Homepage | Products | OX Knowledge Base | Support | Try Now | Contact | Company
OX Logo
Results 1 to 10 of 10
  1. #1
    Join Date
    Jul 2016
    Posts
    10

    Default IMAP Authentication with Multiple Domains

    Thought it would be easy to setup this. But unfortunately this will not work for me.

    I would like to login by 'user@domain'.

    I've created different context and I've also add login mapping for the context as well.

    imapauth.properties (relevant info):
    USE_FULL_LOGIN_INFO=true
    USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP=false (also tried with true, but even do not work)
    USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP=false
    USE_MULTIPLE=true

    By the above setup I'm able to login fine with 'user' only which logs me into the default context.
    Once try to login with 'user@domain' it did not work.

    My wild guess is OXC try to find the user first in the local DB and isn't able to find 'user@domain',
    as I do also did not see any imap login request on the imap server.

    Log report:
    com.openexchange.login.login=user@domain.tld

    Any ideas what I'm missing here or should look at?

  2. #2
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    The required settings depend on how you have provisioned the contexts and users.
    Do you have users sharing the same domain but should end up in different contexts or is your domain sticky to exactly one context?

  3. #3
    Join Date
    Jul 2016
    Posts
    10

    Default

    Usually the users are at LDAP in different DIT e.g.

    uid=user1,ou=People,o=domain1.tld,o=isp
    uid=user123,ou=People,o=example.tld,o=isp

    and so on...

    So now I've created different OXC context for each domain I would like to use so Context 1 (login mapping for domain1.tld)
    and Context 2 (login mapping for example.tld).

    Of course it is possible to have same user name but at different domain.
    e.g.
    klaus.mueller@example.tld
    klaus.mueller@domain1.tld

    So yes I would say my domains are sticky.


    From my point of view it looks like OXC isn't able to extract the user name from 'user@domain.tld'.

    Once I only login with 'user' the log looks like:

    com.openexchange.login.clientIp=::1
    com.openexchange.login.login=tberlin
    com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
    com.openexchange.login.version=7.8.2-5
    com.openexchange.request.trackingId=72795b31e9ce4b e694c9a4aef3adf494
    com.openexchange.session.authId=23895ada2c2b4f2aa6 f05771503f3f32
    com.openexchange.session.clientId=open-xchange-appsuite
    com.openexchange.session.contextId=1
    com.openexchange.session.loginName=user1
    com.openexchange.session.sessionId=8715fdf5d9ac450 68051b26a276f029b
    com.openexchange.session.userId=67
    com.openexchange.session.userName=user1

    with 'user@domain.tld' I only see, ( no session is created )

    com.openexchange.login.clientIp=::1
    com.openexchange.login.login=tberlin@omd.tld
    com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
    com.openexchange.login.version=7.8.2-5
    com.openexchange.request.trackingId=e24dd8adbdec48 ec9974484330d6808d


    I'm happy to enable further logging and done more debugging here, didn't found any useful in the documentation
    yet...
    Last edited by AndreasB; 08-16-2016 at 01:11 PM. Reason: further details

  4. #4
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    In this case it should be perfectly fine if you create your contexts and give them a name identical to the domain-name (-N).

    The provisioned username should match the local part of the email and that's mainly it.

    No need for
    USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP
    or
    USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP

    USE_FULL_LOGIN_INFO and USE_MULTIPLE are pretty much unrelated to loginstring to user mapping in OX but are relevant only towards the IMAP server.

    If you still don't get it to work, please show the complete imapauth.properties and your context setup via listcontext

  5. #5
    Join Date
    Jul 2016
    Posts
    10

    Default

    Well, yes in case I use 'user@domain' there will be no request shown against the imap server, so it looks like OXC already
    did not find the user locally...


    ./listcontext -A oxadminmaster -P <passwd>

    cid fid fname enabled qmax qused name lmappings
    1 2 1_ctx_store true 1024 0 vmdomain.tld defaultcontext,vmdomain.tld
    2 2 2_ctx_store true 1024 0 omg.tld omg.tld


    cat imapauth.properties | grep -v "#"
    IMAP_SERVER=titan.vmdomain.tld
    IMAP_PORT=143
    IMAP_USE_SECURE=false
    IMAP_TIMEOUT=5000
    IMAP_CONNECTIONTIMEOUT=5000
    USE_FULL_LOGIN_INFO=true
    USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP=true
    USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP=false
    USE_MULTIPLE=true
    com.openexchange.authentication.imap.imapAuthEnc=U TF-8

  6. #6
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    I said previously that
    USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP
    should not be needed unless your internal OX username is already in the form of an email address which should be required really rarely.

    Apart from that and if that does not solve the problem, please show the relevant log because OX tells you some details in the log most likely.

  7. #7
    Join Date
    Jul 2016
    Posts
    10

    Default

    Yes, right for the moment it did not make any different if USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP true or false.

    As said with just 'username' the login works fine. Of course I have the shown user at both domains so there is a 'tberlin' in
    either 'vmdomain.tld' and 'omg.tld'.

    Once try to login with 'tberlin@omg.tld' the log looks like:

    2016-08-16T16:07:32,574+0200 [OXWorker-0000002] com.openexchange.caching.internal.JCSCache.isLocal (JCSCache.java:221)
    Cache ''Context'' is operating in distributed mode
    com.openexchange.grizzly.method=POST
    com.openexchange.grizzly.queryString=<none>
    com.openexchange.grizzly.remoteAddress=::1
    com.openexchange.grizzly.remotePort=53376
    com.openexchange.grizzly.requestURI=/ajax/login
    com.openexchange.grizzly.serverName=localhost
    com.openexchange.grizzly.servletPath=/ajax/login
    com.openexchange.grizzly.threadName=OXWorker-0000002
    com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
    com.openexchange.login.authId=cf9cb7e1fe60434aba7a c9a3ed86bc82
    com.openexchange.login.client=open-xchange-appsuite
    com.openexchange.login.clientIp=::1
    com.openexchange.login.login=tberlin@omd.tld
    com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
    com.openexchange.login.version=7.8.2-5
    com.openexchange.request.trackingId=76b04325da714d 889f6f472034bc71c8
    2016-08-16T16:07:32,576+0200 [OXWorker-0000002] com.openexchange.login.internal.LoginPerformer.log LoginRequest(LoginPerformer.java:655)
    Login:tberlin@omd.tld IP:::1 AuthID:cf9cb7e1fe60434aba7ac9a3ed86bc82 Agent:Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Clientpen-xchange-appsuite(7.8.2-5) Interface:HTTP_JSON No session created.
    com.openexchange.grizzly.method=POST
    com.openexchange.grizzly.queryString=<none>
    com.openexchange.grizzly.remoteAddress=::1
    com.openexchange.grizzly.remotePort=53376
    com.openexchange.grizzly.requestURI=/ajax/login
    com.openexchange.grizzly.serverName=localhost
    com.openexchange.grizzly.servletPath=/ajax/login
    com.openexchange.grizzly.threadName=OXWorker-0000002
    com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
    com.openexchange.login.authId=cf9cb7e1fe60434aba7a c9a3ed86bc82
    com.openexchange.login.client=open-xchange-appsuite
    com.openexchange.login.clientIp=::1
    com.openexchange.login.login=tberlin@omd.tld
    com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
    com.openexchange.login.version=7.8.2-5
    com.openexchange.request.trackingId=76b04325da714d 889f6f472034bc71c8

  8. #8
    Join Date
    Jul 2016
    Posts
    10

    Default

    Of course it might also possible I've made some mistakes at the user provisioning, as I've used ldapsync to create the user
    on OXC side.

  9. #9
    Join Date
    Sep 2007
    Location
    Germany
    Posts
    494

    Default

    It's not relevant if there are identical usernames in different contexts. So we can put this one aside.

    So let's stay with the above example. The context is marked correctly according to your earlier listcontext output.

    So what is the setup within the context? listuser -c 2?

    I also hope that the difference between omg.tld and omd.tld is just a typo?

  10. #10
    Join Date
    Jul 2016
    Posts
    10

    Default

    Oh dear.... exactly this was my problem, configured omg but used omd which of course can not work.

    Sorry for bothering you. It works fine, of course... pffff shame on me :-/

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •