Login problems with UCS OX Connector

Hello,

I have a login problem with open-xchange 7.10.6. I created users on a UCS Master. The users are correctly processed with the OX Connector. The data is also entered into the OX database. However, login is not possible (The user name or password is incorrect. (LGI-0006)). I can log in to the UCS system with the user.

/var/log/univention/listener_modules/ox-connector.log:

2022-01-10 09:25:36 INFO    create of uid=ucs_user,cn=self registered users,dc=example,dc=com (id: a16ae028-063a-103c-9135-f9bbf9c84b44, file: /var/lib/univention-appcenter/listener//ox-connector/2022-01-10-09-25-36-411926.json)
2022-01-10 09:25:36 INFO    modify of cn=Domain Users,cn=groups,dc=example,dc=com (id: b19b4534-ec7f-103b-8ae7-effdc50f9b3a, file: /var/lib/univention-appcenter/listener//ox-connector/2022-01-10-09-25-36-497220.json)
2022-01-10 09:25:39 INFO    Using App account connection
2022-01-10 09:25:39 INFO    conversion of uid=ucs_user,cn=self registered users,dc=example,dc=com (id: a16ae028-063a-103c-9135-f9bbf9c84b44, file: /var/lib/univention-appcenter/apps/ox-connector/data/listener/2022-01-10-09-25-36-411926.json)
2022-01-10 09:25:39 INFO    conversion of cn=Domain Users,cn=groups,dc=example,dc=com (id: b19b4534-ec7f-103b-8ae7-effdc50f9b3a, file: /var/lib/univention-appcenter/apps/ox-connector/data/listener/2022-01-10-09-25-36-497220.json)
2022-01-10 09:25:40 INFO    Handling PosixPath('/var/lib/univention-appcenter/apps/ox-connector/data/listener/2022-01-10-09-25-36-411926.json')
2022-01-10 09:25:40 INFO    Creating Object('users/user', 'uid=ucs_user,cn=self registered users,dc=example,dc=com')
2022-01-10 09:25:40 INFO    Searching for ucs_user in context 10
2022-01-10 09:25:41 INFO    univention.ox.backend_base.SoapUser: Created user 'ucs_user' in context 10 (id=8).
2022-01-10 09:25:41 INFO    Changing user 8 to profile premium
2022-01-10 09:25:41 INFO    Looking for groups of this user to be created in the context id
2022-01-10 09:25:41 INFO    cn=Domain Users,cn=groups,dc=example,dc=com is no OX group. Skipping...
2022-01-10 09:25:41 INFO    mv /var/lib/univention-appcenter/apps/ox-connector/data/listener/2022-01-10-09-25-36-411926.json -> /var/lib/univention-appcenter/apps/ox-connector/data/listener/old/a16ae028-063a-103c-9135-f9bbf9c84b44.json
2022-01-10 09:25:41 INFO    Handling PosixPath('/var/lib/univention-appcenter/apps/ox-connector/data/listener/2022-01-10-09-25-36-497220.json')
2022-01-10 09:25:41 INFO    mv /var/lib/univention-appcenter/apps/ox-connector/data/listener/2022-01-10-09-25-36-497220.json -> /var/lib/univention-appcenter/apps/ox-connector/data/listener/old/b19b4534-ec7f-103b-8ae7-effdc50f9b3a.json
2022-01-10 09:25:41 INFO    Successfully processed 2 files during this run
2022-01-10 09:25:41 INFO    Successfully processed 0 files during this run
2022-01-10 09:25:41 INFO    Success! Removing consumed files

If I create the user with the OX Tools a login is possible:

/opt/open-xchange/sbin/createuser -c 10 -A oxadmin-context10 -P ************* -u oxuser2 -d "OXUser2" -g "OX User2" \
-s User -p ************** -e oxuser2@example.com --imaplogin oxuser2 --imapserver 10.*.*.* --smtpserver 10.*.*.*

I have adjusted the imap-login in the database (ucs_user@example.com → ucs_user). I have subsequently adjusted permissions with the OX Tools:

 /opt/open-xchange/sbin/changeuser -A oxadmin-context10 -P ********** -c 10 -u ucs_user --access-webmail=on  '--access-active-sync=on'\
'--access-ical=on' '--access-multiple-mail-accounts=on' '--access-calendar=on' '--access-vcard=on' '--access-subscription=on'\
'--access-infostore=on' '--access-contacts=on' '--access-usm=on' '--access-edit-public-folder=on' '--access-read-create-shared-Folders=on'\
'--access-publication=on' '--access-webdav-xml=on' '--access-collect-email-addresses=on' '--access-syncml=off' '--access-edit-resource=off'\
'--access-edit-password=off' '--access-edit-group=off' '--access-denied-portal=off' '--access-syncml=off' '--access-edit-resource=off'\
 '--mailenabled=true' '--access-tasks=on' '--access-olox20=on' '--access-webdav=on' '--access-delegate-tasks=on'

This is not a UCS OX app installation. I proceeded as described here:
https://oxpedia.org/wiki/index.php?title=AppSuite:Open-Xchange_Installation_Guide_for_Debian_9.0

Here’s what’s confusing me. The login only works with the username (oxuser2), not with the email address (oxuser2@example.com). Although I have configured that (restart was made):
/opt/open-xchange/etc/mail.properties:

# Set the login source for primary mail/transport account; meaning which source is taken to determine a user's
# login for mailing system. If 'login' is set, then user's individual mail login
# as defined in user storage is taken. If 'mail' is set, then user's individual
# primary email address is taken. If 'name' is set, then user's individual system's
# user name is taken.
# Currently known values: login, mail, and name
com.openexchange.mail.loginSource=mail

Error:
{"error":"The user name or password is incorrect.","error_params":[],"categories":"USER_INPUT","category":1,"code":"LGI-0006","error_id":"1321917164-279","error_desc":"Invalid credentials."}

DB Output:

              cid: 10
               id: 8
       imapServer: imap://test-ucs-sl.example.com:143
        imapLogin: ucs_user@example.com
             mail: ucs_user@example.com
       mailDomain: NULL
      mailEnabled: 1
preferredLanguage: de_DE
 shadowLastChange: -1
       smtpServer: smtp://test-ucs-sl.example.com:587
         timeZone: Europe/Berlin
     userPassword: **********************************************
        contactId: 7
     passwordMech: {SHA-256}
        uidNumber: 65534
        gidNumber: 65534
    homeDirectory: /home/ucs_user
       loginShell: /bin/bash
   guestCreatedBy: 0
     filestore_id: 0
  filestore_owner: 0
   filestore_name: NULL
  filestore_login: NULL
 filestore_passwd: NULL
        quota_max: -1

              cid: 10
               id: 11
       imapServer: imap://test-ucs-sl.example.com:143
        imapLogin: oxuser2
             mail: oxuser2@example.com
       mailDomain: NULL
      mailEnabled: 1
preferredLanguage: en_US
 shadowLastChange: -1
       smtpServer: smtp://test-ucs-sl.example.com:143
         timeZone: Europe/Berlin
     userPassword: **********************************************
        contactId: 10
     passwordMech: {SHA-256}
        uidNumber: 65534
        gidNumber: 65534
    homeDirectory: /home/oxuser2
       loginShell: /bin/bash
   guestCreatedBy: 0
     filestore_id: 0
  filestore_owner: 0
   filestore_name: NULL
  filestore_login: NULL
 filestore_passwd: NULL
        quota_max: -1

/var/log/open-xchange/open-xchange.log.0:

2022-01-10T15:52:35,947+0100 INFO  [OXWorker-0000054] com.openexchange.login.internal.LoginPerformer.logLoginRequest(LoginPerformer.java:722)
Login:ucs_user IP:10.*.*.* AuthID:3c77399a8af94cce804378289e423dc6 Agent:Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0 Client:open-xchange-appsuite(7.10.6-3) Interface:HTTP_JSON No session created.
 com.openexchange.grizzly.method=POST
 com.openexchange.grizzly.queryString=<none>
 com.openexchange.grizzly.remoteAddress=10.*.*.*
 com.openexchange.grizzly.remotePort=57310
 com.openexchange.grizzly.requestURI=/ajax/login
 com.openexchange.grizzly.serverName=10.*.*.*
 com.openexchange.grizzly.servletPath=/ajax/login
 com.openexchange.grizzly.threadName=OXWorker-0000054
 com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0
 com.openexchange.localhost.ipAddress=10.*.*.*
 com.openexchange.localhost.version=7.10.6-Rev4
 com.openexchange.login.authId=3c77399a8af94cce804378289e423dc6
 com.openexchange.login.client=open-xchange-appsuite
 com.openexchange.login.clientIp=10.*.*.*
 com.openexchange.login.login=ucs_user
 com.openexchange.login.resolvedLogin=ucs_user
 com.openexchange.login.userAgent=Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:95.0) Gecko/20100101 Firefox/95.0
 com.openexchange.login.version=7.10.6-3
 com.openexchange.request.trackingId=1125578030-562789021

Greetings
sj80

Hi,

I have now found out the following. If I change the password via the OX Tools, I can log in. If I change the password again in UCS, it does not work.

/opt/open-xchange/sbin/changeuser -c 10 -A oxadmin-context10 -P *************** -u ucs_user -p "****************"

The UCS OX Conntector (v1.1.2) does not seem to transfer the password correctly.

Greetings
sj80