After further testing, I have the following results:

When testing the open-xchange-authentication-imap plugin, I finally achieved success and was able to login! The following two patches solved the login problem:

sed -i "/IMAP_PORT/ c\IMAP_PORT=993
/USE_SECURE/ c\IMAP_USE_SECURE=true|
/USE_FULL_LOGIN_INFO/ c\USE_FULL_LOGIN_INFO=false" \
/opt/open-xchange/etc/imapauth.properties

sed -i "/mail.loginSource/ c\com.openxchange.mail.loginSource=mail" \
/opt/open-xchange/etc/mail.properties

I submitted a patch to configure this plugin automatically.

The only problem lies with my Oxldapsync cronjob (this does not update for some reason and needs to be fixed):

echo "*/5 * * * * root /opt/oxldapsync/sbin/oxldapsync.pl -c 1 -A admin \
-P ${ADMIN_PASSWD}" > /etc/cron.d/oxldapsync


When testing the open-xchange-authentication-ldap plugin, there appears to be syntax errors in the mapping.openldap.conf configuration file. The options (access-forum, access-pinboard-write, access-projects, access-rss-bookmarks, and access-rss-portal) cause the oxldapsync.pl Perl module to error out, even if they are set to "off". The only way to get Oxldapsync to run is commenting out these above mentioned options. The following patch resolves this problem:

sed -i "s|displayName|cn|
s|\"secret\"|userPassword|
/access-forum/ s|^|#|
/access-pinboard-write/ s|^|#|
/access-projects/ s|^|#|
/access-rss-bookmarks/ s|^|#|
/access-rss-portal/ s|^|#|" /opt/oxldapsync/etc/mapping.openldap.conf

I can only authenticate with Open-Xchange when testing Oxldapsync with "clear" plaintext passwords. Does Oxldapsync have any support for an encrypted password scheme (sha, crypt, blowfish, etc)?

I ideally want Dovecot's dovecot-ldap.conf.ext configured for "sasl_bind = yes" and "sasl_mech = GSSAPI" to eliminate the need for plaintext passwords. My Dovecot configuration does not yet work with SASL and needs to be fixed.

I tried to use the "useFullLoginInfo" attribute in /opt/open-xchange/etc/ldapauth.properties to allow virtual user access. I tried to use this attribute along with "uidAttribute=mail" and "bindOnly=false" to search the LDAP tree and authenticate based on the full email account, but all I get is the following error message:

"The account "example.com" was not found. (CTX-0010)".


When testing the open-xchange-authentication-kerberos plugin, I get the following results:

Error message at login screen: "The user name or password is incorrect. (LGI-0006)".

The open-xchange-console-log displays the following:

Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
[Krb5LoginModule] user entered username: testuser

Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=192.168.1.1 UDP:88, timeout=30000, number of retries =3, #bytes=154
>>> KDCCommunication: kdc=192.168.1.1 UDP:88, timeout=30000,Attempt =1, #bytes=154
>>> KrbKdcReq send: #bytes read=667
>>> KdcAccessibility: remove 192.168.1.1
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha 1EType
>>> KrbAsRep cons in KrbAsReq.getReply testuser
principal is testuser@EXAMPLE.CORP
Commit Succeeded

After configuring GOsa's password storage to not use Kerberos's "Pre-authentication required", this open-xchange-console-log appears to indicate the authentication was successful, but unfortunately Open-Xchange does not login successfully.

Any help at patching these problems is appreciated.