1 (edited by orphans 2015-01-22 23:45:46)

Topic: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

==== Required information ====
- iRedMail version: 2.2.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Centos 6.6
- Related log if you're reporting an issue: n/a
====

Hi,

After the latest update, normal admins are no longer able to log in to manage their domains. After clicking login the user is provided with the following error:

{'matched': 'o=domains,dc=orphansmedia,dc=co,dc=uk', 'desc': 'No such object'}

LDIF of the admin:

dn: mail=james@a****y.co.uk,o=domainAdmins,dc=orphansmedia,dc=co,dc=uk
accountStatus: active
cn: James - Admin
domainGlobalAdmin: no
givenName: james
mail: james@a****y.co.uk
objectClass: mailAdmin
preferredLanguage: en_US
sn: james
userPassword: {SSHA}***********************************

Perhaps something with the new user login system is trying to log them in as a user instead of an admin?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

May i know when did you download iRedAdmin-Pro-LDAP-2.2.1? We committed patch to fix this issue.

You can mark a normal mail user as domain admin (or global admin), or create separate account (under o=domainAdmins, not mail user) as domain admin.
Separate account is used in old iRedAdmin-Pro-LDAP releases, the latest iRedAdmin-Pro-LDAP supports both, but will try to authenticate as normal mail user first.

Do you have a mail user has the same email address (james@a****y.co.uk)? You can delete separate admin account, then mark the mail user as domain admin.

3

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

Hi Zhang,

I downloaded and installed the update on Jan 13th.

We don't have the domain a****y.co.uk under our domains list, so don't have a mail user james@a****y.co.uk to mark as domain admin.

I have also tried creating a new admin user using https://mail.example.com/iredadmin/create/admin and this user also has the same problem.

4

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

Dear @orphans,

I will send you a patched version which fixes this issue immediately, you can follow our short tutorial to upgrade iRedAdmin-Pro:
http://www.iredmail.org/docs/migrate.or … admin.html

Let me know whether or not it works for you.

== UPDATE ==

Email sent to ed@[your_domain].

5

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

ZhangHuangbin wrote:

Dear @orphans,

I will send you a patched version which fixes this issue immediately, you can follow our short tutorial to upgrade iRedAdmin-Pro:
http://www.iredmail.org/docs/migrate.or … admin.html

Let me know whether or not it works for you.

== UPDATE ==

Email sent to ed@[your_domain].

Perfect, thanks.

6 (edited by orphans 2015-01-21 23:33:24)

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

Sorry Zhang, I installed the update and restarted apache, but I still get the same error. ;(

EDIT: Any further info I can provide you to help debug?

7 (edited by orphans 2015-01-21 23:59:06)

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

Oh, found the problem.

The upgrade_iredadmin.sh script is for some reason copying all the files into /var/www/ instead of /var/www/iRedAdmin-Pro-LDAP-2.2.1/

So my files had never been updated...

EDIT: Replaced the files manually instead of using the upgrade script... but still get the same error.

8

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

So sorry about this trouble.

orphans wrote:

EDIT: Replaced the files manually instead of using the upgrade script...

Did you restart Apache again? If it doesn't work, is it possible to let me login to your server for further debug? Mail me directly please: zhb _at_ iredmail dot org.

9

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

Dear @orphans,

here's patch for iRedAdmin-Pro-LDAP-2.2.1 to fix this issue:

diff -r 0eed346da31f libs/iredpwd.py
--- a/libs/iredpwd.py    Thu Jan 22 00:50:51 2015 +0800
+++ b/libs/iredpwd.py    Thu Jan 22 21:47:16 2015 +0800
@@ -144,6 +144,8 @@
     """Verify salted MD5 password"""
     if challenge_password.startswith('{MD5}') or challenge_password.startswith('{md5}'):
         challenge_password = challenge_password[5:]
+    elif challenge_password.startswith('{CRYPT}') or challenge_password.startswith('{crypt}'):
+        challenge_password = challenge_password[7:]
 
     if not (challenge_password.startswith('$')
             and len(challenge_password) == 34

Don't forget to restart Apache or uwsgi (if you're running Nginx) service after patched.

10

Re: [SOLVED] Some admins no longer able to login after 2.2.1 upgrade

Thanks!