[SOGo] Random login failure

Wed, 04 May 2016 17:17:09 -0700 

Hello!
After upgrading a perfectly working SOGo 2.3.1 installation to 2.3.10 I noticed, 
that logging in using the web interface randomly fails.
Login using dav seems to be OK.
The config is multi domain using PostgreSQL based authentication backend without OpenChange. 

Examining the log files I noticed the following things:

Failed login 1:
2016-05-04 22:56:20.215 sogod[28160] PG0x0x7f23a2caae40 SQL: SELECT c_password FROM sogo_users_domain WHERE c_uid = 'u...@domain.name@domain.name' May 04 22:56:20 sogod [28160]: <0x0x7f23a2a28ee0[SOGoWebAuthenticator]> tried wrong password for user '5HaHe1hMoTq80GJdBm2FTVPSO1Re2JgaaHiEltvdUYURmRzVmRAWcax6Vdf/Op3uSS8DjrGwW34qejK8jT32k3u10UvX794/7HBp2yox7lvt5RLerZ4MAE8MCXPsvCsHCmON89fk3JU4VkxFzbVMyL9RdYGaYlqeAu0QyGnq2vMHigm8f0vReLU4kxJfALAkfJhCFzTmgYT2CUHCTs0VYg=='! The domain name is used twice in the SQL query, and the user name in the error message is not normal In this case the user is not gets error message, the login page displays again. 

Failed login 2:
2016-05-04 23:17:40.360 sogod[30587] PG0x0x7fcd79841030 SQL: SELECT c_password FROM sogo_users_domain WHERE c_uid = 'user' May 04 23:17:40 sogod [30587]: SOGoRootPage Login from '91.83.203.83' for user 'u...@domain.name' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 The domain name is not used in the SQL query, but correct in the error message 
Then user get error message

Succesful login:
2016-05-04 23:22:39.907 sogod[30587] PG0x0x7fcd79d465d0 SQL: SELECT c_password FROM sogo_users_domain WHERE c_uid = 'u...@domain.name' May 04 23:22:39 sogod [30587]: SOGoRootPage successful login from 'ip.ip.ip.ip' for user 'u...@domain.name' - expire = -1 grace = -1
The above 3 login attempt used the same user credentials (full e-mail address + password). 

May I missed something during the upgrade (Wheezy x64 package)?
(memcached was restarted)
If I can't resolve the problem using the current version, is there any way to downgrade to 2.3.1? 
Can I find the deb packages of the older versions somewhere?

Thanks,
Gabor
--
users@sogo.nu
https://inverse.ca/sogo/lists

Reply via email to