EgroupWare + OpenLdap user not login

Fabio_Pires 2008-09-22 09:28:20 UTC #1

Hi all,

I configure egroupware with openldap but i don’t effective login to any accounts existent in ldap. I receive message “user or passwor invalid” after time “time attemp to login”. Pparently egroupware don’t look my ldap users.

My admin user in egroupware don’t login. My openldap is functionally perfectly but I do not obtain login in egroupware.

I Create my user using LDAP ADMIN GOSA. Entry mail exist in ldap. My postfix authenticate in LDAP, only my egroupware not view my LDAP users and not login.

Whats i’m make incorrect?

Any help is welcome.

Best Regards.

mike_a 2008-09-22 12:33:19 UTC #2

Fabio,

Please share more information about your environment.

Is your openLDAP server running on the same server as your eGroupWare server?

Does your openLDAP server require SSL to login?

Does the rootDN for eGroupWare have rights to LDAP?

Peace,

Michael Adair

Fabio_Pires 2008-09-22 13:21:08 UTC #3

kwizl:

Fabio,

Please share more information about your environment.

Is your openLDAP server running on the same server as your eGroupWare server?
No My openldap is diferent server that my egroupware… But LDAP replica is same this egroupware… My user authenticat in primary ldap don’ t replica.

Does your openLDAP server require SSL to login?
No my OPenldap no require SSL liss PLAIN and method CRYPT

Does the rootDN for eGroupWare have rights to LDAP?
I don’t response for its question… I have configure user egroupware in my slapd.conf for all previlegs to access my base ?

Thanks

Peace,

Michael Adair

Fabio Pires:

Hi all,

I configure egroupware with openldap but i don’t effective login to any accounts existent in ldap. I receive message “user or passwor invalid” after time “time attemp to login”. Pparently egroupware don’t look my ldap users.

My admin user in egroupware don’t login. My openldap is functionally perfectly but I do not obtain login in egroupware.

I Create my user using LDAP ADMIN GOSA. Entry mail exist in ldap. My postfix authenticate in LDAP, only my egroupware not view my LDAP users and not login.

Whats i’m make incorrect?

Any help is welcome.

Best Regards.

mike_a 2008-09-22 17:14:58 UTC #4

Open the openLDAP configuration file …/slapd.conf

If you see:

security ssf=1 update_ssf=112 simple_bind=64

then openLDAP requires SSL.

LDAP host: ldaps://ldap_host.yourdomain.tld (SSL)
ldap_host.yourdomain.tld (Unencrypted)
LDAP accounts context: ou=members,o=yourdomain.tld,dc=yourdomain,dc=tld
LDAP search filter…: (uid=%user)
LDAP groups context: ou=groups,o=yourdomain.tld,dc=yourdomain,dc=tld
LDAP rootdn…: uid=ldapadmin,dc=yourdomain,dc=tld
LDAP root password: password

Save Changes then return to the Setup Main Menu.

Step 3 - Admin Account, choose Create admin account

Enter values to create an ‘eGroupware’ website administrator in LDAP.

Admin username EgwAdmin
Admin first name eGroupWare
Admin last name Administrator
Admin email address foo@yourdomain.com
Admin password ********
Re-enter password ********

Choose Save.

If all goes well Config Admin will create a user called EgwAdmin in the ‘LDAP accounts context’.

Peace,

Michael Adair

Fabio Pires:

kwizl:

Fabio,

Please share more information about your environment.

Is your openLDAP server running on the same server as your eGroupWare server?
No My openldap is diferent server that my egroupware… But LDAP replica is same this egroupware… My user authenticat in primary ldap don’ t replica.

Does your openLDAP server require SSL to login?
No my OPenldap no require SSL liss PLAIN and method CRYPT

Does the rootDN for eGroupWare have rights to LDAP?
I don’t response for its question… I have configure user egroupware in my slapd.conf for all previlegs to access my base ?

Thanks

Peace,

Michael Adair

Fabio Pires:

Hi all,

I configure egroupware with openldap but i don’t effective login to any accounts existent in ldap. I receive message “user or passwor invalid” after time “time attemp to login”. Pparently egroupware don’t look my ldap users.

My admin user in egroupware don’t login. My openldap is functionally perfectly but I do not obtain login in egroupware.

I Create my user using LDAP ADMIN GOSA. Entry mail exist in ldap. My postfix authenticate in LDAP, only my egroupware not view my LDAP users and not login.

Whats i’m make incorrect?

Any help is welcome.

Best Regards.

Fabio_Pires 2008-09-23 22:30:39 UTC #5

Hi …

I create admin account… nut same problem persist… the return command slapcat is:

dn: uid=EgwAdmin,ou=people,dc=domain
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1
uid: EgwAdmin
gidNumber: 8
givenName: eGroupWare
sn: Administrator
mail: egw@domain
cn: eGroupWare Administrator
userPassword:: e2NyeXB0fVNtY3hjRE5veEVENG8=
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 173ff8b8-1dee-102d-9bc1-415c16cbde4f
creatorsName: cn=admin,dc=domain
createTimestamp: 20080923190345Z
entryCSN: 20080923190345Z#000001#00#000000
modifiersName: cn=admin,dc=domain
modifyTimestamp: 20080923190345Z

But my users dont login and EgwAdmin not login… you’re have any idea…

I don’t use ssl in ldap !!!

thanks

kwizl:

Open the openLDAP configuration file …/slapd.conf

If you see:

security ssf=1 update_ssf=112 simple_bind=64

then openLDAP requires SSL.

Login to Config Admin and check these settings:

LDAP host: ldaps://ldap_host.yourdomain.tld (SSL)
ldap_host.yourdomain.tld (Unencrypted)
LDAP accounts context: ou=members,o=yourdomain.tld,dc=yourdomain,dc=tld
LDAP search filter…: (uid=%user)
LDAP groups context: ou=groups,o=yourdomain.tld,dc=yourdomain,dc=tld
LDAP rootdn…: uid=ldapadmin,dc=yourdomain,dc=tld
LDAP root password: password

Save Changes then return to the Setup Main Menu.

Step 3 - Admin Account, choose Create admin account

Enter values to create an ‘eGroupware’ website administrator in LDAP.

Admin username EgwAdmin
Admin first name eGroupWare
Admin last name Administrator
Admin email address foo@yourdomain.com
Admin password ********
Re-enter password ********

Choose Save.

If all goes well Config Admin will create a user called EgwAdmin in the ‘LDAP accounts context’.

Peace,

Michael Adair

Fabio Pires:

kwizl:

Fabio,

Please share more information about your environment.

Is your openLDAP server running on the same server as your eGroupWare server?
No My openldap is diferent server that my egroupware… But LDAP replica is same this egroupware… My user authenticat in primary ldap don’ t replica.

Does your openLDAP server require SSL to login?
No my OPenldap no require SSL liss PLAIN and method CRYPT

Does the rootDN for eGroupWare have rights to LDAP?
I don’t response for its question… I have configure user egroupware in my slapd.conf for all previlegs to access my base ?

Thanks

Peace,

Michael Adair

Fabio Pires:

Hi all,

I configure egroupware with openldap but i don’t effective login to any accounts existent in ldap. I receive message “user or passwor invalid” after time “time attemp to login”. Pparently egroupware don’t look my ldap users.

My admin user in egroupware don’t login. My openldap is functionally perfectly but I do not obtain login in egroupware.

I Create my user using LDAP ADMIN GOSA. Entry mail exist in ldap. My postfix authenticate in LDAP, only my egroupware not view my LDAP users and not login.

Whats i’m make incorrect?

Any help is welcome.

Best Regards.

mike_a 2008-09-24 01:01:00 UTC #6

Hi Fabio,

eGroupWare created the admin account so that means eGroupware is configured properly and eGroupWare can authenticate to openLDAP as root administrator.

Check the acls. User’s need the following privileges to authenticate:

access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

Peace,

Michael Adair

Fabio Pires:

Hi …

I create admin account… nut same problem persist… the return command slapcat is:

dn: uid=EgwAdmin,ou=people,dc=domain
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1
uid: EgwAdmin
gidNumber: 8
givenName: eGroupWare
sn: Administrator
mail: egw@domain
cn: eGroupWare Administrator
userPassword:: e2NyeXB0fVNtY3hjRE5veEVENG8=
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 173ff8b8-1dee-102d-9bc1-415c16cbde4f
creatorsName: cn=admin,dc=domain
createTimestamp: 20080923190345Z
entryCSN: 20080923190345Z#000001#00#000000
modifiersName: cn=admin,dc=domain
modifyTimestamp: 20080923190345Z

But my users dont login and EgwAdmin not login… you’re have any idea…

I don’t use ssl in ldap !!!

thanks

Fabio_Pires 2008-09-24 05:00:38 UTC #7

Ho Michael … thanks for your help but i don’t login with any user…

THIS PRINCIPAL DETAIL IS:

MY LDAP PRIMARY BASE IS INSTALL IN ONE SERVER, MY EGROUPWARE IS INSTALL IN ANOTHER SERVER:

SERVER 01 = LDAP BASE MASTER
SERVER 02 = LDAP BASE SLAVE + EGROUPWARE

BUT MY EGROUP IS APPOIMENT FOR LDAP BASE MASTER NO SLAVE.

If i again entry with user EgwAdmin i receive message "Bad Login or Password"
If i again entry another user existing in my ldap base i receive message: "“Youtr session could not be verified.”

The strange is that in my ldap base user EgwAdmin exist and created for egroupware interface web.

You know if exist specified entry in ldap for egroup ware? Especified atribute to user for use egroupware? Exist epecified schemas for egroup ?

My slapd.conf is:

#SLAPD.CONF BY FABIO PIRES FOR DOMAIN
#DATE: 17/09

########################################################################
#PERMITE A UTILIZACAO DE BIND PARA PESQUISAS
allow bind_v2

########################################################################
#SCHEMAS DISPONIVES PARA CRIACAO DE BASE LDAP NAS OBJECTCLASS
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
#include /etc/ldap/schema/rfc2307bis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/qmail.schema
include /etc/ldap/schema/dnszone.schema

########################################################################
#GOSA schemas
include /etc/ldap/schema/samba3.schema
include /etc/ldap/schema/gofon.schema
include /etc/ldap/schema/gosystem.schema
include /etc/ldap/schema/goto.schema
include /etc/ldap/schema/gosa+samba3.schema
include /etc/ldap/schema/goserver.schema
include /etc/ldap/schema/goto-mime.schema
include /etc/ldap/schema/gofax.schema

#########################################################################
#REFERENCIAS AOS PROCESSOS
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args

#########################################################################

#########################################################################
#NIVEL DE DEPURACÃO DO LOG

loglevel 1
#########################################################################
#LOCAL DOS MODULOS E LOCAL A SER CARREGADO
modulepath /usr/lib/ldap
moduleload syncprov
moduleload back_bdb

#########################################################################
#QUANTIDE DE ENTRADAS POR BUSCA
sizelimit 1000

#########################################################################
#QUANTIDADE DE CPU’S PARA REALIZAR AS CONSULTAS
tool-threads 3

#######################################################################
#TIPO DE ARMAZENAMENTO DE DADOS DA BASE LDAP
backend bdb
checkpoint 512 30

#######################################################################
#ESPECIFICAR AS DIRETIVAS PARA A BASE DE DADOS OU BACKEND
##backend

#######################################################################
#DIRETIVAS DA BASE DE DADOS
database bdb
suffix "dc=domain"
rootdn "cn=admin,dc=domain"
rootpw {CRYPT}ssdsnmdsod;NHUIGH
directory “/var/lib/ldap”

#######################################################################
#######################################################################
#CONFIGURACÕES PARA A REPLICACÃO DA BASE LDAP - ALBANO
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
#######################################################################
PARAMETROS DE OTIMIZACAO DAS PESQUISAS
#dbconfig set_cachesize 0 2097152 0

Number of objects that can be locked at the same time.

dbconfig set_lk_max_objects 1500

Number of locks (both requested and granted)

dbconfig set_lk_max_locks 1500

Number of lockers

dbconfig set_lk_max_lockers 1500

#############################################################
#INDEX PARA PESQUISAS DISPONIVEIS NA BASE LDAP
index entryCSN eq
index entryUUID eq
index objectClass eq
index uid pres,eq,sub
index displayName pres,sub,eq
index gosaMailDeliveryMode pres,eq,sub
index sambaSID,sambaGroupType,sambaSIDList eq,pres
index sambaDomainName,uniqueMember eq,pres
index zoneName eq
index relativeDomainName eq
index ou,cn,sn,mail,givenname eq,pres,sub
index uidNumber,gidNumber,memberUid eq,pres
index loginShell eq,pres# Save the time that the entry gets modified, for database #1
lastmod on

#############################################################
#PERMISSOES DE ACESSO PARA PESQUISAS NA BASE

access to attrs=userPassword,shadowLastChange,shadowMax,shadowExpire
by dn=“cn=admin,dc=domain” write
by anonymous auth
by self write
by * none

access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

access to *
by dn=“cn=admin,dc=domain” write
by * read

Thanks for any help !!!

kwizl:

Hi Fabio,

eGroupWare created the admin account so that means eGroupware is configured properly and eGroupWare can authenticate to openLDAP as root administrator.

Check the acls. User’s need the following privileges to authenticate:

access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

Peace,

Michael Adair

Fabio Pires:

Hi …

I create admin account… nut same problem persist… the return command slapcat is:

dn: uid=EgwAdmin,ou=people,dc=domain
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1
uid: EgwAdmin
gidNumber: 8
givenName: eGroupWare
sn: Administrator
mail: egw@domain
cn: eGroupWare Administrator
userPassword:: e2NyeXB0fVNtY3hjRE5veEVENG8=
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 173ff8b8-1dee-102d-9bc1-415c16cbde4f
creatorsName: cn=admin,dc=domain
createTimestamp: 20080923190345Z
entryCSN: 20080923190345Z#000001#00#000000
modifiersName: cn=admin,dc=domain
modifyTimestamp: 20080923190345Z

But my users dont login and EgwAdmin not login… you’re have any idea…

I don’t use ssl in ldap !!!

thanks

Fabio_Pires 2008-09-24 05:06:20 UTC #8

IN MY LOG.FILE:

Sep 23 23:02:58 gheorghe slapd[7429]: => get_ctrls: oid=“1.3.6.1.4.1.4203.1.9.1.1” (noncritical)
Sep 23 23:02:58 gheorghe slapd[7429]: <= get_ctrls: n=1 rc=0 err=""
Sep 23 23:02:58 gheorghe slapd[7429]: slap_global_control: unavailable control: 1.3.6.1.4.1.4203.1.9.1.1
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_result: conn=0 op=1 p=3
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_response: msgid=2 tag=101 err=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_get(12): got connid=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_read(12): checking for input on id=0
Sep 23 23:02:58 gheorghe slapd[7429]: ber_get_next on fd 12 failed errno=0 (Success)
Sep 23 23:02:58 gheorghe slapd[7429]: connection_closing: readying conn=0 sd=12 for close
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: deferring conn=0 sd=-1
Sep 23 23:02:58 gheorghe slapd[7429]: do_unbind
Sep 23 23:02:58 gheorghe slapd[7429]: connection_resched: attempting closing conn=0 sd=12
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: conn=0 sd=-1

kwizl:

Hi Fabio,

eGroupWare created the admin account so that means eGroupware is configured properly and eGroupWare can authenticate to openLDAP as root administrator.

Check the acls. User’s need the following privileges to authenticate:

access to dn.base=""
by * read

access to dn.base="cn=Subschema"
by * read

access to attrs=userPassword,userPKCS12
by self write
by * auth

access to attrs=shadowLastChange
by self write
by * read

Peace,

Michael Adair

Fabio Pires:

Hi …

I create admin account… nut same problem persist… the return command slapcat is:

dn: uid=EgwAdmin,ou=people,dc=domain
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uidNumber: 1
uid: EgwAdmin
gidNumber: 8
givenName: eGroupWare
sn: Administrator
mail: egw@domain
cn: eGroupWare Administrator
userPassword:: e2NyeXB0fVNtY3hjRE5veEVENG8=
homeDirectory: /dev/null
structuralObjectClass: inetOrgPerson
entryUUID: 173ff8b8-1dee-102d-9bc1-415c16cbde4f
creatorsName: cn=admin,dc=domain
createTimestamp: 20080923190345Z
entryCSN: 20080923190345Z#000001#00#000000
modifiersName: cn=admin,dc=domain
modifyTimestamp: 20080923190345Z

But my users dont login and EgwAdmin not login… you’re have any idea…

I don’t use ssl in ldap !!!

thanks

mike_a 2008-09-24 14:43:16 UTC #9

Hi Fabio,

Working schema defs:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/ppolicy.schema

eGroupware requires rfc2307bis.schema so you may want to try:

#/etc/openldap/schema/nis.schema
/etc/openldap/schema/rfc2307bis.schema

If that doesn’t work then increase openLDAP log level. In slapd.conf:

loglevel -1

If 1.3.6.1.4.1.4203.1.9.1.1 (RFC4533 - Content Synchronization Operation), is causing the error then you a much deeper problem beyond the scope of this group though you may want to try changing the overlay order (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4323) on the master replica server.

Peace

Michael Adair

Fabio Pires:

IN MY LOG.FILE:

Sep 23 23:02:58 gheorghe slapd[7429]: => get_ctrls: oid=“1.3.6.1.4.1.4203.1.9.1.1” (noncritical)
Sep 23 23:02:58 gheorghe slapd[7429]: <= get_ctrls: n=1 rc=0 err=""
Sep 23 23:02:58 gheorghe slapd[7429]: slap_global_control: unavailable control: 1.3.6.1.4.1.4203.1.9.1.1
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_result: conn=0 op=1 p=3
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_response: msgid=2 tag=101 err=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_get(12): got connid=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_read(12): checking for input on id=0
Sep 23 23:02:58 gheorghe slapd[7429]: ber_get_next on fd 12 failed errno=0 (Success)
Sep 23 23:02:58 gheorghe slapd[7429]: connection_closing: readying conn=0 sd=12 for close
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: deferring conn=0 sd=-1
Sep 23 23:02:58 gheorghe slapd[7429]: do_unbind
Sep 23 23:02:58 gheorghe slapd[7429]: connection_resched: attempting closing conn=0 sd=12
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: conn=0 sd=-1

Fabio_Pires 2008-09-25 15:05:15 UTC #10

Hi alll after any time i have entry with Egwadmin in my egroupware eith ldap…

But i don’t login with other user… If any user different the EgwAdmin i receive it error:

“Your session could not be verified.”

I change my php_session to “db” or “php” i receive same error…

Any idea for the new problem ???

Thanks All!!!

kwizl:

Hi Fabio,

Working schema defs:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/ppolicy.schema

eGroupware requires rfc2307bis.schema so you may want to try:

#/etc/openldap/schema/nis.schema
/etc/openldap/schema/rfc2307bis.schema

If that doesn’t work then increase openLDAP log level. In slapd.conf:

loglevel -1

If 1.3.6.1.4.1.4203.1.9.1.1 (RFC4533 - Content Synchronization Operation), is causing the error then you a much deeper problem beyond the scope of this group though you may want to try changing the overlay order (http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4323) on the master replica server.

Peace

Michael Adair

Fabio Pires:

IN MY LOG.FILE:

Sep 23 23:02:58 gheorghe slapd[7429]: => get_ctrls: oid=“1.3.6.1.4.1.4203.1.9.1.1” (noncritical)
Sep 23 23:02:58 gheorghe slapd[7429]: <= get_ctrls: n=1 rc=0 err=""
Sep 23 23:02:58 gheorghe slapd[7429]: slap_global_control: unavailable control: 1.3.6.1.4.1.4203.1.9.1.1
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_result: conn=0 op=1 p=3
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_response: msgid=2 tag=101 err=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_get(12): got connid=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_read(12): checking for input on id=0
Sep 23 23:02:58 gheorghe slapd[7429]: ber_get_next on fd 12 failed errno=0 (Success)
Sep 23 23:02:58 gheorghe slapd[7429]: connection_closing: readying conn=0 sd=12 for close
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: deferring conn=0 sd=-1
Sep 23 23:02:58 gheorghe slapd[7429]: do_unbind
Sep 23 23:02:58 gheorghe slapd[7429]: connection_resched: attempting closing conn=0 sd=12
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: conn=0 sd=-1

Ralf_Becker_6 2008-09-26 06:22:48 UTC #11

“your session could not be verified” has nothing to do with LDAP!

It’s caused either be wrong cookie parameters (Admin >> Site
configuration), old cookies taking precedence over the current ones or
not working session (eg. session.save_path not writeable by the webserver).

Ralf

Fabio Pires schrieb:

Hi alll after any time i have entry with Egwadmin in my egroupware eith
ldap…

But i don’t login with other user… If any user different the EgwAdmin i
receive it error:

“Your session could not be verified.”

I change my php_session to “db” or “php” i receive same error…

Any idea for the new problem ???

Thanks All!!!

kwizl wrote:

Hi Fabio,

Working schema defs:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/ppolicy.schema

eGroupware requires rfc2307bis.schema so you may want to try:

#/etc/openldap/schema/nis.schema
/etc/openldap/schema/rfc2307bis.schema

If that doesn’t work then increase openLDAP log level. In slapd.conf:

loglevel -1

If 1.3.6.1.4.1.4203.1.9.1.1 (RFC4533 - Content Synchronization Operation),
is causing the error then you a much deeper problem beyond the scope of
this group though you may want to try changing the overlay order
(http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4323) on the
master replica server.

Peace

Michael Adair

Fabio Pires wrote:

IN MY LOG.FILE:

Sep 23 23:02:58 gheorghe slapd[7429]: => get_ctrls:
oid=“1.3.6.1.4.1.4203.1.9.1.1” (noncritical)
Sep 23 23:02:58 gheorghe slapd[7429]: <= get_ctrls: n=1 rc=0 err=""
Sep 23 23:02:58 gheorghe slapd[7429]: slap_global_control: unavailable
control: 1.3.6.1.4.1.4203.1.9.1.1
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_result: conn=0 op=1 p=3
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_response: msgid=2 tag=101
err=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_get(12): got connid=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_read(12): checking for
input on id=0
Sep 23 23:02:58 gheorghe slapd[7429]: ber_get_next on fd 12 failed
errno=0 (Success)
Sep 23 23:02:58 gheorghe slapd[7429]: connection_closing: readying conn=0
sd=12 for close
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: deferring conn=0
sd=-1
Sep 23 23:02:58 gheorghe slapd[7429]: do_unbind
Sep 23 23:02:58 gheorghe slapd[7429]: connection_resched: attempting
closing conn=0 sd=12
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: conn=0 sd=-1

–
Ralf Becker
Director Software Development

Stylite GmbH
[open style of IT]

Morschheimer Strasse 15
67292 Kirchheimbolanden

fon +49 (0) 6352 70629-0
fax +49 (0) 6352 70629-30
cell +49 (0) 170 7815917
mailto: rb@stylite.de

www.stylite.de
www.egroupware.org

Geschäftsführer Andre Keller, Nigel John Vickers,
Gudrun K. Müller und Ralf Becker
Registergericht Kaiserslautern HRB 12087

This SF.Net email is sponsored by the Moblin Your Move Developer’s challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users

Fabio_Pires 2008-09-26 23:40:22 UTC #12

SOLVED

Hi all… thanks for any help …!!! My problem is solved and i posted in list solutions…

The problem is caused to any error that in group generate big problem…

The solutions is simple for the problem to user not login…

Simple insert ldap user in group “Default”. This group is created for egroupware in configuration moment. But depend why insert group received error…

In my ldap group name “DEFAULT” i create on etry for any users. All users that use my egroupware listed in DEFAULT group.

Output slapcat.
dn: cn=Default,ou=groups,dc=domain
objectClass: top
objectClass: posixGroup
gidNumber: 3
cn: Default
structuralObjectClass: posixGroup
creatorsName: cn=admin,dc=domain
createTimestamp: 20080923190345Z
memberUid: EgwAdmin
memberUid: teste3 teste3
memberUid: teste4
memberUid: teste3
memberUid: teste2
memberUid: teste6
memberUid: teste9
entryCSN: 20080925130156Z#000001#00#000000
modifiersName: cn=admin,dc=deomain
modifyTimestamp: 20080925130156Z
entryUUID: 172a2f56-1dee-102d-9bc0-415c16cbde4f

The GOSA2 create same (DEFAULT) entry in my ldap … and its ius cause my error… After insert user into DEFAULT my problem is solved. My GOSA2 is perfectly … my egroupware is perfect and i happyness forever.,… srsrsr

THANKS FOR ALL!!!

ralfbecker:

“your session could not be verified” has nothing to do with LDAP!

It’s caused either be wrong cookie parameters (Admin >> Site
configuration), old cookies taking precedence over the current ones or
not working session (eg. session.save_path not writeable by the webserver).

Ralf

Fabio Pires schrieb:

Hi alll after any time i have entry with Egwadmin in my egroupware eith
ldap…

But i don’t login with other user… If any user different the EgwAdmin i
receive it error:

“Your session could not be verified.”

I change my php_session to “db” or “php” i receive same error…

Any idea for the new problem ???

Thanks All!!!

kwizl wrote:

Hi Fabio,

Working schema defs:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/rfc2307bis.schema
include /etc/openldap/schema/yast.schema
include /etc/openldap/schema/ppolicy.schema

eGroupware requires rfc2307bis.schema so you may want to try:

#/etc/openldap/schema/nis.schema
/etc/openldap/schema/rfc2307bis.schema

If that doesn’t work then increase openLDAP log level. In slapd.conf:

loglevel -1

If 1.3.6.1.4.1.4203.1.9.1.1 (RFC4533 - Content Synchronization Operation),
is causing the error then you a much deeper problem beyond the scope of
this group though you may want to try changing the overlay order
(http://www.openldap.org/its/index.cgi/Software%20Bugs?id=4323) on the
master replica server.

Peace

Michael Adair

Fabio Pires wrote:

IN MY LOG.FILE:

Sep 23 23:02:58 gheorghe slapd[7429]: => get_ctrls:
oid=“1.3.6.1.4.1.4203.1.9.1.1” (noncritical)
Sep 23 23:02:58 gheorghe slapd[7429]: <= get_ctrls: n=1 rc=0 err=""
Sep 23 23:02:58 gheorghe slapd[7429]: slap_global_control: unavailable
control: 1.3.6.1.4.1.4203.1.9.1.1
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_result: conn=0 op=1 p=3
Sep 23 23:02:58 gheorghe slapd[7429]: send_ldap_response: msgid=2 tag=101
err=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_get(12): got connid=0
Sep 23 23:02:58 gheorghe slapd[7429]: connection_read(12): checking for
input on id=0
Sep 23 23:02:58 gheorghe slapd[7429]: ber_get_next on fd 12 failed
errno=0 (Success)
Sep 23 23:02:58 gheorghe slapd[7429]: connection_closing: readying conn=0
sd=12 for close
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: deferring conn=0
sd=-1
Sep 23 23:02:58 gheorghe slapd[7429]: do_unbind
Sep 23 23:02:58 gheorghe slapd[7429]: connection_resched: attempting
closing conn=0 sd=12
Sep 23 23:02:58 gheorghe slapd[7429]: connection_close: conn=0 sd=-1

–
Ralf Becker
Director Software Development

Stylite GmbH
[open style of IT]

Morschheimer Strasse 15
67292 Kirchheimbolanden

fon +49 (0) 6352 70629-0
fax +49 (0) 6352 70629-30
cell +49 (0) 170 7815917
mailto: rb@stylite.de

www.stylite.de
www.egroupware.org

Geschäftsführer Andre Keller, Nigel John Vickers,
Gudrun K. Müller und Ralf Becker
Registergericht Kaiserslautern HRB 12087

This SF.Net email is sponsored by the Moblin Your Move Developer’s challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users