1

Topic: RoundCube "could not save password"

Hi, I have tried to upgrade my version of RoundCube and am having a problem getting the password plugin to update the password for the logged in user.
Every time I get the error: "could not save password".
I am using RoundCube 0.5.1. I have attached the config file, this may be where I am going wrong when updating.

Thanks.

Post's attachments

config.inc.txt 10.96 kb, 5 downloads since 2011-07-23 

You don't have the permssions to download the attachments of this post.

2

Re: RoundCube "could not save password"

Why these settings are not enabled:

//$rcmail_config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com';
//$rcmail_config['password_ldap_search_filter'] = '(uid=%login)';

3

Re: RoundCube "could not save password"

ZhangHuangbin wrote:

Why these settings are not enabled:

//$rcmail_config['password_ldap_search_base'] = 'ou=people,dc=example,dc=com';
//$rcmail_config['password_ldap_search_filter'] = '(uid=%login)';

Because when I read the comments it says: Note that you should comment out the default password_ldap_userDN_mask setting for this to take effect.

I was following an example from the old RoundCube plugins/password/config.inc.php file.

I had uploaded the new files un commenting the changes you suggested although still the same error, there is no "people" so I even tried "ou=Users"

Post's attachments

config.inc.txt 10.95 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

4

Re: RoundCube "could not save password"

Why not refer to your old versions of iRedMail?

Anyway, here's default settings configured by iRedMail, roundcubemail-0.5.3. Reference here.

$rcmail_config['password_driver'] = "ldap_simple";
$rcmail_config['password_confirm_current'] = true;
$rcmail_config['password_minimum_length'] = 6;
$rcmail_config['password_require_nonalpha'] = false;

$rcmail_config['password_ldap_host'] = "127.0.0.1";
$rcmail_config['password_ldap_port'] = "389";
$rcmail_config['password_ldap_starttls'] = false;
$rcmail_config['password_ldap_version'] = "3";
$rcmail_config['password_ldap_basedn'] = "o=domains,dc=iredmail,dc=org";
$rcmail_config['password_ldap_method'] = "user";
$rcmail_config['password_ldap_adminDN'] = "null";
$rcmail_config['password_ldap_adminPW'] = "null";
$rcmail_config['password_ldap_userDN_mask'] = "mail=%login,ou=Users,domainName=%domain,o=domains,dc=iredmail,dc=org";

$rcmail_config['password_ldap_encodage'] = "ssha";
$rcmail_config['password_ldap_pwattr'] = "userPassword";
$rcmail_config['password_ldap_force_replace'] = false;
$rcmail_config['password_ldap_lchattr'] = "shadowLastChange";

The obvious difference is password_driver.

5

Re: RoundCube "could not save password"

I tried and still the same error is returned "could not save new password".

<?php

// Password Plugin options
// -----------------------
// A driver to use for password change. Default: "sql".
// See README file for list of supported driver names.
$rcmail_config['password_driver'] = 'ldap_simple';

// Determine whether current password is required to change password.
// Default: false.
$rcmail_config['password_confirm_current'] = true;

// Require the new password to be a certain length.
// set to blank to allow passwords of any length
$rcmail_config['password_minimum_length'] = 6;

// Require the new password to contain a letter and punctuation character
// Change to false to remove this check.
$rcmail_config['password_require_nonalpha'] = false;


// LDAP and LDAP_SIMPLE Driver options
// -----------------------------------
// LDAP server name to connect to. 
// You can provide one or several hosts in an array in which case the hosts are tried from left to right.
// Exemple: array('ldap1.exemple.com', 'ldap2.exemple.com');
// Default: 'localhost'
$rcmail_config['password_ldap_host'] = '127.0.0.1';

// LDAP server port to connect to
// Default: '389'
$rcmail_config['password_ldap_port'] = '389';

// TLS is started after connecting
// Using TLS for password modification is recommanded.
// Default: false
$rcmail_config['password_ldap_starttls'] = false;

// LDAP version
// Default: '3'
$rcmail_config['password_ldap_version'] = '3';

// LDAP base name (root directory)
// Exemple: 'dc=exemple,dc=com'
$rcmail_config['password_ldap_basedn'] = 'o=domains,dc=web2works,dc=co,dc=uk';

// LDAP connection method
// There is two connection method for changing a user's LDAP password.
// 'user': use user credential (recommanded, require password_confirm_current=true)
// 'admin': use admin credential (this mode require password_ldap_adminDN and password_ldap_adminPW)
// Default: 'user'
$rcmail_config['password_ldap_method'] = 'user';

// LDAP Admin DN
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminDN'] = null;

// LDAP Admin Password
// Used only in admin connection mode
// Default: null
$rcmail_config['password_ldap_adminPW'] = null;

// LDAP user DN mask
// The user's DN is mandatory and as we only have his login,
// we need to re-create his DN using a mask
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// Exemple: 'uid=%login,ou=people,dc=exemple,dc=com'
$rcmail_config['password_ldap_userDN_mask'] = 'mail=%login,ou=Users,domainName=%domain,o=domains,dc=web2works,dc=co,dc=uk';

// LDAP search DN
// The DN roundcube should bind with to find out user's DN
// based on his login. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// Use this if you cannot specify a general template for user DN with
// password_ldap_userDN_mask. You need to perform a search based on
// users login to find his DN instead. A common reason might be that
// your users are placed under different ou's like engineering or
// sales which cannot be derived from their login only.
//$rcmail_config['password_ldap_searchDN'] = 'cn=roundcube,ou=services,dc=example,dc=com';

// LDAP search password
// If password_ldap_searchDN is set, the password to use for
// binding to search for user's DN. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// Warning: Be sure to set approperiate permissions on this file so this password
// is only accesible to roundcube and don't forget to restrict roundcube's access to
// your directory as much as possible using ACLs. Should this password be compromised
// you want to minimize the damage.
//$rcmail_config['password_ldap_searchPW'] = 'secret';

// LDAP search base
// If password_ldap_searchDN is set, the base to search in using the filter below.
// Note that you should comment out the default password_ldap_userDN_mask setting
// for this to take effect.
//$rcmail_config['password_ldap_search_base'] = 'ou=Users,dc=web2works,dc=co,dc=uk';

// LDAP search filter
// If password_ldap_searchDN is set, the filter to use when
// searching for user's DN. Note that you should comment out the default
// password_ldap_userDN_mask setting for this to take effect.
// '%login' will be replaced by the current roundcube user's login
// '%name' will be replaced by the current roundcube user's name part
// '%domain' will be replaced by the current roundcube user's domain part
// '%dc' will be replaced by domain name hierarchal string e.g. "dc=test,dc=domain,dc=com"
// Example: '(uid=%login)'
// Example: '(&(objectClass=posixAccount)(uid=%login))'
//$rcmail_config['password_ldap_search_filter'] = '(uid=%login)';

// LDAP password hash type
// Standard LDAP encryption type which must be one of: crypt,
// ext_des, md5crypt, blowfish, md5, sha, smd5, ssha, or clear.
// Please note that most encodage types require external libraries
// to be included in your PHP installation, see function hashPassword in drivers/ldap.php for more info.
// Default: 'crypt'
$rcmail_config['password_ldap_encodage'] = 'ssha';

// LDAP password attribute
// Name of the ldap's attribute used for storing user password
// Default: 'userPassword'
$rcmail_config['password_ldap_pwattr'] = 'userPassword';

// LDAP password force replace
// Force LDAP replace in cases where ACL allows only replace not read
// See http://pear.php.net/package/Net_LDAP2/docs/latest/Net_LDAP2/Net_LDAP2_Entry.html#methodreplace
// Default: true
$rcmail_config['password_ldap_force_replace'] = false;

// LDAP Password Last Change Date
// Some places use an attribute to store the date of the last password change
// The date is meassured in "days since epoch" (an integer value)
// Whenever the password is changed, the attribute will be updated if set (e.g. shadowLastChange)
$rcmail_config['password_ldap_lchattr'] = "shadowLastChange";

// Also try to update Samba password attributes: sambaNTPassword and sambaPwdLastSet
//$rcmail_config['password_ldap_samba'] = false;

In the read it goes against the default settings saying

 2.12.  LDAP - no PEAR (ldap_simple)
 -----------------------------------

 It's rewritten ldap driver that doesn't require the Net_LDAP2 PEAR extension.
 It uses directly PHP's ldap module functions instead (as Roundcube does).

 This driver is fully compatible with the ldap driver, but
 does not require (or uses) the
    $rcmail_config['password_ldap_force_replace'] variable.
 Other advantages:
    * Connects only once with the LDAP server when using the search user.
    * Does not read the DN, but only replaces the password within (that is
      why the 'force replace' is always used).

Not sure if this helps but I tried turning on logging for the imap get no errors

[23-Jul-2011 18:25:43 +0100]: S: * OK Dovecot ready.
[23-Jul-2011 18:25:43 +0100]: C: A0001 CAPABILITY
[23-Jul-2011 18:25:43 +0100]: S: * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 QUOTA STARTTLS AUTH=PLAIN AUTH=LOGIN
[23-Jul-2011 18:25:43 +0100]: S: A0001 OK Capability completed.
[23-Jul-2011 18:25:43 +0100]: C: A0002 AUTHENTICATE PLAIN cmFjaGVsLmhlYWx5QG9nbGVtZWRpYS5jby51awByYWNoZWwuaGVhbHlAb2dsZW1lZGlhLmNvLnVrAHJhY2g=
[23-Jul-2011 18:25:43 +0100]: S: A0002 OK Logged in.
[23-Jul-2011 18:25:43 +0100]: C: A0003 LIST (SUBSCRIBED) "" "*"
[23-Jul-2011 18:25:43 +0100]: S: * LIST (\Subscribed) "." "Sent"
[23-Jul-2011 18:25:43 +0100]: S: A0003 OK List completed.
[23-Jul-2011 18:25:43 +0100]: C: A0004 STATUS INBOX (MESSAGES UNSEEN)
[23-Jul-2011 18:25:43 +0100]: S: * STATUS "INBOX" (MESSAGES 6 UNSEEN 0)
[23-Jul-2011 18:25:43 +0100]: S: A0004 OK Status completed.
[23-Jul-2011 18:25:43 +0100]: C: A0005 SELECT INBOX
[23-Jul-2011 18:25:43 +0100]: S: * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
[23-Jul-2011 18:25:43 +0100]: S: * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
[23-Jul-2011 18:25:43 +0100]: S: * 6 EXISTS
[23-Jul-2011 18:25:43 +0100]: S: * 0 RECENT
[23-Jul-2011 18:25:43 +0100]: S: * OK [UIDVALIDITY 1311262584] UIDs valid
[23-Jul-2011 18:25:43 +0100]: S: * OK [UIDNEXT 7] Predicted next UID
[23-Jul-2011 18:25:43 +0100]: S: A0005 OK [READ-WRITE] Select completed.
[23-Jul-2011 18:25:43 +0100]: C: A0006 FETCH 6 (UID)
[23-Jul-2011 18:25:43 +0100]: S: * 6 FETCH (UID 6)
[23-Jul-2011 18:25:43 +0100]: S: A0006 OK Fetch completed.
[23-Jul-2011 18:25:43 +0100]: C: A0007 STATUS Sent (MESSAGES UNSEEN)
[23-Jul-2011 18:25:43 +0100]: S: * STATUS "Sent" (MESSAGES 2 UNSEEN 0)
[23-Jul-2011 18:25:43 +0100]: S: A0007 OK Status completed.
[23-Jul-2011 18:25:43 +0100]: C: A0008 LOGOUT
[23-Jul-2011 18:25:43 +0100]: S: * BYE Logging out
[23-Jul-2011 18:25:43 +0100]: S: A0008 OK Logout completed.

6

Re: RoundCube "could not save password"

web2works wrote:

Not sure if this helps but I tried turning on logging for the imap get no errors

We need OpenLDAP debug log for troubleshooting.

How to turn on debug mode in OpenLDAP: http://www.iredmail.org/wiki/index.php? … n.OpenLDAP

7

Re: RoundCube "could not save password"

ZhangHuangbin wrote:
web2works wrote:

Not sure if this helps but I tried turning on logging for the imap get no errors

We need OpenLDAP debug log for troubleshooting.

How to turn on debug mode in OpenLDAP: http://www.iredmail.org/wiki/index.php? … n.OpenLDAP

My log level was already set to 256 although still nothing inside the log files itself. Is this correct to restart OpenLDAP service?

/etc/init.d/slapd restart

This is a print screen of the permissions set on the log file.
http://img683.imageshack.us/img683/1479/unled4sp.jpg

8

Re: RoundCube "could not save password"

Try to restart 'syslog' or 'rsyslog' service first, then restart OpenLDAP service again.
If still no log in /var/log/openldap.log, check syslog configure files, make sure you're using correct syslog daemon (syslog or rsyslog), and configure 'local4.*' to log into /var/log/openldap.log.

9

Re: RoundCube "could not save password"

ZhangHuangbin wrote:

Try to restart 'syslog' or 'rsyslog' service first, then restart OpenLDAP service again.
If still no log in /var/log/openldap.log, check syslog configure files, make sure you're using correct syslog daemon (syslog or rsyslog), and configure 'local4.*' to log into /var/log/openldap.log.

After adding:

local4.*        /var/log/openldap.log

I now get the following logs, if this helps find where I am going wrong.

Jul 25 02:27:01 example slapd[18371]: daemon: activity on 1 descriptor 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on:
Jul 25 02:27:01 example slapd[18371]:  
Jul 25 02:27:01 example slapd[18371]: slap_listener_activate(9):  
Jul 25 02:27:01 example slapd[18371]: daemon: epoll: listen=8 active_threads=0 tvp=NULL 
Jul 25 02:27:01 example slapd[18371]: daemon: epoll: listen=9 busy 
Jul 25 02:27:01 example slapd[18371]: >>> slap_listener(ldap:///) 
Jul 25 02:27:01 example slapd[18371]: daemon: listen=9, new connection on 20 
Jul 25 02:27:01 example slapd[18371]: daemon: added 20r (active) listener=(nil) 
Jul 25 02:27:01 example slapd[18371]: conn=26 fd=20 ACCEPT from IP=127.0.0.1:43399 (IP=0.0.0.0:389) 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on 1 descriptor 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on:
Jul 25 02:27:01 example slapd[18371]:  
Jul 25 02:27:01 example slapd[18371]: daemon: epoll: listen=8 active_threads=0 tvp=NULL 
Jul 25 02:27:01 example slapd[18371]: daemon: epoll: listen=9 active_threads=0 tvp=NULL 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on 1 descriptor 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on:
Jul 25 02:27:01 example slapd[18371]:  20r
Jul 25 02:27:01 example slapd[18371]:  
Jul 25 02:27:01 example slapd[18371]: daemon: read active on 20 
Jul 25 02:27:01 example slapd[18371]: connection_get(20) 
Jul 25 02:27:01 example slapd[18371]: connection_get(20): got connid=26 
Jul 25 02:27:01 example slapd[18371]: connection_read(20): checking for input on id=26 
Jul 25 02:27:01 example slapd[18371]: conn=26 op=0 do_bind 
Jul 25 02:27:01 example slapd[18371]: >>> dnPrettyNormal: <mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk> 
Jul 25 02:27:01 example slapd[18371]: <<< dnPrettyNormal: <mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk>, <mail=info@example2.co.uk,ou=users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk> 
Jul 25 02:27:01 example slapd[18371]: conn=26 op=0 BIND dn="mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk" method=128 
Jul 25 02:27:01 example slapd[18371]: do_bind: version=3 dn="mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk" method=128 
Jul 25 02:27:01 example slapd[18371]: ==> bdb_bind: dn: mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk 
Jul 25 02:27:01 example slapd[18371]: bdb_dn2entry("mail=info@example2.co.uk,ou=users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk") 
Jul 25 02:27:01 example slapd[18371]: => access_allowed: auth access to "mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk" "userPassword" requested 
Jul 25 02:27:01 example slapd[18371]: => acl_get: [1] attr userPassword 
Jul 25 02:27:01 example slapd[18371]: => slap_access_allowed: result not in cache (userPassword) 
Jul 25 02:27:01 example slapd[18371]: => acl_mask: access to entry "mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk", attr "userPassword" requested 
Jul 25 02:27:01 example slapd[18371]: => acl_mask: to value by "", (=0)  
Jul 25 02:27:01 example slapd[18371]: <= check a_dn_pat: anonymous 
Jul 25 02:27:01 example slapd[18371]: <= acl_mask: [1] applying auth(=xd) (stop) 
Jul 25 02:27:01 example slapd[18371]: <= acl_mask: [1] mask: auth(=xd) 
Jul 25 02:27:01 example slapd[18371]: => slap_access_allowed: auth access granted by auth(=xd) 
Jul 25 02:27:01 example slapd[18371]: => access_allowed: auth access granted by auth(=xd) 
Jul 25 02:27:01 example slapd[18371]: conn=26 op=0 BIND dn="mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk" mech=SIMPLE ssf=0 
Jul 25 02:27:01 example slapd[18371]: do_bind: v3 bind: "mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk" to "mail=info@example2.co.uk,ou=Users,domainName=example2.co.uk,o=domains,dc=example,dc=co,dc=uk" 
Jul 25 02:27:01 example slapd[18371]: send_ldap_result: conn=26 op=0 p=3 
Jul 25 02:27:01 example slapd[18371]: send_ldap_result: err=0 matched="" text="" 
Jul 25 02:27:01 example slapd[18371]: send_ldap_response: msgid=1 tag=97 err=0 
Jul 25 02:27:01 example slapd[18371]: conn=26 op=0 RESULT tag=97 err=0 text= 
Jul 25 02:27:01 example slapd[18371]: daemon: epoll: listen=8 active_threads=0 tvp=NULL 
Jul 25 02:27:01 example slapd[18371]: daemon: epoll: listen=9 active_threads=0 tvp=NULL 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on 2 descriptors 
Jul 25 02:27:01 example slapd[18371]: daemon: activity on:
Jul 25 02:27:02 example slapd[18371]:  20r
Jul 25 02:27:02 example slapd[18371]:  
Jul 25 02:27:02 example slapd[18371]: daemon: read active on 20 
Jul 25 02:27:02 example slapd[18371]: daemon: epoll: listen=8 active_threads=0 tvp=NULL 
Jul 25 02:27:02 example slapd[18371]: daemon: epoll: listen=9 active_threads=0 tvp=NULL 
Jul 25 02:27:02 example slapd[18371]: connection_get(20) 
Jul 25 02:27:02 example slapd[18371]: connection_get(20): got connid=26 
Jul 25 02:27:02 example slapd[18371]: connection_read(20): checking for input on id=26 
Jul 25 02:27:02 example slapd[18371]: ber_get_next on fd 20 failed errno=0 (Success) 
Jul 25 02:27:02 example slapd[18371]: connection_read(20): input error=-2 id=26, closing. 
Jul 25 02:27:02 example slapd[18371]: connection_closing: readying conn=26 sd=20 for close 
Jul 25 02:27:02 example slapd[18371]: connection_close: deferring conn=26 sd=20 
Jul 25 02:27:02 example slapd[18371]: conn=26 op=1 do_unbind 
Jul 25 02:27:02 example slapd[18371]: conn=26 op=1 UNBIND 
Jul 25 02:27:02 example slapd[18371]: connection_resched: attempting closing conn=26 sd=20 
Jul 25 02:27:02 example slapd[18371]: connection_close: conn=26 sd=20 
Jul 25 02:27:02 example slapd[18371]: daemon: removing 20 
Jul 25 02:27:02 example slapd[18371]: conn=26 fd=20 closed 
Jul 25 02:27:02 example slapd[18371]: daemon: activity on 1 descriptor 
Jul 25 02:27:02 example slapd[18371]: daemon: activity on:
Jul 25 02:27:02 example slapd[18371]:  
Jul 25 02:27:02 example slapd[18371]: daemon: epoll: listen=8 active_threads=0 tvp=NULL 
Jul 25 02:27:02 example slapd[18371]: daemon: epoll: listen=9 active_threads=0 tvp=NULL 

10

Re: RoundCube "could not save password"

I cannot find anything help in OpenLDAP log, sorry.
Is there any log in Roundcube log file? It logs to Postfix log file by default.

11

Re: RoundCube "could not save password"

ZhangHuangbin wrote:

I cannot find anything help in OpenLDAP log, sorry.
Is there any log in Roundcube log file? It logs to Postfix log file by default.

This is what I have in my RoundCube config file. I have also noticed that the
/var/log/syslog is over 432 Mib recoding a lot of mail activity. I have had to reduce the logLevel to 0.

// ----------------------------------
// LOGGING/DEBUGGING
// ----------------------------------

// system error reporting: 1 = log; 2 = report (not implemented yet), 4 = show, 8 = trace
$rcmail_config['debug_level'] = 1;

// log driver:  'syslog' or 'file'.
$rcmail_config['log_driver'] = 'syslog';

// date format for log entries
// (read http://php.net/manual/en/function.date.php for all format characters)  
$rcmail_config['log_date_format'] = 'd-M-Y H:i:s O';

// Syslog ident string to use, if using the 'syslog' log driver.
$rcmail_config['syslog_id'] = 'roundcube';

// Syslog facility to use, if using the 'syslog' log driver.
// For possible values see installer or http://php.net/manual/en/function.openlog.php
$rcmail_config['syslog_facility'] = LOG_USER;

// Log sent messages to <log_dir>/sendmail or to syslog
$rcmail_config['smtp_log'] = false;

// Log successful logins to <log_dir>/userlogins or to syslog
$rcmail_config['log_logins'] = true;

// Log SQL queries to <log_dir>/sql or to syslog
$rcmail_config['sql_debug'] = false;

// Log IMAP conversation to <log_dir>/imap or to syslog
$rcmail_config['imap_debug'] = false;

// Log LDAP conversation to <log_dir>/ldap or to syslog
$rcmail_config['ldap_debug'] = false;

// Log SMTP conversation to <log_dir>/smtp or to syslog
$rcmail_config['smtp_debug'] = false;

12

Re: RoundCube "could not save password"

web2works wrote:

I have also noticed that the /var/log/syslog is over 432 Mib recoding a lot of mail activity

Try below command to rotate it on RHEL/CentOS:

# logrotate -f /etc/logrotate.d/syslog

If it doesn't rotate /var/log/syslog, try to add '-d' flag for debug:

# logrotate -f -d /etc/logrotate.d/syslog

Replace /etc/logrotate.d/syslog with correct one if you're running other Linux/BSD distribution.