Unable to login due to NullPointerException.: Difference between revisions
No edit summary |
No edit summary |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
__FORCETOC__ | __FORCETOC__ | ||
<div class="col-md-12 ibox-content"> | <div class="col-md-12 ibox-content"> | ||
=Unable to login | =Unable to login after disabling after 2FA for an account.= | ||
<hr> | <hr> | ||
{{KB|{{WIP}}|{{ZCS 8.8}}|{{ZCS 9.0}}}} | {{KB|{{WIP}}|{{ZCS 8.8}}|{{ZCS 9.0}}}} | ||
Line 92: | Line 92: | ||
====Solution==== | ====Solution==== | ||
To fix this issue,set '''"zimbraAppSpecificPasswordDuration"''' for one | To fix this issue,set '''"zimbraAppSpecificPasswordDuration"''' for one minute. | ||
Run as Zimbra user: | Run as Zimbra user: | ||
$ zmprov ma user@ | $ zmprov ma user@example.com zimbraAppSpecificPasswordDuration 1m | ||
$ zmprov fc -a all | $ zmprov fc -a all | ||
The above attribute will expire AppSpecific password after one minute. The default value of this attribute is 0(never expired). | |||
'''Note:''' | '''Note:''' This password can't removed or reset as it's saved in salted hash format in LDAP, only way to set password expiry duration. | ||
Set the default value "0", once the user able to login. | |||
Run as Zimbra user: | |||
$ zmprov ma user@example.com zimbraAppSpecificPasswordDuration 0 | |||
$ zmprov fc -a all | |||
<pre> | <pre> |
Revision as of 08:42, 23 February 2022
Unable to login after disabling after 2FA for an account.
Problem
Unable to login and getting "an unknown error has occurred" in webmail and "java.lang.NullPointerException" warning in mailbox.log after disabling Zimbra two-factor authentication for an account.
Mailbox.log:
2021-09-29 16:00:49,850 WARN [qtp2076287037-586://localhost:8080/service/soap/BatchRequest] [name=user@example.com;oip=192.168.0.2;ua=zclient/8.8.15_GA_4059;soapId=3361a71a;] SoapEngine - handler exception java.lang.NullPointerException at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.getAndRefreshPasswords(ZimbraAppSpecificPasswords.java:59) at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.loadAppPasswords(ZimbraAppSpecificPasswords.java:43) at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.<init>(ZimbraAppSpecificPasswords.java:39) at com.zimbra.cs.twofactor.app.ZimbraAppSpecificPasswords.<init>(ZimbraAppSpecificPasswords.java:33) at com.zimbra.cs.twofactor.ZimbraTwoFactorAuth.<init>(ZimbraTwoFactorAuth.java:69) at com.zimbra.cs.twofactor.ZimbraTwoFactorAuth.<init>(ZimbraTwoFactorAuth.java:64) at com.zimbra.cs.twofactor.ZimbraTwoFactorAuth$AuthFactory.getTwoFactorAuth(ZimbraTwoFactorAuth.java:82) at com.zimbra.cs.service.account.Auth.handle(Auth.java:301) at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEngine.java:646) at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:471) at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.java:278) at com.zimbra.soap.SoapServlet.doWork(SoapServlet.java:308) at com.zimbra.soap.SoapServlet.doPost(SoapServlet.java:217) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:214) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:873) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1623) at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:214) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:175) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:116) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:131) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:482) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:327) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:297) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:540) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1700) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1345) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:480) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1667) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1247) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:152) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:335) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:753) at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:83) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:505) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:370) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:267) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:698) at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:804) at java.base/java.lang.Thread.run(Thread.java:830)
Solution
To fix this issue,set "zimbraAppSpecificPasswordDuration" for one minute.
Run as Zimbra user:
$ zmprov ma user@example.com zimbraAppSpecificPasswordDuration 1m $ zmprov fc -a all
The above attribute will expire AppSpecific password after one minute. The default value of this attribute is 0(never expired).
Note: This password can't removed or reset as it's saved in salted hash format in LDAP, only way to set password expiry duration.
Set the default value "0", once the user able to login. Run as Zimbra user:
$ zmprov ma user@example.com zimbraAppSpecificPasswordDuration 0 $ zmprov fc -a all
$zmprov desc -a zimbraAppSpecificPasswordDuration zimbraAppSpecificPasswordDuration lifetime of app-specific passwords, or 0 for no expiry. Must be in valid duration format: {digits}{time-unit}. digits: 0-9, time-unit: [hmsd]|ms. h - hours, m - minutes, s - seconds, d - days, ms - milliseconds. If time unit is not specified, the default is s(seconds). type : duration value : callback : immutable : false cardinality : single requiredIn : optionalIn : account,cos flags : accountInherited defaults : 0 min : 0 max : id : 1839 requiresRestart : since : 8.7.0,9.0.0 deprecatedSince :