Domain administrator cannot change mailbox password

[shaneonabike]

Prior to placing the issue, please check following: (fill out each checkbox with an X once done)

• [ X] I understand that not following or deleting the below instructions will result in immediate closure and/or deletion of my issue.
• [X ] I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X ] I have understood that answers are voluntary and community-driven, and not commercial support.
• [ X] I have verified that my issue has not been already answered in the past. I also checked previous issues.

Summary

Recently, a domain administrator reported that they are able to create new email accounts, but cannot modify the passwords of these accounts afterwards. I retried with their account and am receiving Access denied or invalid form data. It seems like a fairly simple issue, and I am wondering if I am missing something?

Logs

-- | -- | -- | -- | -- | -- | --
Call["mailbox","edit","mailbox",{"username":["abc@test.com"],"sender_acl":"default","force_pw_update":"0","sogo_access":["0","1"],"protocol_access":["0","imap","pop3","smtp"],"name":"Promotion","quota":"4072","password":"*","password2":"*","extended_sender_acl":"","allow_from_smtp":"","active":"1"},null] | ["mailbox","edit","mailbox",{"username":["abc@test.com"],"sender_acl":"default","force_pw_update":"0","sogo_access":["0","1"],"protocol_access":["0","imap","pop3","smtp"],"name":"Promotion","quota":"4072","password":"*","password2":"*","extended_sender_acl":"","allow_from_smtp":"","active":"1"},null]
["mailbox","edit","mailbox",{"username":["abc@test.com"],"sender_acl":"default","force_pw_update":"0","sogo_access":["0","1"],"protocol_access":["0","imap","pop3","smtp"],"name":"Promotion","quota":"4072","password":"*","password2":"*","extended_sender_acl":"","allow_from_smtp":"","active":"1"},null]

Reproduction

1. Create a new domain to associate for that domain administrator
2. Create a domain administrator
3. Access account as domain administrator
4. Create a new mailbox
5. Save
6. Edit new account and modify email

System information

Question	Answer
My operating system	Ubuntu
Is Apparmor, SELinux or similar active?	No
Virtualization technlogy (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	No
Server/VM specifications (Memory, CPU Cores)	2 Cores / 3.85GB mem 512 Swap
Docker Version (docker version)	20.10.1
Docker-Compose Version (docker-compose version)	4.3.1
Reverse proxy (custom solution)	No

• Output of git diff origin/master, any other changes to the code? If so, please post them.

Just the normal modifications to main.cf in postfix to setup myhostname and mynetworks

• All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat.
• DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output.

[shaneonabike]

Also, I should note that I saw an issue previously about clearing the browser cache as some folks were having issues related to that. I used an incognito in Chrome and this seems to have not been the issue. The domain administrator indicated that this does work properly in Safari and Opera but not in Chrome

[andryyy]

Hi, Hm. I cannot replicate it. :/ Can you try on https://demo.mailcow.email (admin : moohoo) and tell me the exact steps?

[shaneonabike]

You bet I'll do that in a bit here and report back

[shaneonabike]

Hmmm I can get it to work on yours without an issue. I further debugged and just noticed that there is no ACL options for me (oddly) for the admin account that I setup, whereas on your configuration you can check off different options. Do you have any clue why that might be?

As it turns out, I compared this to a new admin that I had created who does have the ACL configuration. Maybe some migration didn't happen when the ACLs weren't introduced? Should I just recreate this account then?

[andryyy]

Is it an older installation? Did you add the admin via SQL? What if you delete it and re-add it? Was the domain admin previously added as admin?

[shaneonabike]

It's not an older installation... it's fairly up-to-date. But I created that account a while back and I don't think you had ACLs at that point. I could be wrong though. I created it through the UI no hacking here. I'll try to create it over again, and I'm sure that's going to work.

[shaneonabike]

This did work because the ACLs were properly loaded and set. For the sake of history the ACLs were completely missing from the dropdown. Perhaps such a case could trigger an error log for those running into this issue... but I could be an edge case. I really have no clue why this happened.

[andryyy]

Hmm, that's strange. :(

It should really have added these fields. But there was a bug with domain admins a longer while ago. They were a bit messed up. Perhaps you created it in that time.

[shaneonabike]

Well it was resolved so all good ;). Thanks for supporting and building a great tool I really appreciate it. Stay safe out there!

[andryyy]

Thank you! :)