Can't login to Horde after upgrade to last version 5.2.17-1

horde

#1

After the last upgrade to Horde 5.2.17-1 users can’t login.

I tried with username and email address as usual but users can’t login.

I think the upgrade broken something with authentication even if it was installed without errors.

I tried to rejoin this server (a slave) and the operation was successful (also 50horde join script).

What can I do?


#3

Someone wrote a reply here few minutes ago, but now was deleted. I was trying to check what that person (I don’t remember who) wrote and the result was:

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


#4

Yeah, that was me. I deleted the post because the check I asked you to run was broken and did not reflect what the PHP code was actually trying to do. I’m currently investigating further.

The problem is definitely in the newly introduced pre-authentication hooks. What happens in my case is that the LDAP bind succeeds, an LDAP search is run with the following filter: (&(|(uid=llarsen@mbu-test.intranet)(mailprimaryaddress=llarsen@mbu-test.intranet))(objectclass=univentionmail)) Problem is: no result is returned. However, if I run the same query with the same bind parameters on the shell instead of inside Horde via PHP, I do get a result: the user object I’m trying to log in with.

Still investigating.


#5

Ok thanks @Moritz_Bunkus. I’m waiting new informations when you finished your investigation.


#6

Got it. It’s a bug in the pre-authentication check.

You can circumvent it for the time being by doing the following:

  1. Enter the app container as before: univention-app shell horde
  2. Inside the container go to the following directory: /etc/univention/templates/files/etc/horde/imp
  3. Edit the file hooks.php, e.g. vim hooks.php
  4. Go to line 82 which should read like this: $ldapconn = ldap_connect("ldaps://$ldaphost", $ldapport);
  5. Change that line to the following: $ldapconn = ldap_connect("ldaps://$ldaphost:7636");
  6. Save and exit.
  7. Exit the container. You’re back on the host now.
  8. Try to log in again. It should work now.

I’ll file a bug report for this.


#7

Here’s the bug report in case you want the gory details: https://forge.univention.org/bugzilla/show_bug.cgi?id=47225


#8

BTW, you can also edit the file directly on the host without entering the container:

/var/lib/univention-appcenter/apps/horde/etc-horde/imp/hooks.php

#9

Thanks @Moritz_Bunkus now it works also for me!


#10

Thanks for the research, this is a bummer, we will fix this asap and provide an update for the horde app.

Best regards,
Felix


#11

Should be fixed in version 5.2.17-2 (use hostname an port, not uri in ldap_connect, issue ldap_start_tls before bind)

Thanks again,
best regards
Felix


#12

Is the fix already in the App Repository? I am getting the following Error when trying to upgrade Horde 5.2.7-3 on a 4.3-1 errata116 to 5.2.17-2:

# tac /var/log/univention/appcenter.log  | less
>   2407 actions.upgrade.progress         18-04-11 14:05:53 [   DEBUG]: 100
>   2407 actions.upgrade-search.progress  18-04-11 14:05:53 [   DEBUG]: 100
>   2407 actions.upgrade-search           18-04-11 14:05:53 [   DEBUG]: Checking horde=5.2.17-2
>   2407 actions.upgrade-search.progress  18-04-11 14:05:53 [   DEBUG]: 0
>   2407 actions.upgrade-search           18-04-11 14:05:53 [   DEBUG]: Calling upgrade-search
>   2407 utils                            18-04-11 14:05:51 [   DEBUG]: tracking information: {'status': 431, 'uuid': '08e5ba34-c003-4464-9af5-ad7f9f4f2edd', 'app': u'horde', 'version': u'5.2.17-2', 'role': 'domaincontroller_master', 'action': 'upgrade', 'system-uuid': '970cbdca-4082-4e71-aef7-1d1607f60304'}
>   2407 utils                            18-04-11 14:05:51 [   DEBUG]: send_information: action=upgrade app=horde value=None status=431
>   2407 actions.start.progress           18-04-11 14:05:51 [   DEBUG]: 100
>   2407 actions.start                    18-04-11 14:05:51 [   DEBUG]: /etc/init.d/docker-app-horde returned with 0
>   2407 actions.start                    18-04-11 14:05:51 [    INFO]: Starting docker-app-horde (via systemctl): docker-app-horde.service.
>   2407 actions.start                    18-04-11 14:05:51 [   DEBUG]: Calling /etc/init.d/docker-app-horde start
>   2407 actions.start.progress           18-04-11 14:05:51 [   DEBUG]: 0
>   2407 actions.start                    18-04-11 14:05:51 [   DEBUG]: Calling start
>   2407 actions.upgrade                  18-04-11 14:05:51 [ WARNING]: Aborting...
>   2407 actions.upgrade                  18-04-11 14:05:51 [CRITICAL]: App upgrade script failed
>   2407 packages                         18-04-11 14:05:51 [   DEBUG]: Releasing LOCK
> 
>   2407 actions.upgrade                  18-04-11 14:05:51 [CRITICAL]: Could not register Component
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]: Could not register Component
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]: univention-app register: error: Unable to find version 5.2.17-2 of app horde. Maybe "/usr/bin/univention-app update" to get the latest list of applications?
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]:                                [apps [apps ...]]
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]:                                [--do-it] [--undo-it]
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]:                                [--host] [--app] [--database] [--attributes]
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]:                                [--pwdfile PWDFILE] [--component] [--files]
>   2407 actions.upgrade.container.a0ae   18-04-11 14:05:50 [ WARNING]: usage: univention-app register [-h] [--noninteractive] [--username USERNAME]
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:52 [    INFO]: Downloading "http://appcenter.software-univention.de/meta-inf/4.1/all.tar.zsync"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:51 [    INFO]: Downloading "https://appcenter.software-univention.de/meta-inf/license_types.ini"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:51 [    INFO]: Downloading "https://appcenter.software-univention.de/meta-inf/rating.ini"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:51 [    INFO]: Downloading "https://appcenter.software-univention.de/meta-inf/categories.ini"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:51 [    INFO]: Downloading "https://appcenter.software-univention.de/meta-inf/4.1/all.tar.gpg"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:51 [    INFO]: Downloading "https://appcenter.software-univention.de/meta-inf/4.1/index.json.gz.gpg"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:51 [    INFO]: Downloading "https://appcenter.software-univention.de/meta-inf/4.1/index.json.gz"...
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:43 [    INFO]: Installing packages for horde=5.2.17-2
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:42 [   DEBUG]: Calling docker exec a0ae32xx008264fe4f72 /usr/share/univention-docker-container-mode/update_app_version --username Administrator --app horde --error-file /var/univention/tmp/tmpDqulyS --password-file /var/univention/tmp/tmpYT3IMz --app-version 5.2.17-2
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:42 [   DEBUG]: Using container.a0ae for container a0ae32xx21bff008264fe4f72
>   2407 actions.upgrade                  18-04-11 14:04:39 [    INFO]: Executing interface update_app_version for horde
>   2407 actions.upgrade                  18-04-11 14:04:39 [    INFO]: Upgrading app (u'5.2.17-2')
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:36 [   DEBUG]: Calling docker exec a0ae32378xx21bff008264fe4f72 /usr/share/univention-docker-container-mode/update_available --app horde --app-version 5.2.17-2 --error-file /var/univention/tmp/tmpN8YtnK
>   2407 actions.upgrade.container.a0ae   18-04-11 14:04:36 [   DEBUG]: Using container.a0ae for container a0ae323781c46b3xx64e9c99a2b21bff008264fe4f72
>   2407 actions.upgrade                  18-04-11 14:04:36 [    INFO]: Executing interface update_available for horde
>   2407 actions.start.progress           18-04-11 14:04:36 [   DEBUG]: 100
>   2407 actions.start                    18-04-11 14:04:36 [   DEBUG]: /etc/init.d/docker-app-horde returned with 0
>   2407 actions.start                    18-04-11 14:04:36 [    INFO]: Starting docker-app-horde (via systemctl): docker-app-horde.service.
>   2407 actions.start                    18-04-11 14:04:35 [   DEBUG]: Calling /etc/init.d/docker-app-horde start
>   2407 actions.start.progress           18-04-11 14:04:35 [   DEBUG]: 0
>   2407 actions.start                    18-04-11 14:04:35 [   DEBUG]: Calling start
>   2407 packages                         18-04-11 14:04:35 [   DEBUG]: Holding LOCK
>   2407 actions.upgrade.readme           18-04-11 14:04:30 [    INFO]:        the old to the new container.
>   2407 actions.upgrade.readme           18-04-11 14:04:30 [    INFO]:      * During this update the /etc/horde configuration files are copied from

#13

For me, the upgrade of the container Horde 5.2.7-3 on UCS 4.3.0 to 5.2.17-2 also doesn’t work.

same in appcenter.log

univention-app register: error: Unable to find version 5.2.17-2 of app horde


#14

@botner: Is this a problem in the appcenter?


#15

hmm, i just tested the update from 5.2.7-3 to 5.2.17-2 and it worked for me. Is there anything helpful in the /var/log/univention/appcenter.log on the docker host.

Could you also check /var/log/univention/appcenter.log and /var/log/univention/updater.log in the horde container?

univention-app shell horde cat /var/log/univention/updater.log
univention-app shell horde cat /var/log/univention/appcenter.log

#16

Both files in the horde container are last modified in April, so I guess the process did not reach the container at all. On the container host appcenter.log is appended above, updater.log does not show anything except for the hint about “Most of the output for App upgrades goes to *appcenter.log”.
And it is still the same today.

The system is running in a virtual machine and has been upgraded all the way from 4.1, is that maybe a problem?

Removing and reinstalling seems to work from command line (it is installing now), now I need to figure out whether there are any side effects (is the Postgres Database removed?).


#17

No, the horde Database is not removed when removing the horde app.


#18

Thank you, I can confirm this. Also the database is upgraded during the update, as Horde does not show any open SQL upgrades in the administration interface. In this case I assume it is safe to remove the horde app and reinstall it.


#19

Removing and reinstalling the horde app has solved my issue. All the data was still there.


After Upgrade to 4.3-1: driver for horde_auth not found