[horde] Not clearing cookies on logout after changing Password (horde 5.1.1 & passwd 5.0.0)?
Jan Schneider
jan at horde.org
Tue Aug 6 15:13:54 UTC 2013
Please create a ticket.
Zitat von Andy Dorman <adorman at ironicdesign.com>:
> On 08/06/2013 07:55 AM, Jan Schneider wrote:
>>
>> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>>
>>> I think I know what the problem is...however I do not know if the
>>> cause is something I have mis-configured or is an actual bug...I will
>>> happily file a bug report if this is not something silly I have missed.
>>>
>>> At the moment my /etc/horde/passwd/backends.local.php has
>>>
>>> $backends['ldap'] = array(
>>> 'disabled' => false,
>>> 'driver' => 'ldap',
>>> 'logout' => true,
>>> ...
>>>
>>> And I am not sure it matters, but horde config has
>>>
>>> $conf['auth']['redirect_on_logout'] = false;
>>> $conf['auth']['driver'] = 'ldap';
>>>
>>> When I change my password, the password is changed as it should be and
>>> I am redirected to
>>>
>>> /login.php?url=http%3A%2F%2Fbeta.mail.comehome.net%2Fpasswd%2F&horde_logout_token=GgBd9tNLi4biDUXg49qhuA2&logout_reason=5&logout_msg=Your%20password%20has%20been%20succesfully%20changed.%20You%20need%20to%20re-login%20to%20the%20system%20with%20your%20new%20password.
>>>
>>>
>>> Except when I get here, I get the error at the end of this email on my
>>> web page.
>>>
>>> I can easily FIX this by clearing out my cookies for this domain and
>>> reloading the URL...then I get the proper login form and the note at
>>> the top about logging in again after changing my password.
>>>
>>> So it appears to me that whatever should be clearing my browser
>>> cookies is not doing it...OR...is there a config setting I am missing?
>>>
>>> Thanks for any ideas you may have.
>>
>> Does it work if you log out manually?
>>
>
> Excellent question! Yes. Logging out manually works great with
> both FF and Chrome. It is only with the password change that I have
> to manually clear cookies before I can log back in.
>
> The failure changes if passwd/backends.local.php has 'logout' => false.
>
> With logout => false and Chrome at
> http://beta.mail.comehome.net/...After changing my password, the
> next URL I saw was http://beta.mail.comehome.net/passwd/ with this
> error:
>
>> A fatal error has occurred
>>
>> Mail server denied authentication.
>>
>> 1. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>> 2. Horde_Notification_Handler->notify()
>> /usr/share/horde/passwd/lib/Basic.php:83
>> 3. IMP_Notification_Handler_Decorator_NewmailNotify->notify()
>> /usr/share/php/Horde/Notification/Handler.php:317
>> 4. IMP_Imap->getNamespace()
>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>> 5. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>> 6. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>> 7. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>> 8. IMP_Imap_Exception->authException() /usr/share/horde/imp/lib/Imap.php:572
>> 9. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>> 10. Horde_Notification_Handler->notify()
>> /usr/share/horde/passwd/lib/Basic.php:83
>> 11. IMP_Notification_Handler_Decorator_NewmailNotify->notify()
>> /usr/share/php/Horde/Notification/Handler.php:317
>> 12. IMP_Imap->getNamespace()
>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>> 13. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>> 14. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>> 15. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>> 16. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>> 17. Horde_Notification_Handler->notify()
>> /usr/share/horde/passwd/lib/Basic.php:83
>> 18. IMP_Notification_Handler_Decorator_NewmailNotify->notify()
>> /usr/share/php/Horde/Notification/Handler.php:317
>> 19. IMP_Imap->getNamespace()
>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>> 20. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>> 21. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>> 22. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>> 23. call_user_func_array() /usr/share/horde/imp/lib/Imap.php:569
>> 24. Horde_Imap_Client_Base->getNamespaces()
>> 25. Horde_Imap_Client_Base->login()
>> /usr/share/php/Horde/Imap/Client/Base.php:679
>> 26. Horde_Imap_Client_Socket->_login()
>> /usr/share/php/Horde/Imap/Client/Base.php:767
>> Details
>>
>> The full error message is logged in Horde's log file, and is shown
>> below only to administrators. Non-administrative users will not see
>> error details.
>
> My error log had this
>
> 2013-08-06T08:20:22.737235-05:00 yorick HORDE: [imp] Mail server
> denied authentication. [pid 29720 on line 94 of
> "/usr/share/horde/imp/lib/Imap/Exception.php"]
> 2013-08-06T08:20:23.338162-05:00 yorick HORDE: Bind failed: Invalid
> credentials [pid 29720 on line 247 of "/usr/share/php/Horde/Ldap.php"]
>
> If I go to the root/login page I get the error below until I clear
> my cookies.
>
>> A fatal error has occurred
>>
>> Bind failed: Invalid credentials
>>
>> 1. Horde_Registry->isAuthenticated() /usr/share/horde/login.php:62
>> 2. Horde_Registry->checkExistingAuth()
>> /usr/share/php/Horde/Registry.php:2149
>> 3. Horde_Core_Factory_Auth->create() /usr/share/php/Horde/Registry.php:2512
>> 4. Horde_Core_Factory_Auth->_create()
>> /usr/share/php/Horde/Core/Factory/Auth.php:61
>> 5. Horde_Core_Factory_Ldap->create()
>> /usr/share/php/Horde/Core/Factory/Auth.php:165
>> 6. Horde_Ldap->bind() /usr/share/php/Horde/Core/Factory/Ldap.php:79
>> Details
>>
>> The full error message is logged in Horde's log file, and is shown
>> below only to administrators. Non-administrative users will not see
>> error details.
>>
>> Horde_Ldap_Exception Object
>> (
>> [details] =>
>> [logged] => 1
>> [_logLevel:protected] => 0
>> [message:protected] => Bind failed: Invalid credentials
>> [string:Exception:private] =>
>> [code:protected] => 49
>> [file:protected] => /usr/share/php/Horde/Ldap.php
>> [line:protected] => 247
>> [trace:Exception:private] => Array
>> (
>> [0] => Array
>> (
>> [file] => /usr/share/php/Horde/Core/Factory/Ldap.php
>> [line] => 79
>> [function] => bind
>> [class] => Horde_Ldap
>> [type] => ->
>> [args] => Array
>> (
>> [0] =>
>> uid=andydorman at comehome.net,ou=addresses,o=antespam.com
>> [1] => myoldpassword
>> )
>> )
>> [1] => Array
>> (
>> [file] => /usr/share/php/Horde/Core/Factory/Auth.php
>> [line] => 165
>> [function] => create
>> [class] => Horde_Core_Factory_Ldap
>> [type] => ->
>> [args] => Array
>> (
>> [0] => horde
>> [1] => auth
>> )
>> )
>> [2] => Array
>> (
>> [file] => /usr/share/php/Horde/Core/Factory/Auth.php
>> [line] => 61
>> [function] => _create
>> [class] => Horde_Core_Factory_Auth
>> [type] => ->
>> [args] => Array
>> (
>> [0] => ldap
>> )
>> )
>> [3] => Array
>> (
>> [file] => /usr/share/php/Horde/Registry.php
>> [line] => 2512
>> [function] => create
>> [class] => Horde_Core_Factory_Auth
>> [type] => ->
>> [args] => Array
>> (
>> )
>> )
>> [4] => Array
>> (
>> [file] => /usr/share/php/Horde/Registry.php
>> [line] => 2149
>> [function] => checkExistingAuth
>> [class] => Horde_Registry
>> [type] => ->
>> [args] => Array
>> (
>> [0] => horde
>> )
>> )
>> [5] => Array
>> (
>> [file] => /usr/share/horde/login.php
>> [line] => 62
>> [function] => isAuthenticated
>> [class] => Horde_Registry
>> [type] => ->
>> [args] => Array
>> (
>> )
>> )
>> )
>> [previous:Exception:private] =>
>> )
>
> I reset logout => true and it went back to the initial behavior. ie,
> it sends me to the URL below and responds with an error "Bind
> failed: Invalid credentials"
>
> http://beta.mail.comehome.net/login.php?url=http%3A%2F%2Fbeta.mail.comehome.net%2Fpasswd%2F&horde_logout_token=PKU5ZAHWdYso18ptYnfPmA1&logout_reason=5&logout_msg=Your%20password%20has%20been%20succesfully%20changed.%20You%20need%20to%20re-login%20to%20the%20system%20with%20your%20new%20password.
>
> Hmmmm, I could be wrong, but it looks like the bind failed in both
> cases (logout => true|false) because it tried to bind with my old
> password. Again, I do not know the code well enough yet to suggest
> if this is a potential cause or just a symptom of the problem.
>
> Please let me know if you want me to try any changes to our
> passwd/backends.local.php below. This is a beta test site, no no
> harm done by down time.
>
>> $backends['ldap'] = array(
>> 'disabled' => false,
>> 'driver' => 'ldap',
>> 'logout' => true,
>> 'name' => 'FanMailPlus',
>> 'params' => array(
>> 'host' => 'ldap.ironicdesign.com',
>> 'port' => 389,
>> 'basedn' => 'ou=addresses,o=antespam.com',
>> // LDAP object key attribute.
>> 'uid' => 'uid',
>> // The attribute storing the password.
>> 'attribute' => 'userPassword',
>> // These attributes will enable shadow password policies.
>> // 'shadowlastchange' => 'shadowLastChange',
>> // 'shadowmin' => 'shadowMin',
>> // This will be appended to the username when looking for the userdn.
>> 'realm' => '',
>> // Use this filter when searching for the user's DN.
>> 'filter' => '',
>> // Hash method to use when storing the password
>> 'encryption' => 'plain',
>> // Whether to enable TLS for this LDAP connection
>> // Note: make sure that the host matches cn in the server
>> certificate.
>> 'tls' => false,
>> // Determine the user's DN. %u will be replaced by the user's ID.
>> 'userdn' => 'uid=%u,ou=addresses,o=antespam.com'
>> ),
>> 'policy' => array(
>> 'minLength' => 8,
>> 'minNumeric' => 1,
>> 'maxLength' => 128
>> ),
>> 'preferred' => '',
>> );
>
> Thanks again.
>
> --
> Andy Dorman
> FanMail.com
> Ironic Design, Inc.
> AnteSpam.com, HomeFreeMail.com, ComeHome.net
>
> CONFIDENTIALITY NOTICE: This message is for the named person's use
> only. It may contain confidential, proprietary or legally privileged
> information. No confidentiality or privilege is waived or lost by
> any erroneous transmission. If you receive this message in error,
> please immediately destroy it and notify the sender. You must not,
> directly or indirectly, use, disclose, distribute, or copy any part
> of this message if you are not the intended recipient.
--
Jan Schneider
The Horde Project
http://www.horde.org/
More information about the horde
mailing list