1

Topic: strange ldap errors in maillog?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: centos 6.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: /var/log/maillog
====

I happened to be looking at /var/log/maillog, and see a number of these:

Jul  6 13:25:32 iredmail roundcube: <avoe4onr> PHP Error: ldap_list failed for dn=domainName=HIDDEN,o=domains,dc=HIDDEN,dc=com: Bad search filter (POST /mail/?_task=mail&_action=autocomplete?_task=&_action=)

I've only been running iredmail for a month or so, but I can look back into June around the start and see the same messages?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: strange ldap errors in maillog?

dswartz wrote:

Bad search filter

It's clear here.
Did you changed ldap filter in Roundcube config file (/var/www/roundcubemail/config/config.inc.php)?

3

Re: strange ldap errors in maillog?

I believe I only added some customization fields at the end of config.php like this:

# Tweaks for our site

$config['skin'] = 'classic';
$config['message_sort_col'] = 'date';
$config['list_cols'] = array('fromto', 'date', 'subject');
$config['mail_domain'] = 'HIDDEN';
$config['username_domain'] = 'HIDDEN';
$config['skip_deleted'] = true;
$config['logout_expunge'] = true;
$config['preview_pane'] = false;

Unfortunately, I didn't save the original copy of the file before modifying it.  Let me track it down and see...

4

Re: strange ldap errors in maillog?

Another possible reason is, some user typed invalid character in address field, and Roundcube uses it for ldap query filter. if so, it's safe to ignore.

Does Roundcube pop up possible addresses when you type some character in address field of compose window? If yes, your roundcube setting is fine.

5 (edited by dswartz 2015-07-07 23:18:29)

Re: strange ldap errors in maillog?

Okay, I did a basic install of iredmail on a brand-new centos 6.6 VM and stuck with ldap and example.com, and then did 'diff' on the config.inc.php.  I got this:

[root@iredmail config]# diff /tmp/config.inc.php .
4c4
< $config['db_dsnw'] = 'mysqli://roundcube:xx@127.0.0.1/roundcubemail';
---
> $config['db_dsnw'] = 'mysqli://roundcube:yy@127.0.0.1/roundcubemail';
45c45
< $config['des_key'] = '966JubHEhUAs6a66L5nLpN3v';
---
> $config['des_key'] = 'YZKfnjCd2JLhycVgYyGL4Fvu';
47c47
< //$config['username_domain'] = 'example.com';
---
> //$config['username_domain'] = 'HIDDEN';
79,80c79,80
<     'base_dn'       => 'domainName=%d,o=domains,dc=example,dc=com',
<     'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=example,dc=com',
---
>     'base_dn'       => 'domainName=%d,o=domains,dc=HIDDEN,dc=com',
>     'bind_dn'       => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=HIDDEN,dc=com',
130c130
<             'base_dn' => 'domainName=%d,o=domains,dc=example,dc=com',
---
>             'base_dn' => 'domainName=%d,o=domains,dc=HIDDEN,dc=com',
137a138,149

(ignoring the previously posted customizations).  The only things above are obvious things like hashes and domain name.

6

Re: strange ldap errors in maillog?

des_key and SQL passwords are different on each iRedMail server, it's generated randomly during iRedMail installation.

Could you please answer my question in last reply?

*) Does Roundcube pop up possible addresses when you type some character in address field of compose window? If yes, your roundcube setting is fine.

Another possible reason is, some user typed invalid character in address field, and Roundcube uses it for ldap query filter. if so, it's safe to ignore.

7 (edited by dswartz 2015-07-07 23:36:02)

Re: strange ldap errors in maillog?

Yes, I understand the differences were not relevant.  Anyway, I see what is going on.  I click on the icon to compose a message.  As I start typing characters like 'j' 'o' 'h' 'n' (to get 'john'), each keystroke is generating a message.  It's like it's doing a first match search or something?  No invalid characters, no.  So, yes, it is popping up possible addresses, but throwing errors at the same time.  This doesn't sound right to me...

On a different note, this looked weird to me:

$config['ldap_public']["global_ldap_abook"] = array(

the above is the only place I can find in the entire config.inc.php that uses double quotes, and I can't see any obvious reason to?

8

Re: strange ldap errors in maillog?

dswartz wrote:

It's like it's doing a first match search or something?

Yes. It will query LDAP server with first 2 or more characters.

9

Re: strange ldap errors in maillog?

Makes sense.  I did google a bit for similar errors and found references to parentheses not being quoted or some such (and comments about fixes in php 5.6).  I have no idea if that is relevant or not.  Nothing bad seems to be happening, but I worry when I see 'PHP Error' repeated multiple times in logfile smile

10

Re: strange ldap errors in maillog?

Maybe you can stop worrying if you clearly know why it happened. smile

11

Re: strange ldap errors in maillog?

Yeah, now I can, I think.  There is clearly a bug here, but it seems harmless, and seems unrelated to anything iredmail specific...

12

Re: strange ldap errors in maillog?

Confirmed, this is a bug of Roundcube 1.1.2, here's the commit log to fix this issue:
https://github.com/roundcube/roundcubem … c35a713c3b

And here's the patch to fix this issue:

--- a/program/lib/Roundcube/rcube_ldap.php    2015-07-08 17:02:53.630490604 +0200
+++ b/program/lib/Roundcube/rcube_ldap.php    2015-07-08 17:06:39.630501727 +0200
@@ -837,7 +837,7 @@
                 $me = $this;
                 $attributes = array();
                 array_walk($fields, function($field) use ($me, &$attributes) {
-                    if ($this->coltypes[$field] && ($attrs = (array)$this->coltypes[$field]['attributes'])) {
+                    if ($me->coltypes[$field] && ($attrs = (array)$me->coltypes[$field]['attributes'])) {
                         $attributes = array_merge($attributes, $attrs);
                     }
                 });

13

Re: strange ldap errors in maillog?

ZhangHuangbin wrote:

Confirmed, this is a bug of Roundcube 1.1.2

Isn't iRedMail 0.9.2 based on Roundcube-1.1.1?

14

Re: strange ldap errors in maillog?

I upgraded Roundcube to 1.1.2 for a customer, and he/she reported this issue, so i found the patch to fix it.
If Roundcube 1.1.1 has the same issue, you can try this patch.

15

Re: strange ldap errors in maillog?

ZhangHuangbin wrote:

I upgraded Roundcube to 1.1.2 for a customer, and he/she reported this issue, so i found the patch to fix it.
If Roundcube 1.1.1 has the same issue, you can try this patch.

The patch cannot be applied to 1.1.1 for the simple reason that the code which is changed by the patch does not exist in 1.1.1;-)

16

Re: strange ldap errors in maillog?

OK, then this patch is for Roundcube 1.1.2.

@dswartz: are you running Roundcube 1.1.1 or 1.1.2?

17

Re: strange ldap errors in maillog?

the error happen also when there are no mailing list

18

Re: strange ldap errors in maillog?

Came from here:
IRedMail - Roundcube (Global) Address Book Search - Error log

How is it to handle when there are no mailing lists in a fresh installation without these IRedAdmin Pro related Feature? Should an empty mailing list be created via 'ldapadd' ?