1 Topic by luxus

  • luxus
  • Member
  • Offline
  • Registered: 2011-03-04
  • Posts: 46

Topic: Strange behaviour when adding domain admins via api

When adding a domain admin via the following curl-command:
curl -X PUT -b cookie.txt -i -d "addAdmin=user@domain.com" https://mail.domain.com/iredadmin/api/d … ns/test.tt
it adds too many users. The log line in iredadmin says the following:

[API] Reset domain (test.tt) admins to: user2@domain.com, user3@domain.com, user1@domain.com

I can't find where it gets the other two users. For one of these it's no problem because that's one of the domain admins but the other is just a user.

iRedMail release: 0.9.7 OPENLDAP edition.
Linux Distribution: Centos  7.4
Apache Webserver
IredAdmin-Pro v3.0

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Strange behaviour when adding domain admins via api

The parameter "addAdmin" means add a new admin, it won't remove existing admins.
So it's likely that you already have other admins, and you just added a new one.

3 Reply by luxus

  • luxus
  • Member
  • Offline
  • Registered: 2011-03-04
  • Posts: 46

Re: Strange behaviour when adding domain admins via api

This is not the case, it also happens when running removeAllAdmins first.
Plus the user is no domain admin and shouldn't be a domain admin in any case.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Strange behaviour when adding domain admins via api

Seems a bug of iRedAdmin-Pro API. Could you give me some info for troubleshooting?

*) Export the LDIF data of this domain first.
*) Perform the API request which can trigger this issue.
*) Export the LDIF data of same domain again.

I need to compare the LDIFs.

Also, please show me the full parameters and URL you used in the API request. If you don't want to paste in forum, contact me directly please: zhb _at_ iredmail.org

5 Reply by luxus

  • luxus
  • Member
  • Offline
  • Registered: 2011-03-04
  • Posts: 46

Re: Strange behaviour when adding domain admins via api

I've sent the request files by email.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Strange behaviour when adding domain admins via api

Fixed, patch for iRedAdmin-Pro-LDAP-3.0 attached:

diff -r aefe70c35364 -r d0c7d58aa183 libs/ldaplib/domain.py
--- a/libs/ldaplib/domain.py    Thu Mar 08 12:33:05 2018 +0800
+++ b/libs/ldaplib/domain.py    Thu Mar 08 17:38:20 2018 +0800
@@ -285,6 +285,8 @@
             (_dn, entries) = qr[0]
             _addresses = list(set(entries.get('mailForwardingAddress', [])))
             _addresses.sort()
+    except ldap.NO_SUCH_OBJECT:
+        pass
     except:
         web.log_traceback()
 
@@ -2277,10 +2279,13 @@
                         new_user_admins = _admins_in_managed_domains
 
                     # Remove non-existing user admins
-                    qf = '(|'
+                    qf = '(&'
+                    qf += '(|(objectClass=mailUser)(objectClass=mailAdmin)'
+                    qf += '(|'
                     for a in new_admins:
                         qf += '(mail=%s)' % a
                     qf += ')'
+                    qf += ')'
 
                     try:
                         qr = conn.search_s(settings.ldap_basedn,