Visibility Incorrect

 

Archiving Setup Right? When setting up MailArchiva for the first time, ensure that you didn't miss a step when configuring MS Exchange integration. Exchange Connections are currently used only for the purposes of folder synchronization. To obtain emails in the archive, it is still necessary to setup either an SMTP or IMAP connection.

 

This troubleshooting article applies to a situation when incorrect filtering is applied when searching. The result of this is that either no, too few or too many search results than expected are returned. Possible resolutions are discussed below.

 

Normal Users Can See All Emails!

 

There are two likely possibilities:

 

1) Ill-Defined Role Assignment: The wrong role is assigned due to one or more ill defined role assignments. For example, Ensure that in Configuration->Logins, the admin role assignment is not specifying an attribute that could potentially match AD/LDAP attributes associated with non admin users. For admin roles, we typically use a role attribute of memberOf.

2) Ill-Defined Role View Filter: The view filter on the User role is empty or incorrect. The User role defined in Configuration->Roles should have a role view filter set to "anyaddress:%email%" This value will restrict the role to showing emails associated with the logged in user. If it is empty or incorrectly specified, then the wrong results can show.

 

Ill-Defined Role Assignment

 

A role assignment must be created for end-users in Configuration->Logins. When creating a new role assignment, click the Lookup button, and select an LDAP attribute that all users will match. Make sure the User role is assigned.

 

Assigned Role Does Not Have Precedence  

 

If a user is assigned to a custom role, make sure that the role appears before other potential matching roles. At the time of user login, when role matching is applied, the order of the roles is significant and can be modified in Configuration->Roles.

 

Ill-Defined Role View Filter

 

Each role has a View Filter that defines what the user can see. Common view filter values are listed below:

 

View Filter Value Decription
anyaddress:%email% Users see only emails corresponding with their email addresses (obtained from the LDAP)
anyaddress:%domain% Users see only emails with their cofnidomains
[leave empty] Users see all emails
anyaddress:ABCDEFG Users see no emails

 

 

 

 

 

 

Incorrect Email Attribute and Value

 

If using Microsoft Exchange, the following email attribute and value's must be set in Configuration->Logins:

 

Email attribute: proxyAddresses
Email value: SMTP:(.*)

 

Note: The email attribute field is case-sensitive. proxyAddress must begin with a lower-case "p".

 

Mail servers other than MS Exchange use attribute such as "mail". In This case, the email attribute and value's in Configuration->Logins will be as follows:

 

Email attribute: mail
Email value: (.*)
 
Not All Local Domains Added
 
All mail domains must be added to Configuration->Domains. Only results associated with known domains will be included in the filter.
 
If a domain is not added, the debug log will output a message such as:
 
2013-06-12 14:18:23.496 DEBUG - joe@company.org is not local. will not be included in filter
 
This means that the domain company.org was not considered local and therefore was not included in the filter.
 
 
Further Troubleshooting
 
  1. Temporarily switch off archiving
  2. Delete the debug.log in Configuration->Logs
  3. Logout and login as a normal user
  4. In the debug.log file, MailArchiva will output all the LDAP attributes that it finds. You should see:

Ensure that the mail or proxyAddresses LDAP attribute is visible in the attribute list:

 

2013-06-05 13:02:22.409 DEBUG - getLDAPEmailAddresses(): analyzing email attribute {attribute='mail'}
2013-06-05 13:02:22.409 DEBUG - attribute:userParameters:m d PCtxCfgPresent551e0bb0CtxCfgFlags100102890CtxShadow01000000*CtxMinEncryptionLevel01
2013-06-05 13:02:22.409 DEBUG - attribute:whenCreated:20011003202117.0Z

 

If you see:

 

 

-06-05 13:02:22.986 WARN - Not all search results may be shown. No email addresses could be obtained from AD/LDAP. Correct the mail attribute or mail value fields in Logins

 

..this means that MailArchiva could not obtain the email addresses from the email attribute field. Double check the accuracy of the mail attribute and mail value.

 

Was this information helpful?

Found this information useful? Visit mailarchiva.com to learn more about MailArchiva.

The page cannot be found

The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. Please make sure you spelled the page name correctly or use the search box.