13:30 +0200]: <1qtfmv72> settings/refresh [4.5 MB/4.6 MB]: 0.0411 sec
--
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/errors-[2016-Aug-17 14:36:58 +0200]: <3td0qt9t> PHP Error: LDAP: Bind failed for dn=cn=kai benu,ou=Basisanwendungen,ou=Applikationen - Datenbanken - Werkzeuge,ou=Geschäftsbereich Betrieb,ou=IT-M,ou=Direktorium,o=Bezirksgauamt wolfbrüningen,c=de. Invalid credentials (POST /helpdesk-login/3e7ecdb1270b1e2f/?_task=settings&_framed=1&_action=plugin.delegation-save?_task=&_action=)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/errors-[2016-Aug-17 15:29:04 +0200]: <ur9chdr2> PHP Error: LDAP: Bind failed for dn=cn=kai benu,ou=Basisanwendungen,ou=Applikationen - Datenbanken - Werkzeuge,ou=Geschäftsbereich Betrieb,ou=IT-M,ou=Direktorium,o=Bezirksgauamt wolfbrüningen,c=de. Invalid credentials (POST /helpdesk-login/fba5ca97871e7a3b/?_task=settings&_framed=1&_action=plugin.delegation-save?_task=&_action=)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/errors:[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> PHP Error: LDAP: Bind failed for dn=cn=kai benu,ou=Basisanwendungen,ou=Applikationen - Datenbanken - Werkzeuge,ou=Geschäftsbereich Betrieb,ou=IT-M,ou=Direktorium,o=Bezirksgauamt wolfbrüningen,c=de. Invalid credentials (POST /helpdesk-login/e0766d597c95cd7b/?_task=settings&_framed=1&_action=plugin.delegation-save?_task=&_action=)
--
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:03:02 +0200]: <1qtfmv72> C: Close
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> C: Connect [ldap.domain.de:389]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> S: OK
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> C: Bind [dn: cn=svc kolab-webmail,ou=kolab,o=Application,c=de]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> S: OK
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap:[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> C: Read [dn: cn=kai benu,ou=Basisanwendungen,ou=Applikationen - Datenbanken - Werkzeuge,ou=Geschäftsbereich Betrieb,ou=IT-M,ou=Direktorium,o=Bezirksgauamt wolfbrüningen,c=de] [(objectclass=*)]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> S: OK
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:30 +0200]: <1qtfmv72> C: Close
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:36 +0200]: <1qtfmv72> C: Connect [ldap.domain.de:389]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> S: OK
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> C: Bind [dn: cn=svc kolab-webmail,ou=kolab,o=Application,c=de]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> S: OK
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> C: Search base dn: [c=de] scope [sub] with filter [(&(|(objectClass=kolabInetOrgPerson)(objectclass=kolabsharedfolder))(|(cn=*christ*)(uid=*christ*)(mail=*christ*)))]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> Using function ldap_search on scope sub ($ns_function is ldap_search)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> C: (Without VLV) Setting a filter of (&(|(objectClass=kolabInetOrgPerson)(objectclass=kolabsharedfolder))(|(cn=*christ*)(uid=*christ*)(mail=*christ*)))
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:04:37 +0200]: <1qtfmv72> Executing search with return attributes: array (
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  0 => 'cn',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  1 => 'uid',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  2 => 'mail',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  3 => 'alias',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  4 => 'ou',
--
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  4 => 'ou',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  5 => 'nsroledn',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-  6 => 'kolabDelegate',
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> S: 1 record(s) found
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap:[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> C: Read [dn: cn=kai benu,ou=Basisanwendungen,ou=Applikationen - Datenbanken - Werkzeuge,ou=Geschäftsbereich Betrieb,ou=IT-M,ou=Direktorium,o=Bezirksgauamt wolfbrüningen,c=de] [(objectclass=*)]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> S: OK
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap:[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> C: Bind [dn: cn=kai benu,ou=Basisanwendungen,ou=Applikationen - Datenbanken - Werkzeuge,ou=Geschäftsbereich Betrieb,ou=IT-M,ou=Direktorium,o=Bezirksgauamt wolfbrüningen,c=de]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> S: Invalid credentials
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/ldap-[2016-Aug-17 16:05:07 +0200]: <1qtfmv72> C: Close
--
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:03:03 +0200]: <1qtfmv72> [4] SELECT * FROM `kolab_cache_configuration` WHERE `folder_id` = '5676'  AND `type` = 'relation' AND `tags` LIKE '% category:tag %' LIMIT 100;
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:03:03 +0200]: <1qtfmv72> [5] SELECT `identity_id`, `name`, `email` FROM `identities` WHERE `user_id` = '750' AND `del` <> 1 ORDER BY `standard` DESC, `name` ASC, `email` ASC, `identity_id` ASC;
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:03:04 +0200]: <1qtfmv72> [2] SELECT `folder_id`, `synclock`, `ctag`, `changed`, `objectcount` FROM `kolab_folders` WHERE `resource` = 'imap://hofhund.dl.benu%40domain.de@imap.domain.de/Configuration';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:03:04 +0200]: <1qtfmv72> [3] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_configuration` WHERE `folder_id` = '5676';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:03:04 +0200]: <1qtfmv72> [4] SELECT * FROM `kolab_cache_configuration` WHERE `folder_id` = '5676'  AND `type` = 'relation' AND `tags` LIKE '% category:tag %' LIMIT 100;
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql:[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [2] SELECT `folder_id`, `synclock`, `ctag`, `changed`, `objectcount` FROM `kolab_folders` WHERE `resource` = 'imap://hofhund.dl.benu%40domain.de@imap.domain.de/Tasks';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [3] UPDATE `kolab_folders` SET `synclock` = '1471442730' WHERE `folder_id` = '6858' AND `synclock` = '0';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [4] SELECT `msguid`, `uid` FROM `kolab_cache_task` WHERE `folder_id` = '6858';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [5] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '6858';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [6] UPDATE `kolab_folders` SET `synclock` = 0, `ctag` = '1470047499-3-1', `changed` = '2016-08-17 16:05:30', `objectcount` = '0' WHERE `folder_id` = '6858';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [7] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '6858' AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [8] SELECT * FROM `kolab_cache_task` WHERE `folder_id` = '6858'  AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql:[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [9] SELECT `folder_id`, `synclock`, `ctag`, `changed`, `objectcount` FROM `kolab_folders` WHERE `resource` = 'imap://hofhund.dl.benu%40domain.de@imap.domain.de/Aufgaben';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [10] UPDATE `kolab_folders` SET `synclock` = '1471442730' WHERE `folder_id` = '5680' AND `synclock` = '0';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [11] SELECT `msguid`, `uid` FROM `kolab_cache_task` WHERE `folder_id` = '5680';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [12] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '5680';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [13] UPDATE `kolab_folders` SET `synclock` = 0, `ctag` = '1469203115-3-1', `changed` = '2016-08-17 16:05:30', `objectcount` = '0' WHERE `folder_id` = '5680';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [14] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '5680' AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:05:30 +0200]: <1qtfmv72> [15] SELECT * FROM `kolab_cache_task` WHERE `folder_id` = '5680'  AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [2] SELECT `folder_id`, `synclock`, `ctag`, `changed`, `objectcount` FROM `kolab_folders` WHERE `resource` = 'imap://hofhund.dl.benu%40domain.de@imap.domain.de/Tasks';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [3] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '6858';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [4] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '6858' AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [5] SELECT * FROM `kolab_cache_task` WHERE `folder_id` = '6858'  AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [6] SELECT `folder_id`, `synclock`, `ctag`, `changed`, `objectcount` FROM `kolab_folders` WHERE `resource` = 'imap://hofhund.dl.benu%40domain.de@imap.domain.de/Aufgaben';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [7] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '5680';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [8] SELECT COUNT(*) AS `numrows` FROM `kolab_cache_task` WHERE `folder_id` = '5680' AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/sql-[2016-Aug-17 16:10:31 +0200]: <1qtfmv72> [9] SELECT * FROM `kolab_cache_task` WHERE `folder_id` = '5680'  AND `tags` LIKE '% x-has-alarms %' AND `tags` NOT LIKE '% x-complete %';
--
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * ESEARCH (TAG "A0017") UID MAX 1 COUNT 1
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: A0017 OK Completed (1 msgs in 0.000 secs)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] C: A0018 UID SEARCH RETURN (COUNT) ALL UNDELETED UNSEEN
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * ESEARCH (TAG "A0018") UID COUNT 0
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: A0018 OK Completed (0 msgs in 0.000 secs)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap:[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] C: A0019 SELECT "Other Users/hofhund.dl.eder/benu+Eder"
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * 0 EXISTS
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * 0 RECENT
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] Ok
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * OK [UIDVALIDITY 1469804539] Ok
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * OK [UIDNEXT 3] Ok
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * OK [HIGHESTMODSEQ 7] Ok
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * OK [URLMECH INTERNAL] Ok
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * OK [ANNOTATIONS 65536] Ok
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: A0019 OK [READ-WRITE] Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] C: A0020 UID SEARCH RETURN (COUNT) ALL UNDELETED UNSEEN
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * ESEARCH (TAG "A0020") UID COUNT 0
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: A0020 OK Completed (0 msgs in 0.000 secs)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] C: A0021 SELECT Templates
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * 0 EXISTS
--
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: A0032 OK Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] C: A0033 LOGOUT
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: * BYE LOGOUT received
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:04 +0200]: <1qtfmv72> [CCCB] S: A0033 OK Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE MUPDATE=mupdate://kolabmupdatep001.srv.ha3.dir.domain.de/ AUTH=PLAIN AUTH=LOGIN SASL-IR] server ready
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap:[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] C: A0001 ID ("name" "Roundcube/Kolab" "version" "1.1.5" "php" "5.3.29" "os" "Linux" "command" "/helpdesk-login/e0766d597c95cd7b/?_task=settings&_action=plugin.delegation&_framed=1")
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: * ID NIL
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: A0001 OK Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] C: A0002 AUTHENTICATE PLAIN ****** [101]
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: A0002 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS WITHIN QRESYNC SCAN XLIST XMOVE MOVE URLAUTH URLAUTH=BINARY X-NETSCAPE MUPDATE=mupdate://kolabmupdatep001.srv.ha3.dir.domain.de/ LOGINDISABLED X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS] Success (tls protection) SESSIONID=<cyrus-imapd-51513-1471442672-1-1764371240115504906>
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] C: A0003 GETMETADATA INBOX (/private/vendor/kolab/displayname /shared/vendor/kolab/displayname)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: * METADATA INBOX (/private/vendor/kolab/displayname NIL /shared/vendor/kolab/displayname NIL)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: A0003 OK Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] C: A0004 GETMETADATA Drafts (/private/vendor/kolab/displayname /shared/vendor/kolab/displayname)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: * METADATA Drafts (/private/vendor/kolab/displayname NIL /shared/vendor/kolab/displayname NIL)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: A0004 OK Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] C: A0005 GETMETADATA Sent (/private/vendor/kolab/displayname /shared/vendor/kolab/displayname)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: * METADATA Sent (/private/vendor/kolab/displayname NIL /shared/vendor/kolab/displayname NIL)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: A0005 OK Completed
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] C: A0006 GETMETADATA Junk (/private/vendor/kolab/displayname /shared/vendor/kolab/displayname)
/var/log/roundcubemail/admin.schnaps@domain.de/hofhund.dl.benu@domain.de/imap-[2016-Aug-17 16:04:32 +0200]: <1qtfmv72> [8D37] S: * METADATA Junk (/private/vendor/kolab/displayname NIL /shared/vendor/kolab/displayname NIL)

Details

Ticket Type
Task

Event Timeline

Confirmed. I tried SASL proxy authentication here, but didn't work for me. @vanmeeuwen is additional "service user" (i.e. new config options for DN and password) the only solution?

BTW, password plugin will have the same problem if configured to not require current password in the password form.

vanmeeuwen closed this task as Invalid.Aug 18 2016, 11:26 AM

Neither delegation nor password resets for a user should go through Roundcube. Roundcube, after all, is not an LDAP administration interface.

The helpdesk-login or login as functionality is supposed to aid a helpdesk employee (first/second level) in assisting an end-user with, for example, configuring a filter / out-of-office.

If nothing else, Roundcube may need to be configured to not at all load the related plugins when helpdesk login is used.

vendel.colja reopened this task as Open.Aug 18 2016, 1:41 PM

I may would have agreed, but after roundcube provides a "helpdesk-login" function and independently of that provides delegation or password plugins performing such LDAP "edit" tasks, someone using the heldesk-login feature should either

  • get a warning that those plugin functions are just readonly and not an adminstration frontend replacement

or

  • find any edit functionality involved by those plugins disabled

or

  • have just no access to those plugins (Could you please give me a hint how to disable delegate from settings?)

or

  • enable edit/admin/helpdesk tasks for "helpdesk-login" usage by what ever possible action/task
venc added a subscriber: venc.Aug 19 2016, 12:12 PM

Just because I was asked for " ​what is in your: $config['kolab_auth_admin_rights'] = array()" here the kolab_auth.inc.php we use

[root@kolabwebk002a ~]# cat /etc/roundcubemail/kolab_auth.inc.php
<?php

    // The id of the LDAP address book (which refers to the rcmail_config['ldap_public'])
    // or complete addressbook definition array.
    $config['kolab_auth_addressbook'] = Array(
        'name'                      => 'Kolab Auth',
        'hosts'                     => Array('ldapkolabc001.srv.ha3.dir.domain.de'),
        'port'                      => 3892,
        'use_tls'                   => false,
        'user_specific'             => false,
        'base_dn'                   => "c=de",
        'bind_dn'                   => "cn=Kolab Service Account,ou=kolab,o=Application,c=de",
        'bind_pass'                 => "Password",
        'writable'                  => false,
        'ldap_version'              => 3,       // using LDAPv3
        'fieldmap'                  => Array(
                'name'              => 'cn',
                'uid'               => 'uid',
                'email'             => 'mail',
                'email:alias'       => 'alias',
                'organization'      => 'ou',
                'role'              => 'nsroledn',
            ),
        'sort'                      => 'cn',
        'scope'                     => 'sub',
        'filter'                    => '(|(objectClass=kolabinetorgperson)(objectClass=kolabGroupOfUniqueNames)(&(objectClass=kolabsharedfolder)(kolabfoldertype=event)))',
        'fuzzy_search'              => true,
        'sizelimit'                 => '0',
        'timelimit'                 => '0',
        'groups'                    => Array(
                'base_dn'           => "c=de",
                'filter'            => '(|(objectclass=groupofuniquenames)(objectclass=groupofurls))',
                'object_classes'    => Array('top', 'groupOfUniqueNames'),
                'member_attr'       => 'uniqueMember',
            ),
        'domain_base_dn'            => 'ou=kolab,o=Application,c=de',
        'domain_filter'             => '(&(objectclass=domainrelatedobject)(associateddomain=%s))',
        'domain_name_attr'          => 'associateddomain',
    );


    // This will overwrite defined filter
    $config['kolab_auth_filter'] = '(&(objectclass=kolabinetorgperson)(|(uid=%u)(mail=%fu)))';

    // Use this fields (from fieldmap configuration) to get authentication ID
    $config['kolab_auth_login'] = 'email';

    // Use these fields (from fieldmap configuration) for the default identity
    $config['kolab_auth_name']  = array('name', 'uid');
    $config['kolab_auth_alias'] = 'alias';
    $config['kolab_auth_email'] = array('email', 'email:alias');

    if (preg_match('/\/helpdesk-login\//', $_SERVER["REQUEST_URI"]) ) {

        // Login and VerySecretPassword of the admin user. Enables "Login As" feature.
        $config['kolab_auth_admin_login']    = 'cyrus-admin';
        $config['kolab_auth_admin_VerySecretPassword'] = 'VerySecretPassword';

        $config['kolab_auth_auditlog'] = true;
    }

    // Template for user names displayed in the UI.
    // You can use all attributes from the 'fieldmap' property of the 'kolab_auth_addressbook' configuration
    $config['kolab_auth_user_displayname'] = '{name} / {organization} <{email}>';

    // Administrative role field (from fieldmap configuration) which must be filled with
    // specified value which adds privilege to login as another user.
    $config['kolab_auth_role']       = 'role';
    $config['kolab_auth_role_value'] = 'cn=kolab-admin,c=de';

    $config['kolab_auth_role_plugins'] = Array(
            'cn=activesync-user,c=de' => Array('kolab_activesync'),
        );

    // Administrative group name to which user must be assigned to
    // which adds privilege to login as another user.
    $config['kolab_auth_group'] = 'GRP-WebMail-HelpDesk-B14';

    // RC parts a helpdesk person can see
    $config['kolab_auth_allowed_tasks'] = array(
            'settings',
        );

    // Skin according to domain
    $config['kolab_auth_role_settings'] = Array(
            'cn=Bereichsadmin 1. Testou-xxx,ou=WDA-xxx,o=Wegbiegung Wachturm,c=de' => array(
                    'calendar_disabled' => array(
                            'value' => true,
                            'allow_override' => false
                        ),
                    'kolab_files_disabled' => array(
                            'value' => true,
                            'allow_override' => false
                        ),
                    'tasklist_disabled' => array(
                            'value' => true,
                            'allow_override' => false
                        ),
                ),
    );

    if (file_exists(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . '/' . basename(__FILE__))) {
        include_once(RCUBE_CONFIG_DIR . '/' . $_SERVER["HTTP_HOST"] . '/' . basename(__FILE__));
    }

?>

To disable Settings section of the UI I propose to set:

$config['kolab_auth_admin_rights'] = array(
    'settings' => 'entry:delete',
    '*' => 'entry:read',
);

Note that with this LDAP effective rights will be used and kolab_auth_group/kolab_auth_role_value will be ignored. You can also change 'entry:delete' to 'attrib:kolabDelegate:write' (or use some other attribute).

petersen closed this task as Invalid.
petersen added a subscriber: petersen.

Closing this as a config issue.

If so whished, please open a defect against the documentation and refere to this ticket.

vendel.colja reopened this task as Open.Sep 20 2016, 11:05 AM

Adding the "kolab_auth_admin_rights" enables everybody to use/login/enter roundcube as an other user and disables any other restriction made before.
So the mentioned configuration will just open the functuionality to everyone and not restrict anything. If thsi is as you say a config issue, than please tell me where I can find the documentation of any of those helpdesk things to be configured with all the opetions and coincidents they have.

We just need th emembers of one group enabled to perfrom helpdesk tasks which may not only be read and explain but also reset and change capabilities and permissions according https://git.kolab.org/T1425#23011.

vanmeeuwen closed this task as Resolved.Dec 7 2016, 5:50 PM
vanmeeuwen claimed this task.

Promoted to Bifrost#T18595.