[horde] Not clearing cookies on logout after changing Password (horde 5.1.1 & passwd 5.0.0)?

Andy Dorman adorman at ironicdesign.com
Tue Aug 6 18:36:14 UTC 2013


On 08/06/2013 10:13 AM, Jan Schneider wrote:
> Please create a ticket.
>
> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>
>> On 08/06/2013 07:55 AM, Jan Schneider wrote:
>>>
>>> Zitat von Andy Dorman <adorman at ironicdesign.com>:
>>>
>>>> I think I know what the problem is...however I do not know if the
>>>> cause is something I have mis-configured or is an actual bug...I will
>>>> happily file a bug report if this is not something silly I have missed.
>>>>
>>>> At the moment my /etc/horde/passwd/backends.local.php has
>>>>
>>>> $backends['ldap'] = array(
>>>> 'disabled' => false,
>>>> 'driver' => 'ldap',
>>>> 'logout' => true,
>>>> ...
>>>>
>>>> And I am not sure it matters, but horde config has
>>>>
>>>> $conf['auth']['redirect_on_logout'] = false;
>>>> $conf['auth']['driver'] = 'ldap';
>>>>
>>>> When I change my password, the password is changed as it should be and
>>>> I am redirected to
>>>>
>>>> /login.php?url=http%3A%2F%2Fbeta.mail.comehome.net%2Fpasswd%2F&horde_logout_token=GgBd9tNLi4biDUXg49qhuA2&logout_reason=5&logout_msg=Your%20password%20has%20been%20succesfully%20changed.%20You%20need%20to%20re-login%20to%20the%20system%20with%20your%20new%20password.
>>>>
>>>>
>>>>
>>>> Except when I get here, I get the error at the end of this email on my
>>>> web page.
>>>>
>>>> I can easily FIX this by clearing out my cookies for this domain and
>>>> reloading the URL...then I get the proper login form and the note at
>>>> the top about logging in again after changing my password.
>>>>
>>>> So it appears to me that whatever should be clearing my browser
>>>> cookies is not doing it...OR...is there a config setting I am missing?
>>>>
>>>> Thanks for any ideas you may have.
>>>
>>> Does it work if you log out manually?
>>>
>>
>> Excellent question!  Yes.  Logging out manually works great with both
>> FF and Chrome.  It is only with the password change that I have to
>> manually clear cookies before I can log back in.
>>
>> The failure changes if passwd/backends.local.php has 'logout' => false.
>>
>> With logout => false and Chrome at
>> http://beta.mail.comehome.net/...After changing my password, the next
>> URL I saw was http://beta.mail.comehome.net/passwd/ with this error:
>>
>>> A fatal error has occurred
>>>
>>> Mail server denied authentication.
>>>
>>> 1. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>>> 2. Horde_Notification_Handler->notify()
>>> /usr/share/horde/passwd/lib/Basic.php:83
>>> 3. IMP_Notification_Handler_Decorator_NewmailNotify->notify()
>>> /usr/share/php/Horde/Notification/Handler.php:317
>>> 4. IMP_Imap->getNamespace()
>>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>>>
>>> 5. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>>> 6. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>>> 7. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>>> 8. IMP_Imap_Exception->authException()
>>> /usr/share/horde/imp/lib/Imap.php:572
>>> 9. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>>> 10. Horde_Notification_Handler->notify()
>>> /usr/share/horde/passwd/lib/Basic.php:83
>>> 11. IMP_Notification_Handler_Decorator_NewmailNotify->notify()
>>> /usr/share/php/Horde/Notification/Handler.php:317
>>> 12. IMP_Imap->getNamespace()
>>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>>>
>>> 13. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>>> 14. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>>> 15. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>>> 16. Passwd_Basic->status() /usr/share/horde/passwd/index.php:22
>>> 17. Horde_Notification_Handler->notify()
>>> /usr/share/horde/passwd/lib/Basic.php:83
>>> 18. IMP_Notification_Handler_Decorator_NewmailNotify->notify()
>>> /usr/share/php/Horde/Notification/Handler.php:317
>>> 19. IMP_Imap->getNamespace()
>>> /usr/share/horde/imp/lib/Notification/Handler/Decorator/NewmailNotify.php:58
>>>
>>> 20. IMP_Imap->getNamespaceList() /usr/share/horde/imp/lib/Imap.php:407
>>> 21. IMP_Imap->getNamespaces() /usr/share/horde/imp/lib/Imap.php:385
>>> 22. IMP_Imap->__call() /usr/share/horde/imp/lib/Imap.php:385
>>> 23. call_user_func_array() /usr/share/horde/imp/lib/Imap.php:569
>>> 24. Horde_Imap_Client_Base->getNamespaces()
>>> 25. Horde_Imap_Client_Base->login()
>>> /usr/share/php/Horde/Imap/Client/Base.php:679
>>> 26. Horde_Imap_Client_Socket->_login()
>>> /usr/share/php/Horde/Imap/Client/Base.php:767
>>> Details
>>>
>>> The full error message is logged in Horde's log file, and is shown
>>> below only to administrators. Non-administrative users will not see
>>> error details.
>>
>> My error log had this
>>
>> 2013-08-06T08:20:22.737235-05:00 yorick HORDE: [imp] Mail server
>> denied authentication. [pid 29720 on line 94 of
>> "/usr/share/horde/imp/lib/Imap/Exception.php"]
>> 2013-08-06T08:20:23.338162-05:00 yorick HORDE: Bind failed: Invalid
>> credentials [pid 29720 on line 247 of "/usr/share/php/Horde/Ldap.php"]
>>
>> If I go to the root/login page I get the error below until I clear my
>> cookies.
>>
>>> A fatal error has occurred
>>>
>>> Bind failed: Invalid credentials
>>>
>>> 1. Horde_Registry->isAuthenticated() /usr/share/horde/login.php:62
>>> 2. Horde_Registry->checkExistingAuth()
>>> /usr/share/php/Horde/Registry.php:2149
>>> 3. Horde_Core_Factory_Auth->create()
>>> /usr/share/php/Horde/Registry.php:2512
>>> 4. Horde_Core_Factory_Auth->_create()
>>> /usr/share/php/Horde/Core/Factory/Auth.php:61
>>> 5. Horde_Core_Factory_Ldap->create()
>>> /usr/share/php/Horde/Core/Factory/Auth.php:165
>>> 6. Horde_Ldap->bind() /usr/share/php/Horde/Core/Factory/Ldap.php:79
>>> Details
>>>
>>> The full error message is logged in Horde's log file, and is shown
>>> below only to administrators. Non-administrative users will not see
>>> error details.
>>>
>>> Horde_Ldap_Exception Object
>>> (
>>>    [details] =>
>>>    [logged] => 1
>>>    [_logLevel:protected] => 0
>>>    [message:protected] => Bind failed: Invalid credentials
>>>    [string:Exception:private] =>
>>>    [code:protected] => 49
>>>    [file:protected] => /usr/share/php/Horde/Ldap.php
>>>    [line:protected] => 247
>>>    [trace:Exception:private] => Array
>>>        (
>>>            [0] => Array
>>>                (
>>>                    [file] => /usr/share/php/Horde/Core/Factory/Ldap.php
>>>                    [line] => 79
>>>                    [function] => bind
>>>                    [class] => Horde_Ldap
>>>                    [type] => ->
>>>                    [args] => Array
>>>                        (
>>>                            [0] =>
>>> uid=andydorman at comehome.net,ou=addresses,o=antespam.com
>>>                            [1] => myoldpassword
>>>                        )
>>>                )
>>>            [1] => Array
>>>                (
>>>                    [file] => /usr/share/php/Horde/Core/Factory/Auth.php
>>>                    [line] => 165
>>>                    [function] => create
>>>                    [class] => Horde_Core_Factory_Ldap
>>>                    [type] => ->
>>>                    [args] => Array
>>>                        (
>>>                            [0] => horde
>>>                            [1] => auth
>>>                        )
>>>                )
>>>            [2] => Array
>>>                (
>>>                    [file] => /usr/share/php/Horde/Core/Factory/Auth.php
>>>                    [line] => 61
>>>                    [function] => _create
>>>                    [class] => Horde_Core_Factory_Auth
>>>                    [type] => ->
>>>                    [args] => Array
>>>                        (
>>>                            [0] => ldap
>>>                        )
>>>                )
>>>            [3] => Array
>>>                (
>>>                    [file] => /usr/share/php/Horde/Registry.php
>>>                    [line] => 2512
>>>                    [function] => create
>>>                    [class] => Horde_Core_Factory_Auth
>>>                    [type] => ->
>>>                    [args] => Array
>>>                        (
>>>                        )
>>>                )
>>>            [4] => Array
>>>                (
>>>                    [file] => /usr/share/php/Horde/Registry.php
>>>                    [line] => 2149
>>>                    [function] => checkExistingAuth
>>>                    [class] => Horde_Registry
>>>                    [type] => ->
>>>                    [args] => Array
>>>                        (
>>>                            [0] => horde
>>>                        )
>>>                )
>>>            [5] => Array
>>>                (
>>>                    [file] => /usr/share/horde/login.php
>>>                    [line] => 62
>>>                    [function] => isAuthenticated
>>>                    [class] => Horde_Registry
>>>                    [type] => ->
>>>                    [args] => Array
>>>                        (
>>>                        )
>>>                )
>>>        )
>>>    [previous:Exception:private] =>
>>> )
>>
>> I reset logout => true and it went back to the initial behavior. ie,
>> it sends me to the URL below and responds with an error "Bind failed:
>> Invalid credentials"
>>
>> http://beta.mail.comehome.net/login.php?url=http%3A%2F%2Fbeta.mail.comehome.net%2Fpasswd%2F&horde_logout_token=PKU5ZAHWdYso18ptYnfPmA1&logout_reason=5&logout_msg=Your%20password%20has%20been%20succesfully%20changed.%20You%20need%20to%20re-login%20to%20the%20system%20with%20your%20new%20password.
>>
>>
>> Hmmmm, I could be wrong, but it looks like the bind failed in both
>> cases (logout => true|false) because it tried to bind with my old
>> password. Again, I do not know the code well enough yet to suggest if
>> this is a potential cause or just a symptom of the problem.
>>
>> Please let me know if you want me to try any changes to our
>> passwd/backends.local.php below.  This is a beta test site, no no harm
>> done by down time.
>>
>>> $backends['ldap'] = array(
>>>    'disabled' => false,
>>>    'driver' => 'ldap',
>>>    'logout' => true,
>>>    'name' => 'FanMailPlus',
>>>    'params' => array(
>>>        'host' => 'ldap.ironicdesign.com',
>>>        'port' => 389,
>>>        'basedn' => 'ou=addresses,o=antespam.com',
>>>        // LDAP object key attribute.
>>>        'uid' => 'uid',
>>>        // The attribute storing the password.
>>>        'attribute' => 'userPassword',
>>>        // These attributes will enable shadow password policies.
>>>        // 'shadowlastchange' => 'shadowLastChange',
>>>        // 'shadowmin' => 'shadowMin',
>>>        // This will be appended to the username when looking for the
>>> userdn.
>>>        'realm' => '',
>>>        // Use this filter when searching for the user's DN.
>>>        'filter' => '',
>>>        // Hash method to use when storing the password
>>>        'encryption' => 'plain',
>>>        // Whether to enable TLS for this LDAP connection
>>>        // Note: make sure that the host matches cn in the server
>>> certificate.
>>>        'tls' => false,
>>>        // Determine the user's DN. %u will be replaced by the user's ID.
>>>        'userdn' => 'uid=%u,ou=addresses,o=antespam.com'
>>>    ),
>>>    'policy' => array(
>>>        'minLength' => 8,
>>>        'minNumeric' => 1,
>>>        'maxLength' => 128
>>>    ),
>>>    'preferred' => '',
>>> );
>>
>> Thanks again.
>>
>> --
>> Andy Dorman
>> FanMail.com
>> Ironic Design, Inc.
>> AnteSpam.com, HomeFreeMail.com, ComeHome.net
>>
>> CONFIDENTIALITY NOTICE: This message is for the named person's use
>> only. It may contain confidential, proprietary or legally privileged
>> information. No confidentiality or privilege is waived or lost by any
>> erroneous transmission. If you receive this message in error, please
>> immediately destroy it and notify the sender. You must not, directly
>> or indirectly, use, disclose, distribute, or copy any part of this
>> message if you are not the intended recipient.
>
>
> --
> Jan Schneider
> The Horde Project
> http://www.horde.org/
>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

Ticket #12538 has been created.

-- 
Andy Dorman
FanMail.com
Ironic Design, Inc.
AnteSpam.com, HomeFreeMail.com, ComeHome.net

CONFIDENTIALITY NOTICE: This message is for the named person's use only. 
It may contain confidential, proprietary or legally privileged 
information. No confidentiality or privilege is waived or lost by any 
erroneous transmission. If you receive this message in error, please 
immediately destroy it and notify the sender. You must not, directly or 
indirectly, use, disclose, distribute, or copy any part of this message 
if you are not the intended recipient.



More information about the horde mailing list