[horde] Not clearing cookies on logout after changing Password (horde 5.1.1 & passwd 5.0.0)?

Jan Schneider jan at horde.org
Tue Aug 6 15:13:54 UTC 2013


Please create a ticket.

Zitat von Andy Dorman <adorman at ironicdesign.com>:

> On 08/06/2013 07:55 AM, Jan Schneider wrote:
>>
>> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>>
>>> I think I know what the problem is...however I do not know if the
>>> cause is something I have mis-configured or is an actual bug...I will
>>> happily file a bug report if this is not something silly I have missed.
>>>
>>> At the moment my /etc/horde/passwd/backends.local.php has
>>>
>>> $backends['ldap'] = array(
>>> 'disabled' => false,
>>> 'driver' => 'ldap',
>>> 'logout' => true,
>>> ...
>>>
>>> And I am not sure it matters, but horde config has
>>>
>>> $conf['auth']['redirect_on_logout'] = false;
>>> $conf['auth']['driver'] = 'ldap';
>>>
>>> When I change my password, the password is changed as it should be and
>>> I am redirected to
>>>
>>> /login.php?url=http%3A%2F%2Fbeta.mail.comehome.net%2Fpasswd%2F&horde_logout_token=GgBd9tNLi4biDUXg49qhuA2&logout_reason=5&logout_msg=Your%20password%20has%20been%20succesfully%20changed.%20You%20need%20to%20re-login%20to%20the%20system%20with%20your%20new%20password.
>>>
>>>
>>> Except when I get here, I get the error at the end of this email on my
>>> web page.
>>>
>>> I can easily FIX this by clearing out my cookies for this domain and
>>> reloading the URL...then I get the proper login form and the note at
>>> the top about logging in again after changing my password.
>>>
>>> So it appears to me that whatever should be clearing my browser
>>> cookies is not doing it...OR...is there a config setting I am missing?
>>>
>>> Thanks for any ideas you may have.
>>
>> Does it work if you log out manually?
>>
>
> Excellent question!  Yes.  Logging out manually works great with  
> both FF and Chrome.  It is only with the password change that I have  
> to manually clear cookies before I can log back in.
>
> The failure changes if passwd/backends.local.php has 'logout' => false.
>
> With logout => false and Chrome at  
> http://beta.mail.comehome.net/...After changing my password, the  
> next URL I saw was http://beta.mail.comehome.net/passwd/ with this  
> error:
>
>> A fatal error has occurred
>>
>> Mail server denied authentication.
>>
>> 1. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>> 2. Horde_Notification_Handler->notify()  
>> /usr/share/horde/passwd/lib/Basic.php:83
>> 3. IMP_Notification_Handler_Decorator_NewmailNotify->notify()  
>> /usr/share/php/Horde/Notification/Handler.php:317
>> 4. IMP_Imap->getNamespace()  
>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>> 5. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>> 6. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>> 7. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>> 8. IMP_Imap_Exception->authException() /usr/share/horde/imp/lib/Imap.php:572
>> 9. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>> 10. Horde_Notification_Handler->notify()  
>> /usr/share/horde/passwd/lib/Basic.php:83
>> 11. IMP_Notification_Handler_Decorator_NewmailNotify->notify()  
>> /usr/share/php/Horde/Notification/Handler.php:317
>> 12. IMP_Imap->getNamespace()  
>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>> 13. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>> 14. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>> 15. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>> 16. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>> 17. Horde_Notification_Handler->notify()  
>> /usr/share/horde/passwd/lib/Basic.php:83
>> 18. IMP_Notification_Handler_Decorator_NewmailNotify->notify()  
>> /usr/share/php/Horde/Notification/Handler.php:317
>> 19. IMP_Imap->getNamespace()  
>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>> 20. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>> 21. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>> 22. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>> 23. call_user_func_array() /usr/share/horde/imp/lib/Imap.php:569
>> 24. Horde_Imap_Client_Base->getNamespaces()
>> 25. Horde_Imap_Client_Base->login()  
>> /usr/share/php/Horde/Imap/Client/Base.php:679
>> 26. Horde_Imap_Client_Socket->_login()  
>> /usr/share/php/Horde/Imap/Client/Base.php:767
>> Details
>>
>> The full error message is logged in Horde's log file, and is shown  
>> below only to administrators. Non-administrative users will not see  
>> error details.
>
> My error log had this
>
> 2013-08-06T08:20:22.737235-05:00 yorick HORDE: [imp] Mail server  
> denied authentication. [pid 29720 on line 94 of  
> "/usr/share/horde/imp/lib/Imap/Exception.php"]
> 2013-08-06T08:20:23.338162-05:00 yorick HORDE: Bind failed: Invalid  
> credentials [pid 29720 on line 247 of "/usr/share/php/Horde/Ldap.php"]
>
> If I go to the root/login page I get the error below until I clear  
> my cookies.
>
>> A fatal error has occurred
>>
>> Bind failed: Invalid credentials
>>
>> 1. Horde_Registry->isAuthenticated() /usr/share/horde/login.php:62
>> 2. Horde_Registry->checkExistingAuth()  
>> /usr/share/php/Horde/Registry.php:2149
>> 3. Horde_Core_Factory_Auth->create() /usr/share/php/Horde/Registry.php:2512
>> 4. Horde_Core_Factory_Auth->_create()  
>> /usr/share/php/Horde/Core/Factory/Auth.php:61
>> 5. Horde_Core_Factory_Ldap->create()  
>> /usr/share/php/Horde/Core/Factory/Auth.php:165
>> 6. Horde_Ldap->bind() /usr/share/php/Horde/Core/Factory/Ldap.php:79
>> Details
>>
>> The full error message is logged in Horde's log file, and is shown  
>> below only to administrators. Non-administrative users will not see  
>> error details.
>>
>> Horde_Ldap_Exception Object
>> (
>>    [details] =>
>>    [logged] => 1
>>    [_logLevel:protected] => 0
>>    [message:protected] => Bind failed: Invalid credentials
>>    [string:Exception:private] =>
>>    [code:protected] => 49
>>    [file:protected] => /usr/share/php/Horde/Ldap.php
>>    [line:protected] => 247
>>    [trace:Exception:private] => Array
>>        (
>>            [0] => Array
>>                (
>>                    [file] => /usr/share/php/Horde/Core/Factory/Ldap.php
>>                    [line] => 79
>>                    [function] => bind
>>                    [class] => Horde_Ldap
>>                    [type] => ->
>>                    [args] => Array
>>                        (
>>                            [0] =>  
>> uid=andydorman at comehome.net,ou=addresses,o=antespam.com
>>                            [1] => myoldpassword
>>                        )
>>                )
>>            [1] => Array
>>                (
>>                    [file] => /usr/share/php/Horde/Core/Factory/Auth.php
>>                    [line] => 165
>>                    [function] => create
>>                    [class] => Horde_Core_Factory_Ldap
>>                    [type] => ->
>>                    [args] => Array
>>                        (
>>                            [0] => horde
>>                            [1] => auth
>>                        )
>>                )
>>            [2] => Array
>>                (
>>                    [file] => /usr/share/php/Horde/Core/Factory/Auth.php
>>                    [line] => 61
>>                    [function] => _create
>>                    [class] => Horde_Core_Factory_Auth
>>                    [type] => ->
>>                    [args] => Array
>>                        (
>>                            [0] => ldap
>>                        )
>>                )
>>            [3] => Array
>>                (
>>                    [file] => /usr/share/php/Horde/Registry.php
>>                    [line] => 2512
>>                    [function] => create
>>                    [class] => Horde_Core_Factory_Auth
>>                    [type] => ->
>>                    [args] => Array
>>                        (
>>                        )
>>                )
>>            [4] => Array
>>                (
>>                    [file] => /usr/share/php/Horde/Registry.php
>>                    [line] => 2149
>>                    [function] => checkExistingAuth
>>                    [class] => Horde_Registry
>>                    [type] => ->
>>                    [args] => Array
>>                        (
>>                            [0] => horde
>>                        )
>>                )
>>            [5] => Array
>>                (
>>                    [file] => /usr/share/horde/login.php
>>                    [line] => 62
>>                    [function] => isAuthenticated
>>                    [class] => Horde_Registry
>>                    [type] => ->
>>                    [args] => Array
>>                        (
>>                        )
>>                )
>>        )
>>    [previous:Exception:private] =>
>> )
>
> I reset logout => true and it went back to the initial behavior. ie,  
> it sends me to the URL below and responds with an error "Bind  
> failed: Invalid credentials"
>
> http://beta.mail.comehome.net/login.php?url=http%3A%2F%2Fbeta.mail.comehome.net%2Fpasswd%2F&horde_logout_token=PKU5ZAHWdYso18ptYnfPmA1&logout_reason=5&logout_msg=Your%20password%20has%20been%20succesfully%20changed.%20You%20need%20to%20re-login%20to%20the%20system%20with%20your%20new%20password.
>
> Hmmmm, I could be wrong, but it looks like the bind failed in both  
> cases (logout => true|false) because it tried to bind with my old  
> password. Again, I do not know the code well enough yet to suggest  
> if this is a potential cause or just a symptom of the problem.
>
> Please let me know if you want me to try any changes to our  
> passwd/backends.local.php below.  This is a beta test site, no no  
> harm done by down time.
>
>> $backends['ldap'] = array(
>>    'disabled' => false,
>>    'driver' => 'ldap',
>>    'logout' => true,
>>    'name' => 'FanMailPlus',
>>    'params' => array(
>>        'host' => 'ldap.ironicdesign.com',
>>        'port' => 389,
>>        'basedn' => 'ou=addresses,o=antespam.com',
>>        // LDAP object key attribute.
>>        'uid' => 'uid',
>>        // The attribute storing the password.
>>        'attribute' => 'userPassword',
>>        // These attributes will enable shadow password policies.
>>        // 'shadowlastchange' => 'shadowLastChange',
>>        // 'shadowmin' => 'shadowMin',
>>        // This will be appended to the username when looking for the userdn.
>>        'realm' => '',
>>        // Use this filter when searching for the user's DN.
>>        'filter' => '',
>>        // Hash method to use when storing the password
>>        'encryption' => 'plain',
>>        // Whether to enable TLS for this LDAP connection
>>        // Note: make sure that the host matches cn in the server  
>> certificate.
>>        'tls' => false,
>>        // Determine the user's DN. %u will be replaced by the user's ID.
>>        'userdn' => 'uid=%u,ou=addresses,o=antespam.com'
>>    ),
>>    'policy' => array(
>>        'minLength' => 8,
>>        'minNumeric' => 1,
>>        'maxLength' => 128
>>    ),
>>    'preferred' => '',
>> );
>
> Thanks again.
>
> -- 
> Andy Dorman
> FanMail.com
> Ironic Design, Inc.
> AnteSpam.com, HomeFreeMail.com, ComeHome.net
>
> CONFIDENTIALITY NOTICE: This message is for the named person's use  
> only. It may contain confidential, proprietary or legally privileged  
> information. No confidentiality or privilege is waived or lost by  
> any erroneous transmission. If you receive this message in error,  
> please immediately destroy it and notify the sender. You must not,  
> directly or indirectly, use, disclose, distribute, or copy any part  
> of this message if you are not the intended recipient.


-- 
Jan Schneider
The Horde Project
http://www.horde.org/



More information about the horde mailing list