API authentication issue - get file list from another user

Hi
I have a severe problem on seafile server professional version 6.1.1
I have an integration with Kolab communication suite which is using the seafile API to access the files.
I use a multidomain setup and have 3 domains in my seafile installation.

domain1.com
domain1.info
domain2.org

All 3 domains points to the same seafile installation!

I have a user walter@domain1.com and a user walter@domain2.org

When I first login into Kolab webmail as walter@domain1.com I get my right folder list. Then I logout and relogin as walter@domain2.org. Now I get the same folderlist as before, from the user walter@domain1.com

Following my ccnet.conf configuration:

[General]
USER_NAME = Clouduser
ID = 123456789098765432123456789
NAME = myCloud
SERVICE_URL = https://cloud.domain2.org

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = *********
DB = ccnet-db
CONNECTION_CHARSET = utf8

[LDAP]
HOST = ldap://localhost
# Change the following to your primary domain base DN
BASE = ou=People,dc=domain1,dc=info;ou=People,dc=domain2,dc=org;ou=People,dc=domain1,dc=com
FILTER = &(objectclass=kolabinetorgperson)
# Put in the details of the Kolab service account
USER_DN = uid=kolab-service,ou=Special Users,dc=maindomain,dc=ch
PASSWORD = **************
LOGIN_ATTR = mail
#

Here the log file from Kolab where it shows that the connection credentials send to Seafile are correct, but is twice the same response, which is wrong:

# tail -f /var/log/chwala/console 
[26-Oct-2017 13:08:48,484412 +0200]: <tgoh27vp> SeaFile POST: https://cloud.domain2.org/api2/auth-token/, POST: {"username":"walter@domain1.com","password":"*"}
[26-Oct-2017 13:08:48,517802 +0200]: <tgoh27vp> SeaFile Response [200]: {"token":"c6d4fc8b5a46ce1819e7989f527c7e81ed127f9a"}
[26-Oct-2017 13:08:48,518150 +0200]: <tgoh27vp> SeaFile GET: https://cloud.domain2.org/api2/repos/
[26-Oct-2017 13:08:48,558176 +0200]: <tgoh27vp> SeaFile Response [200]: [{"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-10-23T07:55:25\" is=\"relative-time\" title=\"Mon, 23 Oct 2017 07:55:25 +0000\" >3 days ago</time>", "mtime": 1508745325, "owner": "walter@domain1.com", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "size_formatted": "11.9\u00a0MB"}, {"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-08-06T17:43:25\" is=\"relative-time\" title=\"Sun, 6 Aug 2017 17:43:25 +0000\" >2017-08-06</time>", "mtime": 1502041405, "owner": "walter@domain1.com", "root": "e635ab07c33d5a7aecd6e9dcd0b28b08cbf62ebf", "id": "98f96ef8-4c11-4b99-89ec-4e6215bf426a", "size": 300544, "name": "Meine Bibliothek", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "7085592293e55eccb898ce51798a89af1631ab32", "desc": "Meine Bibliothek", "size_formatted": "293.5\u00a0KB"}, {"owner_nickname": "klaus", "name": "_domain1", "share_type": "personal", "permission": "rw", "size_formatted": "825.7\u00a0MB", "mtime_relative": "<time datetime=\"2017-10-25T13:38:04\" is=\"relative-time\" title=\"Wed, 25 Oct 2017 13:38:04 +0000\" >23 hours ago</time>", "head_commit_id": "3dd77458ac4d2e940f2b19fb91dc12e2e93720ab", "encrypted": false, "version": 1, "mtime": 1508938684, "owner": "klaus@domain1.com", "root": "5282d82d7f9a28d9427ea23a7fd87aff4e6d3ce5", "size": 865763498, "type": "srepo", "id": "0e20cb95-f8ed-44f6-93df-2d8fc345aaa1", "desc": "_domain1"}, {"permission": "rw", "encrypted": false, "mtime": 1508745325, "owner": "domain1", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "type": "grepo", "groupid": 2}]

[26-Oct-2017 13:09:42,938390 +0200]: <5o5a26gd> SeaFile POST: https://cloud.domain2.org/api2/auth-token/, POST: {"username":"walter@domain2.org","password":"*"}
[26-Oct-2017 13:09:42,969211 +0200]: <5o5a26gd> SeaFile Response [200]: {"token":"ff888d14b56d53913f2bba519db22c07047e91c9"}
[26-Oct-2017 13:09:42,969674 +0200]: <5o5a26gd> SeaFile GET: https://cloud.domain2.org/api2/repos/
[26-Oct-2017 13:09:42,985913 +0200]: <5o5a26gd> SeaFile Response [200]: [{"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-10-23T07:55:25\" is=\"relative-time\" title=\"Mon, 23 Oct 2017 07:55:25 +0000\" >3 days ago</time>", "mtime": 1508745325, "owner": "walter@domain1.com", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "size_formatted": "11.9\u00a0MB"}, {"permission": "rw", "encrypted": false, "mtime_relative": "<time datetime=\"2017-08-06T17:43:25\" is=\"relative-time\" title=\"Sun, 6 Aug 2017 17:43:25 +0000\" >2017-08-06</time>", "mtime": 1502041405, "owner": "walter@domain1.com", "root": "e635ab07c33d5a7aecd6e9dcd0b28b08cbf62ebf", "id": "98f96ef8-4c11-4b99-89ec-4e6215bf426a", "size": 300544, "name": "Meine Bibliothek", "type": "repo", "virtual": false, "version": 1, "head_commit_id": "7085592293e55eccb898ce51798a89af1631ab32", "desc": "Meine Bibliothek", "size_formatted": "293.5\u00a0KB"}, {"owner_nickname": "klaus", "name": "_domain1", "share_type": "personal", "permission": "rw", "size_formatted": "825.7\u00a0MB", "mtime_relative": "<time datetime=\"2017-10-25T13:38:04\" is=\"relative-time\" title=\"Wed, 25 Oct 2017 13:38:04 +0000\" >23 hours ago</time>", "head_commit_id": "3dd77458ac4d2e940f2b19fb91dc12e2e93720ab", "encrypted": false, "version": 1, "mtime": 1508938684, "owner": "klaus@domain1.com", "root": "5282d82d7f9a28d9427ea23a7fd87aff4e6d3ce5", "size": 865763498, "type": "srepo", "id": "0e20cb95-f8ed-44f6-93df-2d8fc345aaa1", "desc": "_domain1"}, {"permission": "rw", "encrypted": false, "mtime": 1508745325, "owner": "domain1", "id": "cb76cb60-9a60-499c-8c1f-26d389c6d3e9", "size": 12440314, "name": "domain1", "root": "5ee4034774cd3436a41573470daa1c71dee94b2c", "version": 1, "head_commit_id": "d6baf78992b32737adfb2939d08566cd93caa9cd", "desc": "", "type": "grepo", "groupid": 2}]

This behaviour is reproducible also with Seafile client… I create an account with walter@domain1.com and I get the folder list from this user. then I delete the account, create new account with user walter@domain2.org and get the same folder list as the user before…

Do I have a configuration issue or is this a general issue?

Please inform me asap, thank you

Hi again
This error happens also on Seafile Client.
When connecting with user1, then log out, connect with user2, I get the folder list from user1 again.

@daniel.pan: May you or someone of your colleagues can assit me in solving this issue?

Thank you!

I’m afraid it is related to your configuration. We don’t have time to look into the problem yet.

Hi @daniel.pan
Sorry, but I can’t understand your position.
I am a paying customer of Seafile and I run a multi domain configuration as described in your tutorials.
We are planning to rollout your solution to many of our customers
And now you are telling me that you don’t have time to look into such a severe problem?
I don’t have to tell you that this is a neck breaking issue? Do you can imagine what happens if this issue will happen on such a big installation?
If is a configuration issue, what do I have to change? I need a solution, so please lets collaborate on this!
Thank you

If you are paid customer, please send support questions to support@seafile.com using company email. We will reply to the support ticket.

And what do you mean by “a multi domain configuration as described in your tutorials”? Officially, we don’t support running a Seafile instance under different domains as there can be only one “SERVICE_URL”

I followed this tutorial

https://manual.seafile.com/deploy/using_ldap.html

But I am using more than 1 domain, see my configuration above.

So my problem now is that when I access the data with my user, and after me another user is also accessing data via API he gets my folder list.

Example:
I access via Seafile client, with my name walter, I am getting my correct list.
Now my colleague Klaus opens his seafile client. I happens only when he is accessing shortly after me, otherwise the authentication works correctly.
So if he is accessing directly after me, he gets the same folder list as me, and in the seafile client also he can read my user, but he is authenticating with his user…

This means for me: if another user is accessing via API shortly after another user, the authentication does not work, is retrieving data from the previous user

I will write you an email shortly