Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Can't contact LDAP server

    Kopano Groupware Core
    6
    29
    3982
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Manfred
      Manfred Kopano last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • darootler
        darootler last edited by

        Hi!

        I have the same problem. What is MDM? What to do to get Z-Push working again?

        Regards
        Richard

        Manfred 1 Reply Last reply Reply Quote 0
        • Manfred
          Manfred Kopano @darootler last edited by

          Hi @darootler,

          @darootler said in Mdm z-push cannot login using kopano-konnectd:

          Hi!

          I have the same problem. What is MDM? What to do to get Z-Push working again?

          Regards
          Richard

          I wonder why you think it is the same problem if you’re asking what MDM is. What exactly is not working?

          Manfred

          darootler 1 Reply Last reply Reply Quote 0
          • darootler
            darootler @Manfred last edited by

            @Manfred said in Mdm z-push cannot login using kopano-konnectd:

            Hi @darootler,

            @darootler said in Mdm z-push cannot login using kopano-konnectd:

            Hi!

            I have the same problem. What is MDM? What to do to get Z-Push working again?

            Regards
            Richard

            I wonder why you think it is the same problem if you’re asking what MDM is. What exactly is not working?

            Manfred

            Z-Push in general is working but i do sometimes receive the same error message as the author posted:

            Aug  3 08:51:52 hostname kopano-server[19047]: Authentication by plugin failed for user "USER": LDAP auth for user "USER": Can't contact LDAP server
Aug  3 08:51:52 hostname z-push/core[21510]: [WARN] [USER] /usr/share/z-push/backend/kopano/kopano.php:168 mapi_logon_zarafa(): Unable to setup service for provider: logon failed (80040111) (2)
Aug  3 08:51:52 hostname  z-push/core[21510]: [ERROR] [USER] KopanoBackend->Logon(): login failed with error code: 0xFFFFFFFF80040111
Aug  3 08:51:52 hostname z-push/core[21510]: [INFO] [USER] AuthenticationRequiredException: Access denied. Username or password incorrect - code: 0 - file: /usr/share/z-push/lib/request/requestprocessor.php:69
Aug  3 08:51:52 hostname z-push/core[21510]: [INFO] [USER] User-agent: 'Apple-iPhone9C3/1706.80'
Aug  3 08:51:52 hostname z-push/core[21510]: [FATAL] [USER] Exception: (AuthenticationRequiredException) - Access denied. Username or password incorrect
Aug  3 08:51:52 hostname z-push/core[21510]: [WARN] [USER] IP: X.X.X.X failed to authenticate user 'USER'

            Maybe that’s a follow up from the error with the ldap server, but i cannot get why the ldap server is sometimes not reachable for the kopano-server.

            Regards
            Richard

            1 Reply Last reply Reply Quote 0
            • Manfred
              Manfred Kopano last edited by

              Hi @darootler,

              I moved your posts because your issue has nothing to do with Kopano WebApp plugins even if the error message in Z-Push log is the same.

              Manfred

              1 Reply Last reply Reply Quote 0
              • darootler
                darootler last edited by

                I investigated this issue further and found out the ldap server is resetting the ldap connection from time to time, this seems to be a default behavior. In my opinion this needs to be addressed by kopano-server, or is there a config option to avoid or queue incoming logins from kopano-server as long as the ldap connection is restored?

                Regards
                Richard

                1 Reply Last reply Reply Quote 0
                • darootler
                  darootler last edited by

                  Error logs on version 10.0.6.13:

                  Aug  3 07:59:43 hostname kopano-server[2418]: LDAP search error: Can't contact LDAP server. Will unbind, reconnect and retry.

                  Error logs on version 10.0.6.356:

                  Aug  3 08:51:52 hostname kopano-server[19047]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server

                  Seems to me that there was a change between the versions. Anyone who can point me in the right direction?

                  Regards
                  Richard

                  thctlo 1 Reply Last reply Reply Quote 0
                  • thctlo
                    thctlo @darootler last edited by thctlo

                    @darootler

                    If you havent dont yet, use TLS (STARTTLS) or LDAPS.

                    fbartels 1 Reply Last reply Reply Quote 0
                    • fbartels
                      fbartels Kopano @thctlo last edited by fbartels

                      @thctlo said in Can't contact LDAP server:

                      use TLS (STARTTLS) or LDAPS.

                      no, that should no longer be necessary with 356.

                      Edit: apart from that I am not able to observe this behaviour on my local system. When the ldap server goes away kopano-server will reconnect once its back.

                      Regards Felix

                      Resources:
                      https://kopano.com/blog/how-to-get-kopano/
                      https://documentation.kopano.io/
                      https://kb.kopano.io/

                      Support overview:
                      https://kopano.com/support/

                      1 Reply Last reply Reply Quote 0
                      • darootler
                        darootler last edited by

                        I am already using LDAPS. Maybe i found a DNS issue on my side (option edns0) from stub-resolv.conf causing the following error:

                        Aug  3 09:47:12 hostname systemd-resolved[537]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.

                        Maybe that’s the reason why kopano-server sometimes has to reconnect to the ldap server, i’ll report back.

                        Regards
                        Richard

                        1 Reply Last reply Reply Quote 0
                        • darootler
                          darootler last edited by darootler

                          I was able to fix the DNS issue but still encountering errors:

                          Aug  4 09:54:49 hostname kopano-server[3204]: SSL connect from X.X.X.X
Aug  4 09:54:49 hostname kopano-server[3204]: Accepted certificate "client-public.pem" from client.
Aug  4 09:54:52 hostname kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-613
Aug  4 09:54:52 hostname kopano-server[3204]: message repeated 12 times: [ connect on /var/run/kopano/server.sock from *:pid-613]
Aug  4 09:54:52 hostname z-push/core[1408]: [INFO] [USERNAME] cmd='Ping' memory='2.41 MiB/4.00 MiB' time='128.26s' devType='iPhone' devId='37p76k2r1l5npan7hq3gcqt42k' getUser='USERNAME' from='X.X.X.X' idle='128s' version='2.5.2+0-0' method='POST' httpcode='200'
Aug  4 09:54:52 hostname kopano-server[3204]: K-1571: setFlags: entryid has size 0; not enough for EID_V0.usFlags (28)
Aug  4 09:54:52 hostname kopano-server[3204]: K-1573: eid.setFlags: K-1571: entryid is not of type EID_V0
Aug  4 09:54:52 hostname kopano-server[3204]: K-1571: setFlags: entryid has size 0; not enough for EID_V0.usFlags (28)
Aug  4 09:54:52 hostname kopano-server[3204]: K-1573: eid.setFlags: K-1571: entryid is not of type EID_V0
Aug  4 09:54:52 hostname kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-613
Aug  4 09:54:52 hostname kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1408
Aug  4 09:54:52 hostname apache: [sync.my.domain] X.X.X.X - USERNAME [04/Aug/2020:09:52:44 +0200] "POST /Microsoft-Server-ActiveSync?User=USERNAME&DeviceId=37P76K2R1L5NPAN7HQ3GCQT42K&DeviceType=iPhone&Cmd=Ping HTTP/1.1" 200 25 "-" "Apple-iPhone11C6/1706.80"
Aug  4 09:54:53 hostname kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1359
Aug  4 09:54:53 hostname kopano-server[3204]: message repeated 4 times: [ connect on /var/run/kopano/server.sock from *:pid-1359]
Aug  4 09:54:53 hostname kopano-server[3204]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server
Aug  4 09:54:53 hostname z-push/core[1359]: [ERROR] [USERNAME] MAPIProvider->getAddressbook error opening addressbook 0x40380
Aug  4 09:54:53 hostname kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1359
Aug  4 09:54:53 hostname kopano-server[3204]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server
Aug  4 09:54:53 hostname z-push/core[1359]: [ERROR] [USERNAME] MAPIProvider->getAddressbook error opening addressbook 0x40380
Aug  4 09:54:53 hostname z-push/core[1359]: [WARN] [USERNAME] /usr/share/z-push/backend/kopano/mapiprovider.php:2255 mapi_ab_openentry() expects parameter 1 to be resource, boolean given (2)
Aug  4 09:54:53 hostname z-push/core[1359]: [INFO] [USERNAME] MAPIProvider->getEmailAddressFromSearchKey(): fall back to PR_SEARCH_KEY or PR_SENT_REPRESENTING_SEARCH_KEY to resolve user and get email address
Aug  4 09:54:53 hostname z-push/core[1359]: [INFO] [USERNAME] cmd='Sync' memory='2.16 MiB/4.00 MiB' time='0.13s' devType='iPhone' devId='37p76k2r1l5npan7hq3gcqt42k' getUser='USERNAME' from='X.X.X.X' idle='0s' version='2.5.2+0-0' method='POST' httpcode='200'
Aug  4 09:54:53 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1359
Aug  4 09:54:53 serverv2 apache: [sync.my.domain] X.X.X.X - USERNAME [04/Aug/2020:09:54:53 +0200] "POST /Microsoft-Server-ActiveSync?User=USERNAME&DeviceId=37P76K2R1L5NPAN7HQ3GCQT42K&DeviceType=iPhone&Cmd=Sync HTTP/1.1" 200 914 "-" "Apple-iPhone11C6/1706.80"
Aug  4 09:54:53 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1368
Aug  4 09:54:53 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1368
Aug  4 09:54:53 serverv2 kopano-server[3204]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server
Aug  4 09:54:53 serverv2 z-push/core[1368]: [WARN] [USERNAME] /usr/share/z-push/backend/kopano/kopano.php:1829 mapi_openmsgstore(): Unable to open message store: unconfigured (8004011c) (2)
Aug  4 09:54:53 serverv2 z-push/core[1368]: [WARN] [USERNAME] KopanoBackend->openMessageStore('USERNAME'): Could not open store
Aug  4 09:54:53 serverv2 z-push/core[1368]: [INFO] [USERNAME] AuthenticationRequiredException: KopanoBackend->Logon(): User 'USERNAME' has no default store - code: 0 - file: /usr/share/z-push/backend/kopano/kopano.php:210
Aug  4 09:54:53 serverv2 z-push/core[1368]: [INFO] [USERNAME] User-agent: 'Apple-iPhone11C6/1706.80'
Aug  4 09:54:53 serverv2 z-push/core[1368]: [FATAL] [USERNAME] Exception: (AuthenticationRequiredException) - KopanoBackend->Logon(): User 'USERNAME' has no default store
Aug  4 09:54:53 serverv2 z-push/core[1368]: [WARN] [USERNAME] IP: X.X.X.X failed to authenticate user 'USERNAME'
Aug  4 09:54:53 serverv2 z-push/core[1368]: [INFO] [USERNAME] cmd='Sync' memory='1.79 MiB/2.00 MiB' time='0.06s' devType='iPhone' devId='37p76k2r1l5npan7hq3gcqt42k' getUser='USERNAME' from='X.X.X.X' idle='0s' version='2.5.2+0-0' method='POST' httpcode='401'
Aug  4 09:54:53 serverv2 apache: [sync.my.domain] X.X.X.X - USERNAME [04/Aug/2020:09:54:53 +0200] "POST /Microsoft-Server-ActiveSync?User=USERNAME&DeviceId=37P76K2R1L5NPAN7HQ3GCQT42K&DeviceType=iPhone&Cmd=Sync HTTP/1.1" 401 - "-" "Apple-iPhone11C6/1706.80"
Aug  4 09:54:53 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1368
Aug  4 09:54:53 serverv2 kopano-server[3204]: message repeated 3 times: [ connect on /var/run/kopano/server.sock from *:pid-1368]
Aug  4 09:54:53 serverv2 z-push/core[1368]: [INFO] [USERNAME] cmd='Sync' memory='2.10 MiB/4.00 MiB' time='0.12s' devType='iPhone' devId='37p76k2r1l5npan7hq3gcqt42k' getUser='USERNAME' from='X.X.X.X' idle='0s' version='2.5.2+0-0' method='POST' httpcode='200'
Aug  4 09:54:53 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1368
Aug  4 09:54:53 serverv2 apache: [sync.my.domain] X.X.X.X - USERNAME [04/Aug/2020:09:54:53 +0200] "POST /Microsoft-Server-ActiveSync?User=USERNAME&DeviceId=37P76K2R1L5NPAN7HQ3GCQT42K&DeviceType=iPhone&Cmd=Sync HTTP/1.1" 200 72 "-" "Apple-iPhone11C6/1706.80"
Aug  4 09:54:54 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1360
Aug  4 09:54:54 serverv2 kopano-server[3204]: message repeated 3 times: [ connect on /var/run/kopano/server.sock from *:pid-1360]
Aug  4 09:54:54 serverv2 kopano-server[3204]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server
Aug  4 09:54:54 serverv2 z-push/core[1360]: [ERROR] [USERNAME] MAPIProvider->getAddressbook error opening addressbook 0x40380
Aug  4 09:54:54 serverv2 z-push/core[1360]: [WARN] [USERNAME] /usr/share/z-push/backend/kopano/kopano.php:2695 mapi_ab_openentry() expects parameter 1 to be resource, boolean given (2)
Aug  4 09:54:54 serverv2 z-push/core[1360]: [WARN] [USERNAME] /usr/share/z-push/backend/kopano/kopano.php:2696 mapi_getprops() expects parameter 1 to be resource, boolean given (2)
Aug  4 09:54:54 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1360
Aug  4 09:54:54 serverv2 z-push/core[1360]: [INFO] [USERNAME] cmd='Sync' memory='2.09 MiB/4.00 MiB' time='0.13s' devType='iPhone' devId='37p76k2r1l5npan7hq3gcqt42k' getUser='USERNAME' from='X.X.X.X' idle='0s' version='2.5.2+0-0' method='POST' httpcode='200'
Aug  4 09:54:54 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-1360
Aug  4 09:54:54 serverv2 apache: [sync.my.domain] X.X.X.X - USERNAME [04/Aug/2020:09:54:54 +0200] "POST /Microsoft-Server-ActiveSync?User=USERNAME&DeviceId=37P76K2R1L5NPAN7HQ3GCQT42K&DeviceType=iPhone&Cmd=Sync HTTP/1.1" 200 5097 "-" "Apple-iPhone11C6/1706.80"
Aug  4 09:54:54 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-616
Aug  4 09:54:54 serverv2 kopano-search[616]: 2020-08-04 09:54:54,767 - search - ERROR - could not process change for entryid 00000000FFFE07B9435E445F933D1A3A5DF40C7B01000000050000006B630D16C1594063BC7C21A8B74A72DB00000000 ([SPropValue(0x65E00102, b'xn\x8a\x1f\xf7\xedE\xed\xadk/\x88?\xdf\xb6\xa0\xc1\xf2\x03\x00\x00\x00'), SPropValue(0x65E10102, b'xn\x8a\x1f\xf7\xedE\xed\xadk/\x88?\xdf\xb6\xa0\x08\x00\x00\x00\x00\x00'), SPropValue(0x0FFA0102, b'\xff\xfe\x07\xb9C^D_\x93=\x1a:]\xf4\x0c{'), SPropValue(0x0FFB0102, b'\x00\x00\x00\x00\xff\xfe\x07\xb9C^D_\x93=\x1a:]\xf4\x0c{\x01\x00\x00\x00\x01\x00\x00\x00;\x8d\x7f\x07\xf0\xa0A\xc9\x85\x15\xba\x1dYk\r\xea\x00\x00\x00\x00'), SPropValue(0x67110003, 450922), SPropValue(0x67150003, 11), SPropValue(0x0FFF0102, b'\x00\x00\x00\x00\xff\xfe\x07\xb9C^D_\x93=\x1a:]\xf4\x0c{\x01\x00\x00\x00\x05\x00\x00\x00kc\r\x16\xc1Y@c\xbc|!\xa8\xb7Jr\xdb\x00\x00\x00\x00')]):
Aug  4 09:54:54 serverv2 kopano-search[616]: 2020-08-04 09:54:54,767 - search - ERROR - Traceback (most recent call last):
Aug  4 09:54:54 serverv2 kopano-search[616]:   File "/usr/lib/python3/dist-packages/kopano/ics.py", line 130, in ImportMessageChange
Aug  4 09:54:54 serverv2 kopano-search[616]:     mapistore, entryid.Value, 0)
Aug  4 09:54:54 serverv2 kopano-search[616]:   File "/usr/lib/python3/dist-packages/kopano/utils.py", line 89, in openentry_raw
Aug  4 09:54:54 serverv2 kopano-search[616]:     return _openentry_helper(mapistore, entryid, flags | MAPI_MODIFY)
Aug  4 09:54:54 serverv2 kopano-search[616]:   File "/usr/lib/python3/dist-packages/kopano/utils.py", line 82, in _openentry_helper
Aug  4 09:54:54 serverv2 kopano-search[616]:     return mapistore.OpenEntry(entryid, IID_IECMessageRaw, flags)
Aug  4 09:54:54 serverv2 kopano-search[616]:   File "/usr/lib/python3/dist-packages/MAPICore.py", line 602, in OpenEntry
Aug  4 09:54:54 serverv2 kopano-search[616]:     return _MAPICore.IMsgStore_OpenEntry(self, cbEntryID, lpInterface, ulFlags)
Aug  4 09:54:54 serverv2 kopano-search[616]: MAPI.Struct.MAPIErrorNetworkError: MAPI error 80040115 (MAPI_E_NETWORK_ERROR)
Aug  4 09:54:55 serverv2 kopano-server[3204]: connect on /var/run/kopano/server.sock from *:pid-2258
Aug  4 09:54:55 serverv2 kopano-server[3204]: message repeated 4 times: [ connect on /var/run/kopano/server.sock from *:pid-2258]
Aug  4 09:54:55 serverv2 z-push/core[2258]: [INFO] [USERNAME] SyncCollections->CheckForChanges(): Waiting for store changes... (lifetime 1211 seconds)

                          I enabled “log_level = 6” on the kopano-server component but there aren’t any hints to me. Is there anyone who is willing to help me out here?

                          Regards
                          Richard

                          1 Reply Last reply Reply Quote 0
                          • darootler
                            darootler last edited by

                            @fbartels

                            Are there any changes regarding LDAP binding between version 13 and 356? Any release notes i can check?

                            Regards
                            Richard

                            fbartels 1 Reply Last reply Reply Quote 0
                            • fbartels
                              fbartels Kopano @darootler last edited by fbartels

                              Hi @darootler,

                              we are not publishing release notes/change logs for development versions, only for proper releases.

                              But you could check https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt and https://stash.kopano.io/projects/KC/repos/kopanocore/commits.

                              Regards Felix

                              Resources:
                              https://kopano.com/blog/how-to-get-kopano/
                              https://documentation.kopano.io/
                              https://kb.kopano.io/

                              Support overview:
                              https://kopano.com/support/

                              1 Reply Last reply Reply Quote 0
                              • darootler
                                darootler last edited by darootler

                                Samba logs:

                                [2020/08/04 14:28:03.041662,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT'
[2020/08/04 14:28:03.041856,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT]
[2020/08/04 14:28:03.046319,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 6044 () exited with status 0
[2020/08/04 14:28:03.074973,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
[2020/08/04 14:28:03.074973,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT'
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT'
[2020/08/04 14:28:03.075211,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT]
[2020/08/04 14:28:03.075257,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_TIMEOUT]

                                Kopano logs

                                Aug  4 14:28:04 hostname kopano-server[1301]: LDAP search error: Can't contact LDAP server. Will unbind, reconnect and retry.
Aug  4 14:28:05 hostname kopano-server[1301]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server

                                So for me it seems that the ldap server is closing the connection due to timeout and then kopano-server is reconnecting to ldap. If during this time an authentication is happening i am getting these errors. I was nat facing this issue in version 13, so there must a be change on kopano side.

                                @fbartels

                                Any ideas? I cannot believe that i am the only one facing this issue.

                                Regards
                                Richard

                                fbartels 1 Reply Last reply Reply Quote 0
                                • darootler
                                  darootler last edited by darootler

                                  Maybe https://stash.kopano.io/projects/KC/repos/kopanocore/commits/098aa87298fe9212fe4c56d538097d3bb435aba5 is the cause of my issue…

                                  Here is relevant the output from “kopano-stats --system”:

                                  ldap_connect            Number of connections made to LDAP server                                       39
ldap_reconnect          Number of re-connections made to LDAP server                                    10
ldap_connect_fail       Number of failed connections made to LDAP server                                0
ldap_connect_time       Total duration (µs) of connections made to LDAP server                          1484275
ldap_max_connect        Longest connection time (µs) made to LDAP server                                70662
ldap_auth               Number of LDAP authentications                                                  3179
ldap_auth_fail          Number of failed authentications                                                15
ldap_auth_time          Total authentication time (µs)                                                  56987108
ldap_max_auth           Longest duration (µs) of authentication made to LDAP server                     67767
ldap_avg_auth           Average duration (µs) of authentication made to LDAP server                     18433
ldap_search             Number of searches made to LDAP server                                          8002
ldap_search_fail        Number of failed searches made to LDAP server                                   0
ldap_search_time        Total duration (µs) of LDAP searches                                            8692105
ldap_max_search         Longest duration (µs) of LDAP search                                            49338
userplugin              User backend plugin                                                             ldap

                                  ldap_auth_fail reveals my problem i think.

                                  Regards
                                  Richard

                                  1 Reply Last reply Reply Quote 0
                                  • fbartels
                                    fbartels Kopano @darootler last edited by fbartels

                                    @darootler said in Can't contact LDAP server:

                                    So for me it seems that the ldap server is closing the connection due to timeout and then kopano-server is reconnecting to ldap. If during this time an authentication is happening i am getting these errors.

                                    That should not really matter, since afair for the login a bind is issued and this happens on a new connection anyways. Ah that seems to have changed with the linked commit.

                                    Regards Felix

                                    Resources:
                                    https://kopano.com/blog/how-to-get-kopano/
                                    https://documentation.kopano.io/
                                    https://kb.kopano.io/

                                    Support overview:
                                    https://kopano.com/support/

                                    darootler 1 Reply Last reply Reply Quote 0
                                    • darootler
                                      darootler @fbartels last edited by darootler

                                      @fbartels

                                      Well, i just reviewed the logs again and every time the ldap server resets the connection and an authentication is made i am getting this error. False username/password isn’t the case because the credentials are stored and not entered manually. I am sure that has something to do with the changes mentioned above, could you be so kind and contact Jan Engelhardt for a quick review of my findings?

                                      Otherwise i have to downgrade kopano, and that’s hard like hell with all the dependencies.

                                      Regards
                                      Richard

                                      1 Reply Last reply Reply Quote 0
                                      • darootler
                                        darootler last edited by darootler

                                        Even more debug information:

                                        Kopano logs:

                                        Aug  4 17:37:29 serverv2 kopano-server[1330]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server
Aug  4 17:37:31 serverv2 kopano-server[1330]: Authentication by plugin failed for user "USERNAME": LDAP auth for user "USERNAME": Can't contact LDAP server

                                        tcpdump from kopano lookup:

                                        17:37:29.128581 IP kopano-server.49129 > ldap-server.domain: 61640+ AAAA? kopano-server. (42)
17:37:29.128806 IP ldap-server.shell > kopano-server.46178: Flags [.], ack 2058, win 9434, options [nop,nop,TS val 3865952505 ecr 2989291037], length 0
17:37:29.129298 IP ldap-server.domain > kopano-server.49129: 61640* 0/1/1 (177)
17:37:29.129652 IP kopano-server.57704 > ldap-server.domain: 47351+ AAAA? kopano-server. (26)
17:37:29.130077 IP ldap-server.domain > kopano-server.57704: 47351 0/0/1 (37)
17:37:29.130528 IP kopano-server.56223 > ldap-server.domain: 54523+ AAAA? kopano-server. (42)
17:37:29.130994 IP ldap-server.domain > kopano-server.56223: 54523* 0/1/1 (177)
17:37:29.131039 IP kopano-server.39715 > ldap-server.domain: 34035+ AAAA? kopano-server.my.domain. (58)
17:37:29.131504 IP ldap-server.domain > kopano-server.39715: 34035 NXDomain* 0/0/0 (58)

                                        tcpdump from shell nslookup:

                                        17:41:46.072987 IP kopano-server.57054 > ldap-server.domain: 53018+ A? kopano-server. (42)
17:41:46.073725 IP ldap-server.domain > kopano-server.57054: 53018* 1/1/1 A 192.168.2.3 (217)
17:41:46.073877 IP kopano-server.55171 > ldap-server.domain: 25675+ AAAA? kopano-server. (42)
17:41:46.074676 IP ldap-server.domain > kopano-server.55171: 25675* 0/1/1 (177)

                                        My DNS server cannot answer the AAAA request because i am not using IPv6. On the kopano server i have disabled IPv6 on grub level. So why is kopano trying to resolve the name of the LDAP server via IPv6 lookups?

                                        Maybe that’s the cause of this issue.

                                        Regards
                                        Richard

                                        1 Reply Last reply Reply Quote 0
                                        • jengelh
                                          jengelh Banned last edited by

                                          So why is kopano trying to resolve the name of the LDAP server via IPv6 lookups?

                                          First, that’s glibc, second, because the content of data transmissions and castrating a system’s ability to offer AF_INET6 sockets are two separate things. It helps to know what ipv6.disable does, and more importantly, doesn’t do.

                                          darootler 1 Reply Last reply Reply Quote 0
                                          • darootler
                                            darootler @jengelh last edited by

                                            @jengelh said in Can't contact LDAP server:

                                            So why is kopano trying to resolve the name of the LDAP server via IPv6 lookups?

                                            First, that’s glibc, second, because the content of data transmissions and castrating a system’s ability to offer AF_INET6 sockets are two separate things. It helps to know what ipv6.disable does, and more importantly, doesn’t do.

                                            Thank you for clarification, i think i fixed all my DNS issues playing around with systemd-resolve but i am still facing issues with kopano-server authentication issues after upgrading to 10.0.6.356:

                                            ldap_connect            Number of connections made to LDAP server                                       27
ldap_reconnect          Number of re-connections made to LDAP server                                    0
ldap_connect_fail       Number of failed connections made to LDAP server                                0
ldap_connect_time       Total duration (µs) of connections made to LDAP server                          953515
ldap_max_connect        Longest connection time (µs) made to LDAP server                                54989
ldap_auth               Number of LDAP authentications                                                  129
ldap_auth_fail          Number of failed authentications                                                10
ldap_auth_time          Total authentication time (µs)                                                  3188436
ldap_max_auth           Longest duration (µs) of authentication made to LDAP server                     58361
ldap_avg_auth           Average duration (µs) of authentication made to LDAP server                     24737
ldap_search             Number of searches made to LDAP server                                          457
ldap_search_fail        Number of failed searches made to LDAP server                                   0
ldap_search_time        Total duration (µs) of LDAP searches                                            426920
ldap_max_search         Longest duration (µs) of LDAP search                                            2977
userplugin              User backend plugin                                                             ldap

                                            Any hints?

                                            Regards
                                            Richard

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post