Session Expiring?

[mjfleck2000]

I and a few of my test users are having problems with Zimbra returning us to the Zimbra login page. After being logged in for about 2 minutes, the Zimbra login appears and we must log in again.
This did not occur until I changed the default session time limits as admin. I think the default was 2 days! (yes, days!!). I change it to 12 hours. I started having this logout problem so I set it back to 2 days. The problem remains. I tried changin it to 24 hours with no luck.
I did not find anything obviouse to me in /var/log/zimbra.log or /opt/zimbra/tomcat/log/catalina.out.

Perhaps you could suggest a better path for me to explore.

I am running Debian Sarge. Otherwise most things are working well... as well as when I was running FC3. BTW, Thank you again for the Debian version. I MUCH prefer Debian on my servers. (There is a new message quirk that I will post as a seperate message).

Mike

[KevinH]

Are you restarting tomcat after the change? We do cache LDAP entries so it may just be cached and the new value is not taking effect.

[mjfleck2000]

>Are you restarting tomcat after the change? We do cache LDAP entries so it >may just be cached and the new value is not taking effect.

I did (as root) /etc/init.d/zimbra restart. The problem remained, so, I went ahead a rebooted.

The problem remains. Zimbra is running on Debian. I tried using Firefox 1.5 from Ubuntu and the session expires after about 2 minutes of inactivity. I tried it from WinXP using Firefox 1.5 and IE, and the session expires after about 2 minutes of inactivity.

If there a conf file I can verify the session time limit, or, is it perhaps kept in mysql, if so, which table/field?

Mike

[KevinH]

It's in LDAP one of the COS attributes. What does the admin UI show for that user?

[mjfleck2000]

I have tried changing the timeout values to various combos of numbers and hours/days in the Admin UI with no change in behaviour. If I am active in Zimbra, all is well. If I am inactive, after about 2 minutes, the user is returned to the log in screen. Note that this behaviour only happens to users, logging in to the Admin screen and leaving it idle does NOT result in an expired session.


>It's in LDAP one of the COS attributes. What does the admin UI show for that user?

As Admin UI, Configuration ->Class of Service ->default ->Advanced :
Auth token lifetime 20 hours
Session idle timeout 20 hours


zimbra.ldif in /opt/zimbra/openldap/etc/openldap shows:

zimbraMailIdleSessionTimeout: 0
zimbraMailTrashLifetime: 30d
zimbraMailSpamLifetime: 30d
zimbraMailMessageLifetime: 0
zimbraContactMaxNumEntries: 0
zimbraAuthTokenLifetime: 2d
zimbraAdminAuthTokenLifetime: 12h
zimbraMailMinPollingInterval: 2m
zimbraPrefMailPollingInterval: 5m
zimbraMailQuota: 0
zimbraPasswordEnforceHistory: 0
ZimbraPasswordMinAge: 0
zimbraPasswordMaxAge: 0
zimbraPasswordMinLength: 6
zimbraPasswordMaxLength: 64
zimbraPasswordLocked: FALSE
zimbraPop3Enabled: TRUE
zimbraPrefTimeZoneId: (GMT-08.00) Pacific Time (US & Canada) / Tijuana

As a test, I backed-up zimbra.ldif, chmod 644 zimbra.ldif, and changed zimbraAuthTokeLifetime to 12h, chmod 444 zimbra.ldif,tomcat restart.

I still get the session kicked out after about 2 minutes of inactivity. Just to be sure it wasn't a cache problem, I rebooted the Zimbra server. No luck.


Mike

[mjfleck2000]

Is there a way for me to set it to NOT expire at all? (Zero or -1)

You may notice from my previous post that the Admim UI and zimbra.ldif Token times do not match up. Did I perhaps, not look in the correct file?

Mike

[KevinH]

I don't think so, that would be a problem as you don't want all auth tokens to last forever. What does a zmprov gaa <user account> show? Can you also dump the attributes for that user's COS?

[mjfleck2000]

I don't think so, that would be a problem as you don't want all auth tokens to last forever. What does a zmprov gaa <user account> show? Can you also dump the attributes for that user's COS?

The problem with session expiration happens with all users. I used gq (and ldap viewer) to show the zimbraAuthTokenLifeTime attribute. For all users it was 12h.

The command (as zimbra) zmprov gaa whitel@niei.icehouse.net returned:

zimbra@niei:~/openldap$ zmprov gaa whitel@niei.icehouse.net
ERROR: account.NO_SUCH_DOMAIN (no such domain: whitel@niei.icehouse.net)

Other users tired gave the same result.

Using zmprov gaa without a user name gave me a list of all the known users. Putting in any of those recognized users names gave me the above ERROR message.

As a reminder, this is a Debian system. I still have the apt-get pkg system error message. If I apt-get install anything I get :
After unpacking 0B of additional disk space will be used.
Setting up zimbra-store (3.0.0_M4_62.DEBIAN3.1) ...
java.io.FileNotFoundException: ../service.war (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.jav a:106)
at java.io.FileInputStream.<init>(FileInputStream.jav a:66)
at sun.tools.jar.Main.run(Main.java:184)
at sun.tools.jar.Main.main(Main.java:903)
java.io.FileNotFoundException: ../zimbra.war (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.jav a:106)
at java.io.FileInputStream.<init>(FileInputStream.jav a:66)
at sun.tools.jar.Main.run(Main.java:184)
at sun.tools.jar.Main.main(Main.java:903)
dpkg: error processing zimbra-store (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
zimbra-store
E: Sub-process /usr/bin/dpkg returned an error code (1)


I dont' know if this is related but I am suspicous that something was not set up correctly and that this may be related to the session problems I am having.

Is anyone else have session expiration problems, especiall anyone trying the Debian package? Do you get the dpkg error?



Mike

[bobby]

fwiw that should be zmprov ga whitel@niei.icehouse.net

just one 'a'. this will get the COS kevin wants:
zmprov ga whitel@niei.icehouse.net | grep COS | awk {'print $2'} | xargs zmprov gc

[mjfleck2000]

fwiw that should be zmprov ga whitel@niei.icehouse.net

just one 'a'. this will get the COS kevin wants:
zmprov ga whitel@niei.icehouse.net | grep COS | awk {'print $2'} | xargs zmprov gc

Thank you!

The output for each user shows the same thing for Token lifetime:

zmprov ga whitel@niei.icehouse.net | grep AuthToken

zimbraAdminAuthTokenLifetime: 12h
zimbraAuthTokenLifetime: 12h

Mike