Announcement

Collapse
No announcement yet.

IMAP Authentication with Multiple Domains

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IMAP Authentication with Multiple Domains

    Thought it would be easy to setup this. But unfortunately this will not work for me.

    I would like to login by 'user@domain'.

    I've created different context and I've also add login mapping for the context as well.

    imapauth.properties (relevant info):
    USE_FULL_LOGIN_INFO=true
    USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP=false (also tried with true, but even do not work)
    USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP=false
    USE_MULTIPLE=true

    By the above setup I'm able to login fine with 'user' only which logs me into the default context.
    Once try to login with 'user@domain' it did not work.

    My wild guess is OXC try to find the user first in the local DB and isn't able to find 'user@domain',
    as I do also did not see any imap login request on the imap server.

    Log report:
    com.openexchange.login.login=user@domain.tld

    Any ideas what I'm missing here or should look at?

  • #2
    The required settings depend on how you have provisioned the contexts and users.
    Do you have users sharing the same domain but should end up in different contexts or is your domain sticky to exactly one context?

    Comment


    • #3
      Usually the users are at LDAP in different DIT e.g.

      uid=user1,ou=People,o=domain1.tld,o=isp
      uid=user123,ou=People,o=example.tld,o=isp

      and so on...

      So now I've created different OXC context for each domain I would like to use so Context 1 (login mapping for domain1.tld)
      and Context 2 (login mapping for example.tld).

      Of course it is possible to have same user name but at different domain.
      e.g.
      klaus.mueller@example.tld
      klaus.mueller@domain1.tld

      So yes I would say my domains are sticky.


      From my point of view it looks like OXC isn't able to extract the user name from 'user@domain.tld'.

      Once I only login with 'user' the log looks like:

      com.openexchange.login.clientIp=::1
      com.openexchange.login.login=tberlin
      com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
      com.openexchange.login.version=7.8.2-5
      com.openexchange.request.trackingId=72795b31e9ce4b e694c9a4aef3adf494
      com.openexchange.session.authId=23895ada2c2b4f2aa6 f05771503f3f32
      com.openexchange.session.clientId=open-xchange-appsuite
      com.openexchange.session.contextId=1
      com.openexchange.session.loginName=user1
      com.openexchange.session.sessionId=8715fdf5d9ac450 68051b26a276f029b
      com.openexchange.session.userId=67
      com.openexchange.session.userName=user1

      with 'user@domain.tld' I only see, ( no session is created )

      com.openexchange.login.clientIp=::1
      com.openexchange.login.login=tberlin@omd.tld
      com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
      com.openexchange.login.version=7.8.2-5
      com.openexchange.request.trackingId=e24dd8adbdec48 ec9974484330d6808d


      I'm happy to enable further logging and done more debugging here, didn't found any useful in the documentation
      yet...
      Last edited by AndreasB; 08-16-2016, 01:11 PM. Reason: further details

      Comment


      • #4
        In this case it should be perfectly fine if you create your contexts and give them a name identical to the domain-name (-N).

        The provisioned username should match the local part of the email and that's mainly it.

        No need for
        USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP
        or
        USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP

        USE_FULL_LOGIN_INFO and USE_MULTIPLE are pretty much unrelated to loginstring to user mapping in OX but are relevant only towards the IMAP server.

        If you still don't get it to work, please show the complete imapauth.properties and your context setup via listcontext

        Comment


        • #5
          Well, yes in case I use 'user@domain' there will be no request shown against the imap server, so it looks like OXC already
          did not find the user locally...


          ./listcontext -A oxadminmaster -P <passwd>

          cid fid fname enabled qmax qused name lmappings
          1 2 1_ctx_store true 1024 0 vmdomain.tld defaultcontext,vmdomain.tld
          2 2 2_ctx_store true 1024 0 omg.tld omg.tld


          cat imapauth.properties | grep -v "#"
          IMAP_SERVER=titan.vmdomain.tld
          IMAP_PORT=143
          IMAP_USE_SECURE=false
          IMAP_TIMEOUT=5000
          IMAP_CONNECTIONTIMEOUT=5000
          USE_FULL_LOGIN_INFO=true
          USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP=true
          USE_FULL_LOGIN_INFO_FOR_CONTEXT_LOOKUP=false
          USE_MULTIPLE=true
          com.openexchange.authentication.imap.imapAuthEnc=U TF-8

          Comment


          • #6
            I said previously that
            USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP
            should not be needed unless your internal OX username is already in the form of an email address which should be required really rarely.

            Apart from that and if that does not solve the problem, please show the relevant log because OX tells you some details in the log most likely.

            Comment


            • #7
              Yes, right for the moment it did not make any different if USE_FULL_LOGIN_INFO_FOR_USER_LOOKUP true or false.

              As said with just 'username' the login works fine. Of course I have the shown user at both domains so there is a 'tberlin' in
              either 'vmdomain.tld' and 'omg.tld'.

              Once try to login with 'tberlin@omg.tld' the log looks like:

              2016-08-16T16:07:32,574+0200 [OXWorker-0000002] com.openexchange.caching.internal.JCSCache.isLocal (JCSCache.java:221)
              Cache ''Context'' is operating in distributed mode
              com.openexchange.grizzly.method=POST
              com.openexchange.grizzly.queryString=<none>
              com.openexchange.grizzly.remoteAddress=::1
              com.openexchange.grizzly.remotePort=53376
              com.openexchange.grizzly.requestURI=/ajax/login
              com.openexchange.grizzly.serverName=localhost
              com.openexchange.grizzly.servletPath=/ajax/login
              com.openexchange.grizzly.threadName=OXWorker-0000002
              com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
              com.openexchange.login.authId=cf9cb7e1fe60434aba7a c9a3ed86bc82
              com.openexchange.login.client=open-xchange-appsuite
              com.openexchange.login.clientIp=::1
              com.openexchange.login.login=tberlin@omd.tld
              com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
              com.openexchange.login.version=7.8.2-5
              com.openexchange.request.trackingId=76b04325da714d 889f6f472034bc71c8
              2016-08-16T16:07:32,576+0200 [OXWorker-0000002] com.openexchange.login.internal.LoginPerformer.log LoginRequest(LoginPerformer.java:655)
              Login:tberlin@omd.tld IP:::1 AuthID:cf9cb7e1fe60434aba7ac9a3ed86bc82 Agent:Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 Clientpen-xchange-appsuite(7.8.2-5) Interface:HTTP_JSON No session created.
              com.openexchange.grizzly.method=POST
              com.openexchange.grizzly.queryString=<none>
              com.openexchange.grizzly.remoteAddress=::1
              com.openexchange.grizzly.remotePort=53376
              com.openexchange.grizzly.requestURI=/ajax/login
              com.openexchange.grizzly.serverName=localhost
              com.openexchange.grizzly.servletPath=/ajax/login
              com.openexchange.grizzly.threadName=OXWorker-0000002
              com.openexchange.grizzly.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
              com.openexchange.login.authId=cf9cb7e1fe60434aba7a c9a3ed86bc82
              com.openexchange.login.client=open-xchange-appsuite
              com.openexchange.login.clientIp=::1
              com.openexchange.login.login=tberlin@omd.tld
              com.openexchange.login.userAgent=Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
              com.openexchange.login.version=7.8.2-5
              com.openexchange.request.trackingId=76b04325da714d 889f6f472034bc71c8

              Comment


              • #8
                Of course it might also possible I've made some mistakes at the user provisioning, as I've used ldapsync to create the user
                on OXC side.

                Comment


                • #9
                  It's not relevant if there are identical usernames in different contexts. So we can put this one aside.

                  So let's stay with the above example. The context is marked correctly according to your earlier listcontext output.

                  So what is the setup within the context? listuser -c 2?

                  I also hope that the difference between omg.tld and omd.tld is just a typo?

                  Comment


                  • #10
                    Oh dear.... exactly this was my problem, configured omg but used omd which of course can not work.

                    Sorry for bothering you. It works fine, of course... pffff shame on me :-/

                    Comment

                    Working...
                    X