1 (edited by dabox 2015-01-07 04:05:16)

Topic: Internal server error IredAdmin

==== Required information ====
- iRedMail version:  2.2.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: DEBIAN 7
- Related log if you're reporting an issue: iredadmin.log
====
Hi !
Happy new year to everyone !
I tried to move my iredmail server to a new one, but after transferring my ldif ( and changing vmail and vmailadmin password with Apache Directory studio)
I can't log anymore to iredadmin but i can login to SOGo
Thanks for the help

here's my log :
iredadmin.log

return handle_class(cls)
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 396, in handle_class
    return tocall(*args)
  File "/usr/share/apache2/iRedAdmin-Pro-LDAP-2.2.0/controllers/ldap/basic.py", line 72, in POST
    qr_user_auth = auth.Auth(dn=dn_user, password=password)
  File "/usr/share/apache2/iRedAdmin-Pro-LDAP-2.2.0/libs/ldaplib/auth.py", line 71, in Auth
    if qr[0]:
TypeError: 'NoneType' object has no attribute '__getitem__'

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Internal server error IredAdmin

Sorry about this trouble. Do you hash password in MD5 or other hash type?

3

Re: Internal server error IredAdmin

ZhangHuangbin wrote:

Sorry about this trouble. Do you hash password in MD5 or other hash type?

Hi it was in SSHA when i changed the password for mail and vmailadmin so i let this
I just tried with MD5 it's the same even in the log

4

Re: Internal server error IredAdmin

Why did you change password for bind dn vmail and vmailadmin? Their passwords were randomly generated during iRedMail installation, no one knows the passwords.

It's ok if you really want to change it, but did you update iRedAdmin-Pro config file to use new password for vmailadmin? The password set in iRedAdmin-Pro config file must be plain password, not hashed one.

And don't forget to restart apache service or uwsgi service (if you're running Nginx) to reload modified iRedAdmin-Pro config file.

5 (edited by dabox 2015-01-06 23:08:41)

Re: Internal server error IredAdmin

ZhangHuangbin wrote:

Why did you change password for bind dn vmail and vmailadmin? Their passwords were randomly generated during iRedMail installation, no one knows the passwords.

It's ok if you really want to change it, but did you update iRedAdmin-Pro config file to use new password for vmailadmin? The password set in iRedAdmin-Pro config file must be plain password, not hashed one.

And don't forget to restart apache service or uwsgi service (if you're running Nginx) to reload modified iRedAdmin-Pro config file.

I was trying to migrate my ldif (from my actual iredmail server) to a new server for testing purpose .

that's what i do everytime i try a new config before use it in production mode . do i need to do something more ?
I just tried in plain it's actually the same in my log :
Iredadmin.log

Tue Jan  6 16:03:07 2015 - WSGI app 0 (mountpoint='XX.XX.XX.XX.|/iredadmin') ready in 0 seconds on interpreter 0xc38500 pid: 7042
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 239, in process
    return self.handle()
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 230, in handle
    return self._delegate(fn, self.fvars, args)
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 420, in _delegate
    return handle_class(cls)
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 396, in handle_class
    return tocall(*args)
  File "/usr/share/apache2/iRedAdmin-Pro-LDAP-2.2.0/controllers/ldap/basic.py", line 72, in POST
    qr_user_auth = auth.Auth(dn=dn_user, password=password)
  File "/usr/share/apache2/iRedAdmin-Pro-LDAP-2.2.0/libs/ldaplib/auth.py", line 71, in Auth
    if qr[0]:
TypeError: 'NoneType' object has no attribute '__getitem__'

6

Re: Internal server error IredAdmin

Is it possible to let me login to your server to debug this issue? i cannot reproduce this issue on my local testing machine.

7

Re: Internal server error IredAdmin

OK, i can reproduce this issue now. if login with a wrong password, it will raise "internal server error". Will come back to you with a patch to fix this issue.

8

Re: Internal server error IredAdmin

It's a bug in iRedAdmin-Pro and here's patch for iRedAdmin-Pro-LDAP-2.2.0:

diff -r 20ce7a17ff49 -r 29c6cf2d75bb controllers/ldap/basic.py
--- a/controllers/ldap/basic.py    Wed Jan 07 09:08:52 2015 +0800
+++ b/controllers/ldap/basic.py    Wed Jan 07 09:41:21 2015 +0800
@@ -59,23 +59,19 @@
             else:
                 raise web.seeother('/login?msg=%s' % web.urlquote(qr_vmailadmin[1]))
 
-        # Convert username to admin dn (under o=domainAdmins).
-        dn_login = ldaputils.convert_keyword_to_dn(username, account_type='admin')
+        # Check whether it's a mail user
+        dn_user = ldaputils.convert_keyword_to_dn(username, account_type='user')
+        qr_user_auth = auth.Auth(dn=dn_user, password=password)
 
-        # Return True if auth success, otherwise return error msg.
-        qr_admin_auth = auth.Auth(dn=dn_login, password=password)
+        if not qr_user_auth[0]:
+            # Verify admin account under 'o=domainAdmins'.
+            dn_admin = ldaputils.convert_keyword_to_dn(username, account_type='admin')
+            qr_admin_auth = auth.Auth(dn=dn_admin, password=password)
 
-        # Check whether it's a mail user
-        qr_user_auth = (False, )
-        if not qr_admin_auth[0]:
-            dn_user = ldaputils.convert_keyword_to_dn(username, account_type='user')
-            qr_user_auth = auth.Auth(dn=dn_user, password=password)
-
-        # Auth failed
-        if not qr_admin_auth[0] and not qr_user_auth[0]:
-            session['failed_times'] += 1
-            web.logger(msg="Login failed.", admin=username, event='login', loglevel='error')
-            raise web.seeother('/login?msg=%s' % web.urlquote(qr_admin_auth[1]))
+            if not qr_admin_auth[0]:
+                session['failed_times'] += 1
+                web.logger(msg="Login failed.", admin=username, event='login', loglevel='error')
+                raise web.seeother('/login?msg=INVALID_CREDENTIALS')
 
         session['username'] = username
         session['logged'] = True
diff -r 20ce7a17ff49 -r 29c6cf2d75bb libs/ldaplib/auth.py
--- a/libs/ldaplib/auth.py    Wed Jan 07 09:08:52 2015 +0800
+++ b/libs/ldaplib/auth.py    Wed Jan 07 09:41:21 2015 +0800
@@ -55,6 +55,8 @@
             else:
                 # Return connection
                 return (True, conn)
+        else:
+            return (False, 'INVALID_CREDENTIALS')
     except Exception, e:
         return (False, ldaputils.get_full_exception(e))

If you're not familiar with patch, i can send you a modified copy.

9

Re: Internal server error IredAdmin

It's the same even after applying the patch on those two files

ZhangHuangbin wrote:

It's a bug in iRedAdmin-Pro and here's patch for iRedAdmin-Pro-LDAP-2.2.0:

diff -r 20ce7a17ff49 -r 29c6cf2d75bb controllers/ldap/basic.py
--- a/controllers/ldap/basic.py    Wed Jan 07 09:08:52 2015 +0800
+++ b/controllers/ldap/basic.py    Wed Jan 07 09:41:21 2015 +0800
@@ -59,23 +59,19 @@
             else:
                 raise web.seeother('/login?msg=%s' % web.urlquote(qr_vmailadmin[1]))
 
-        # Convert username to admin dn (under o=domainAdmins).
-        dn_login = ldaputils.convert_keyword_to_dn(username, account_type='admin')
+        # Check whether it's a mail user
+        dn_user = ldaputils.convert_keyword_to_dn(username, account_type='user')
+        qr_user_auth = auth.Auth(dn=dn_user, password=password)
 
-        # Return True if auth success, otherwise return error msg.
-        qr_admin_auth = auth.Auth(dn=dn_login, password=password)
+        if not qr_user_auth[0]:
+            # Verify admin account under 'o=domainAdmins'.
+            dn_admin = ldaputils.convert_keyword_to_dn(username, account_type='admin')
+            qr_admin_auth = auth.Auth(dn=dn_admin, password=password)
 
-        # Check whether it's a mail user
-        qr_user_auth = (False, )
-        if not qr_admin_auth[0]:
-            dn_user = ldaputils.convert_keyword_to_dn(username, account_type='user')
-            qr_user_auth = auth.Auth(dn=dn_user, password=password)
-
-        # Auth failed
-        if not qr_admin_auth[0] and not qr_user_auth[0]:
-            session['failed_times'] += 1
-            web.logger(msg="Login failed.", admin=username, event='login', loglevel='error')
-            raise web.seeother('/login?msg=%s' % web.urlquote(qr_admin_auth[1]))
+            if not qr_admin_auth[0]:
+                session['failed_times'] += 1
+                web.logger(msg="Login failed.", admin=username, event='login', loglevel='error')
+                raise web.seeother('/login?msg=INVALID_CREDENTIALS')
 
         session['username'] = username
         session['logged'] = True
diff -r 20ce7a17ff49 -r 29c6cf2d75bb libs/ldaplib/auth.py
--- a/libs/ldaplib/auth.py    Wed Jan 07 09:08:52 2015 +0800
+++ b/libs/ldaplib/auth.py    Wed Jan 07 09:41:21 2015 +0800
@@ -55,6 +55,8 @@
             else:
                 # Return connection
                 return (True, conn)
+        else:
+            return (False, 'INVALID_CREDENTIALS')
     except Exception, e:
         return (False, ldaputils.get_full_exception(e))

If you're not familiar with patch, i can send you a modified copy.

10

Re: Internal server error IredAdmin

Did you restart Apache or uwsgi (if you're running Nginx) service after applied the patch?

11

Re: Internal server error IredAdmin

Yes , even the server itself

ZhangHuangbin wrote:

Did you restart Apache or uwsgi (if you're running Nginx) service after applied the patch?

12 (edited by dabox 2015-01-07 17:25:38)

Re: Internal server error IredAdmin

Here's the iredmail.log now

File "/usr/lib/python2.7/dist-packages/web/application.py", line 239, in process
    return self.handle()
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 230, in handle
    return self._delegate(fn, self.fvars, args)
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 420, in _delegate
    return handle_class(cls)
  File "/usr/lib/python2.7/dist-packages/web/application.py", line 396, in handle_class
    return tocall(*args)
  File "/usr/share/apache2/iRedAdmin-Pro-LDAP-2.2.0/controllers/ldap/basic.py", line 84, in POST
    if qr_admin_auth[0]:
UnboundLocalError: local variable 'qr_admin_auth' referenced before assignment

13

Re: Internal server error IredAdmin

My mistake. Try below patch please:

diff -r 3926f71d1a14 controllers/ldap/basic.py
--- a/controllers/ldap/basic.py    Wed Jan 07 10:31:59 2015 +0800
+++ b/controllers/ldap/basic.py    Wed Jan 07 17:46:41 2015 +0800
@@ -63,6 +63,7 @@
         dn_user = ldaputils.convert_keyword_to_dn(username, account_type='user')
         qr_user_auth = auth.Auth(dn=dn_user, password=password)
 
+        qr_admin_auth = (False, 'INVALID_CREDENTIALS')
         if not qr_user_auth[0]:
             # Verify admin account under 'o=domainAdmins'.
             dn_admin = ldaputils.convert_keyword_to_dn(username, account_type='admin')

14

Re: Internal server error IredAdmin

Perfect it's working !
thank you for your help !!!