1

Topic: Users can't log in for self-service

============ Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.6
- Linux/BSD distribution name and version: Debian Jessie
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue: /var/log/apache2/error.log
====

Hello,

my users can't log into iRedAdmin for self-service anymore - an error occurs saying LOGIN REQUIRED. Self-Service is enabled for the domains. I believe there is a problem since an upgrade to iRedMail 0.9.6 and the very latest version of iRedAdmin-Pro (see http://www.iredmail.org/forum/topic1227 … ttype.html).
Apaches log shows:

[wsgi:error] [pid xxxxx] PERMISSION_DENIED (2) raised in @require_domain_access, module: libs.ldaplib.domain.py, function: get_domain_account_setting(). Data: admin=normal-user@my.domain.de, domain=my.domain.de]

Nobody except postmaster can log in.

Please help ...

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Users can't log in for self-service

I tried installing over the initial version of iRedAdmin-Pro 2.7.0, but this didn't work, too.

3

Re: Users can't log in for self-service

BUG of the latest iRedAdmin-Pro-LDAP-2.7.0. Here's patch to fix it:

diff -r b74802e23fb2 libs/ldaplib/domain.py
--- a/libs/ldaplib/domain.py    Mon Feb 06 22:04:57 2017 +0800
+++ b/libs/ldaplib/domain.py    Sat Feb 11 22:00:45 2017 +0800
@@ -136,7 +136,6 @@
     except Exception, e:
         return (False, repr(e))
 
-@decorators.require_domain_access
 def get_profile(domain, attributes=None, conn=None):
     """Get domain profile."""
     domain = str(domain).lower()
@@ -341,7 +340,6 @@
         return (False, ldaputils.get_full_exception(result))
 
 
-@decorators.require_domain_access
 def get_domain_account_setting(domain,
                                domain_profile=None,
                                conn=None):

4

Re: Users can't log in for self-service

ZhangHuangbin wrote:

BUG of the latest iRedAdmin-Pro-LDAP-2.7.0. Here's patch to fix it:

--- a/libs/ldaplib/domain.py    Mon Feb 06 22:04:57 2017 +0800
+++ b/libs/ldaplib/domain.py    Sat Feb 11 22:00:45 2017 +0800
@@ -136,7 +136,6 @@
     except Exception, e:
         return (False, repr(e))
 
-@decorators.require_domain_access
 def get_profile(domain, attributes=None, conn=None):
     """Get domain profile."""
     domain = str(domain).lower()
@@ -341,7 +340,6 @@
         return (False, ldaputils.get_full_exception(result))
 
 
-@decorators.require_domain_access
 def get_domain_account_setting(domain,
                                domain_profile=None,
                                conn=None):

Saving this into a file named self-service.diff and applying it with ...

patch -b -p0 libs/ldaplib/domain.py < self-service.diff

... helped. Thanks a lot, again !